[cvsnt] Wtd: Advice on preferred protocol for internet deploymentof CVSNT

Bo Berglund Bo.Berglund at system3r.se
Wed Mar 7 11:20:08 GMT 2007


Peter,
in that case I suggest to set up the server by enabling *only* the
sserver protocol.
It is similar in setup as the pserver protocol, but has the advantage
that the transfers are encrypted including login.

In my installation guide on the net is a description on how to get
sserver going.

http://web.telia.com/~u86216177/InstallCVSNT25.html

What you also need in your case after setup is to disable all other
protocols, this is done in the CVSNT control panel.

Alternatively you could also still use sspi, then you would have to add
the three valid logins to the local users on the server so that there is
a password store internally on the server. That is how I have done it at
home where I have a W2K server in a workgroup.
Accesss is then done via CVSROOT :sspi:user at server:/repo and you need to
do a login from the client side once.

Regarding encryption with sspi (which is optional) it is possible to
*force* that from the server side in one of the options on the CVSNT
control panel. 


Best regards,

Bo Berglund


-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf
Of Peter Crowther
Sent: den 7 mars 2007 11:03
To: cvsnt at cvsnt.org
Subject: [cvsnt] Wtd: Advice on preferred protocol for internet
deploymentof CVSNT

We've been using CVSNT in-house for some years, using SSPI, with no
issues.  Now I need to set up a server for a different organisation.
I'm looking for advice on the best protocol to use given the
constraints.

They have a hosted web server that's reasonably well backed up and on a
fast network.  No other box in the organisation is better specced, and
this is (to me) the obvious place to put the CVSNT server.  It's a
standalone Windows 2003 server - no domain.  They also have 3 people who
need access to this repository.  One of those people is me, via three
machines (two desktops, one laptop) in two of my own domains.  The
others are standalone Windows boxes.  Setting up trust relationships,
adding a domain controller or joining the server into an existing domain
have been ruled out for paranoia reasons.

The project sponsor is concerned about theft of his source code, and
will not accept cleartext communication with to the server.

I want to get this set up so that it costs me the least possible hassle
during setup and maintenance.

I'd welcome any suggestions on the most appropriate protocol to use
given those constraints!  Thanks in advance.

		- Peter
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt


More information about the cvsnt mailing list