GNU Info

(cvs.info)Kerberos authenticated

---

Next: Connecting via fork Prev: GSSAPI authenticated Up: Remote repositories

---

Enter node , (file) or (file)node

Direct connection with kerberos
-------------------------------

   The easiest way to use kerberos is to use the kerberos `rsh', as
described in Note: Connecting via rsh.  The main disadvantage of
using rsh is that all the data needs to pass through additional
programs, so it may be slower.  So if you have kerberos installed you
can connect via a direct TCP connection, authenticating with kerberos.

   This section concerns the kerberos network security system, version
4.  Kerberos version 5 is supported via the GSSAPI generic network
security interface, as described in the previous section.

   To do this, CVS needs to be compiled with kerberos support; when
configuring CVS it tries to detect whether kerberos is present or you
can use the `--with-krb4' flag to configure.

   The data transmitted is _not_ encrypted by default.  Encryption
support must be compiled into both the client and server; use the
`--enable-encryption' configure option to turn it on.  You must then
use the `-x' global option to request encryption.

   You need to edit `inetd.conf' on the server machine to run `cvs
kserver'.  The client uses port 1999 by default; if you want to use
another port specify it in the `CVSROOT' (Note: Remote repositories)
or the `CVS_CLIENT_PORT' environment variable on the client.

   When you want to use CVS, get a ticket in the usual way (generally
`kinit'); it must be a ticket which allows you to log into the server
machine.  Then you are ready to go:

     cvs -d :kserver:faun.example.org:/usr/local/cvsroot checkout foo

   Previous versions of CVS would fall back to a connection via rsh;
this version will not do so.