[cvsnt] Setting up shared repositories
bo.berglund at telia.com
Tue Aug 14 17:14:44 BST 2007
On Mon, 13 Aug 2007 21:07:51 -0300, Gerhard Fiedler
<lists at connectionbrazil.com> wrote:
>Bo Berglund wrote:
>>>> With sserver you also get the encryption security. Sserver is as simple
>>>> to set up as pserver.
>>> Don't you have to create and distribute certificates?
>> Ther creation of the server certificates is done as part of the cvsnt
>> server installation. The client does not need a certificate AFAICT, so
>> it is just a matter of connecting.
>> You need to do a cvs login after setting the CVSROOT to
>> :sserver:user at cvsserver:/repository
>Thanks. What kind of certificate is that? Is it recognized by a CA? If not,
>don't I have to add it to the allowed certificates on the client machines?
Well, I really do not know how it works....
During the installation of CVSNT server there is a task to create
default certificates. What that does I don't know.
But apparently sserver uses some form of encryption scheme and I
always was under the impression that the certificate created during
install is used for this. But that was just an assumption.
In the case of a client using sserver, there are no extra actions
needed as far as I know than to replace p with s in the protocol
specification. Then the CVSNT client will negotiate some kind of
session encryption with the server I think much like the https
protocol does on secure web sites. After negotiation the entire
following conversaition is encrypted, I believe.
Tony/Arthur could perhaps shed some more insight on this?
(Bo Berglund, developer in Sweden)
More information about the cvsnt