[cvsnt] Re: Questions about sserver protocol
Tony Hoyle
tmh at nodomain.org
Wed May 18 14:36:14 BST 2005
Jonathan Belson wrote:
> 1. Does 'sserver' encrypt the password when logging on to a cvs server?
Yes. The entire session is encrypted.
> 2. Does 'sserver' only use encryption if 'EncryptionLevel' is set to
> '4'? Does setting '4' imply '3', too?
sserver is always encrypted. EncryptionLevel affects only protocols
where encryption is optional eg. sspi, gserver.
Forcing encryption also effectively disables things like pserver, but
it's safer to delete the protocol library in that case.
> 3. I created a certificate and key as described in 'InstallationLinux'
> section 1.9. I added references to these in PServer (CertificateFile
> and PrivateKeyFile), but I found I could still log into the cvs server
> without making the certificate available to the client. Does the client
> actually need a copy of the certificate, or is it all handled by the
> server?
The client only needs a copy of the CA certificate file - it has a
default one installed which has all the major CA's on there. By default
it'll ignore some problems such as selfsign certificates.. specify
strict=1 in the cvsroot string to check for that.
Tony
More information about the cvsnt
mailing list