[Cvsnt] general questions.

Adam Shand adam at personaltelco.net
Fri Sep 28 19:26:16 BST 2001


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


> I am still using 1.10.8 because I can't see the benefits yet of moving
> to 1.11.1. So have this in mind when reading, there might be features
> on 1.11.1 that solves things not possible in 1.10.8 (like
> authentication issues)...

with 1.10.8 do you still get nt domain integration for accounts (in
pserver mode)?

> And the administrator could place the files in any good location. But
> this is an issue for the developer, and there might be compatibility
> issuse. (Tony???)

right i think this is a failing of cvs (not cvsnt) but if cvsnt could work
around it that would be great.

> With pserver the user needs to "log in" to the CVS server and his
> password is not very well encrypted. I believe the actual transaction
> data are sent completely in the open too, so you will have to be
> comfortable with this. Finally the CVS-NT process started by a pserver
> user runs in the context of SYSTEM and thus always has access to
> everything, so there is no way you can control access for different
> users once they have been logged in.

this is where i start to get confused, especially with the impersonation
stuff.  i don't care about ntserver, i have unix and 95/98 clients that
needs access and if i understand correctly ntserver will not work at all
in that model.

so i need pserver with domain integration (since that's the whole reason
we want to move to cvsnt).  however any domain user that is created has
full access to all the repositories unless you can implement file systems
permissions.  right?

now i thought that with pserver and ntserver impersonation turned on, i
got a system where file system permissions could be implemented to control
access.

if this doesn't work how do you control access to your repositories?

> To be able to use pserver securely you must implemnt some form of SSH
> systemm, something I tried but abandoned 6 months ago. Too much work
> and we use NT only clients anyway.

ugg, yeah, that's a pain.  we just use stunnel.  it's not as secure as ssh
but you can use cvs' account database and nothing is plain text.

> This issue is with the way WinCvs finds out which files to show as
> modified. WinCvs uses a Windows API that basically puts a watch on a
> directory which fires as soon as any file in the directory has
> changed. This API works fine on local drives (which are maintained by
> the local CPU), but for network mapped drives it seems to
> automatically convert to a polling system that creates a *lot* of
> network traffic and also ups the WinCvs CPU cycle usage something
> awful. If the users will work with WinCvs by starting it when they
> want to do some CVS stuff and then immediately closes WinCvs when they
> are done then it will be OK to use a sandbox on a mapped drive, but in
> my view not otherwise.

okay so more questions.  what are the SANDBOX, HOME and TEMP variables
that i'm supposed to set actually used for?

> But if you and your users are careful and not too many you might get
> away with this, but I doubt that you will sleep very well if your data
> are anywhere close to valuable.....

yah, our data is important.

thanks for all the info.

adam.

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook