kerberos and cvs
Charles Wilson
cwilson@ece.gatech.edu
Wed Apr 2 02:09:00 GMT 2003
Pavel Tsekov wrote:
> On Mon, 31 Mar 2003, Charles Wilson wrote:
>>However, here's the problem:
>> 1) I know nothing about kerberos. I don't even know enough to test it.
>
> I use CVS at work with the gserver method i.e. GSS api. At least I have a
> setup where I can test your work.
That'd be good...but I don't have cvsnt compiled just quite yet <g>. Is
there a kerberized telnet server around there somewhere? kerb-rsh?
kerb-ftp?
>> 2) I do NOT want to maintain this beastly piece of software.
>>However, I understand it is quite popular and would probably be a
>>welcome addition to the cygwin system.
Oh, and one other thing; it seems that Cygnus Solutions used to offer
something called "KerbNet" which I think was a krb4 system on top of
cygwin. It's no longer on the Red Hat website; it seems to have gone
the way of the dodo. I dunno if it means anything; I just thought it
was interesting.
>> 3) This port does NOT contain the niceties like "ssh-host-config"
>>scripts and whatnot. A fully-fledged cygwin port should probably
>>install things like that, and maybe even hook into the sysvinit system
>>that Sergey contributed.
>
>
> Why ? Do we want to run kerberos KDC ? I don't think so, or at least it
> is not necessary to run kerberized cvs. The KDC in our setup is a Win2k
> Active Directory.
Ah -- you've probably hit on why cvsnt requires kerberos. They want it
to work in an Active Directory domain OOB. Which is not a bad thing...
> For cvs you only need client libs and tools.
Don't you need to set up /etc/krb5.conf even for client access? And
probably some sort of ~/.dotfile stuff? Plus, if someone REALLY wants
ktelnet to be their default, then we need to worry about providing that
behavior -- it's obvious that krb5 telnet is *supposed* to replace
regular telnet seamlessly in a kerberized environment [e.g. the user
shouldn't have to remember to type 'ktelnet']. Coordinating with
inetutils maintainer for a structure like:
inetutils: itelnet.exe
krb5: ktelnet.exe
both packages have a postinstall script that sets up a symlink
telnet.exe -> [ik]telnet.exe
ditto all of the other conflicting files that I renamed in the krb5
packages (incl. man pages). It'll take some work to coordinate that,
assuming that the inetutils maintainer is amenable (Corinna, I guess?)
Unfortunately, even if setup.exe had a conflicts: facility (soon, but
not yet, I think), that wouldn't help -- because krb5 actually DEPENDS
on an inetutils (static) library. So both must be installed (at least
on the build machine). So, we can't simply undo my file renames, and
say "install either krb5 or inetutils; not both". That's just out of
the question. Blech...
You probably don't need to set up a /usr/lib/krb5kdc/kdc.conf file --
that's specific to KDC's, right?
>>So, I put these packages up in the hope that someone will adopt them,
>>and bring them into the cygwin fold. If so, then I'll continue on my
>>current track with cvsnt (which hopefully will eventually lead to
>>functioning cvs servers...)
>
>
> I may be interested to maintain this of course as time allows.
That'd be cool, if you can manage it. Like I said, I'm in no hurry
here. Try 'em out, let me know if they work...look at the excrescence
that is my build script -- the tarballs aren't going anywhere.
--Chuck
More information about the Cygwin-apps
mailing list