Section 11.8. Repository Access Methods

11.8. Repository Access Methods

CVS provides a variety of ways to access the repository. These methods are briefly described in the following sections, and Chapter 8 explains them in more detail.

11.8.1. Client Side

On the client side, you specify the access method as part of the repository path. If you don't declare one of the following methods, CVS assumes either the local or ext method:


Connect to a repository on the same computer as the sandbox, but do not use client/server mode.


Connect with an externally defined rsh or rsh-like connection method (such as ssh). If you use anything other than rsh, the CVS_RSH environment variable must be set on the client computer.

In CVS 1.11.22 and later, extssh is an alias for ext.


Connect to a repository on the same computer as the sandbox as if it were a remote machine. This method is useful if you are trying to diagnose problems with client/server mode.


Connect to the repository using the GSS-API and Kerberos 5.


Connect to the repository using Kerberos 4.


Connect to a repository on the same computer as the sandbox, but do not use client/server mode.


Connect to the repository using CVS's internal password server.


Connect to the repository using CVS's internal rsh server (not always available).

11.8.2. Server Side

The kserver, gserver, and pserver access modes require a server to run on the repository computer. For these modes, the server is started with inetd or xinetd. The inetd configuration must be on one line and should call CVS with the --allow-root and -f options and the pserver or kserver command.

The parameter to the --allow-root option is the path to the repository root directory. If you intend to have several repository root directories, add more --allow-root options.

If your version of inetd doesn't allow you to use port numbers in inetd.conf, add appropriate lines to /etc/services and use those service names instead of the port number in inetd.conf.

These are the two commands the server can use:


Accept Kerberos 4 connections.


Accept pserver (password server) and gserver (GSS-API) connections.

11.8.3. PAM Support

In CVS 1.12.2, experimental PAM support was added. I strongly recommend reading the official documentation for your current version of CVS. The information provided here is accurate as of CVS 1.12.13.

PAM, as mentioned earlier in the book, stands for Pluggable Authentication Modules, and I think modular authentication is the neatest thing to happen to security since the shadow password file. I'm very enthusiastic about this being added to CVS, as it puts security in the hands of the system administrator. However, until standards have been established for the CVS use of PAM, please be very careful with it. Don't use it yet if your project requires rigorous security.

Unfortunately, PAM is currently available only with the pserver access method, and the authentication tokens are transmitted with only trivial encryption, and stored on the client machine also with trivial encryption.

For more detail on the current implementation of PAM in CVS, see Chapter 8. I have an introductory essay on PAM at the O'Reilly web site, at

Essential CVS
Essential CVS (Essentials)
ISBN: 0596527039
EAN: 2147483647
Year: 2006
Pages: 148

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: