access method uses the
GSS-API (Generic Security Service
Application Programming Interface) to support
encryption of the CVS connection. The
GSS-API in itself does not authenticate or encrypt the connection;
these processes are performed by an authentication or encryption
system configured to work with the GSS-API. The most common system
used with the GSS-API is
The GSS-API is explained in RFC 2743, available at http://www.ietf.org/rfc/rfc2743.txt. RFC 1964
explains how the GSS-API interacts with Kerberos 5. To use Kerberos 5
with CVS, use the GSS-API and the
method. Kerberos 4 is used with the
access mode, explained in the next section.
The repository path format for the GSS-API is:
The default port for
gserver is 2401. If
user is not specified, the client sends the
username of the calling user on the client computer.
The CVS client and server must both be compiled to run the GSS-API. If you intend to encrypt the data stream, you also need to have encryption enabled at compile time. You can test whether your CVS program has the GSS-API compiled by attempting to check out a sandbox. Example 8-8 shows the result when CVS does not support the GSS-API.
Example 8-8. Testing for gserver mode
cvs -d :gserver:cvs:/var/lib/cvs checkout wizzardcvs checkout: CVSROOT is set for a GSS-API access method but your cvs checkout: CVS executable doesn't support ...