Search: 
 
View
  By section
  As outline
  Fully expanded

FAQ sections
  cvs

Questions
  Getting account
  Getting started
  cvs-remote-links
  CVS Clients
  cvs-local-resources
  common-commands
  common-tasks
  CVS and Eclipse
  admin-commands
  EDITOR-variable
  no password
  cvs-laptop
  change-password
  cvs-authoring
  Administrator/mkpasswd
  CVS account name
  Cygwin home dir
  Cygwin CR/NL problems
  Who gets one?
  anonymous access
  SCCS/RCS/CVS conversion
  Failed to connect . . .
  cvs update is slow
  cvs mail
  Cygwin copy & paste
  CVS Web Interface
  SVN vs CVS
  CVS on the Mac
 
Software Development
FAQ
CVS
Previous section  |  This section  |  Next section
Previous question  |  This question  |  Next question

How does anonymous password authentication work?
Christopher Brooks, 25 Sep 2000
Last updated: 17 Oct 2007

Some of the repositories have anonymous cvs access, which allows anonymous users read only access

The Ptolemy II External Developers workgroup (ptexernal) is set up to allow for anonymous read only access to the Ptolemy II tree. After getting the password, the commands to run are: 

cd c:/directoryofyourchoice
cvs -d pserver:anon@source.eecs.berkeley.edu:/home/cvs/cvsanon login
# No password needed, hit enter
cvs -d pserver:anon@source.eecs.berkeley.edu:/home/cvs/cvsanon co ptII
The old instructions used a password from http://chess.eecs.berkeley.edu/ptexternal/private/2.html. 
cvs -d :pserver:ptdevel@gigasource.eecs.berkeley.edu:/home/cvs/cvsanon login
cvs -d :pserver:ptdevel@gigasource.eecs.berkeley.edu:/home/cvs/cvsanon co ptII
However, that repository was moved in July, 2005.

The best reference is CVS Book: Password Authenticating Server Section

Troubleshooting

Anonymous read only cvs access uses the pserver facility which is found on port 2401. If you are behind a firewill, you may have problem connecting to port 2401 on gigasource. The way to test this is to use telnet gigasource.eecs.berkeley.edu 2401 to try to connect to the pserver port, and then type help: 
cxh@maury 21% telnet gigasource.eecs.berkeley.edu 2401
Trying 128.32.171.225...
Connected to gigasource.EECS.Berkeley.EDU.
Escape character is '^]'.
help

cvs [pserver aborted]: bad auth protocol start: help^

Connection closed by foreign host.
cxh@maury 22%
If you are running under Windows, then you may find that the Cygwin telnet binary gives better diagnostics.

Also, the CVSROOT/config file should be set up to look like 

# Set this to "no" if pserver shouldn't check system users/passwords
SystemAuth=yes

Administrivia

Setting up anonymous read only cvs access

As the administrator of a group, send email to www@gigascale.org requesting that anonymous read only cvs access be setup for your cvs repository.

The website maintainers will:

  1. Create a link for your repository in /home/cvs/cvsanon 
    cd /home/cvs/cvsanon
ln -s ../yourrepository .
  2. Each workgroup should have their own anonymous cvs account so that password administration is easier.
    The accounts are listed in /home/cvs/cvsanon/CVSROOT/passwd and look like 
    accountname:encrypted password:cvsanon
    cvsanon is the name of the account that we actually log in as.
  3. To generate an encrypted password, run cryptout.pl with the password 
    gigasource:root: %C2> /usr/local/bin/cryptout.pl foobar
oPG6N3As668O2
gigasource:root: %C2>
    and then placing that encrypted password in a new password entry in /home/cvs/cvsanon/CVSROOT/passwd

Other details

Note that anonymous read only cvs access sends passwords over in clear text with a very simple encryption scheme. Thus, this method is really only useful for shared accounts since with individual accounts users tend to use the same password for many different accounts so if their cvs password gets snooped, other accounts could be compromised.

Note further that the lightly encrypted password is stored in ~/.cvspass.

Readonly access is controlled by adding users to /home/cvs/cvsanon/CVSROOT/readers

/etc/services and /etc/inetd.conf were modified with the following: 

gigasource:root: %C2> grep pserver /etc/services
cvspserver      2401/tcp
gigasource:root: %C2> grep pserver /etc/inetd.conf
cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/home/cvs\
/cvsanon pserver
gigasource:root: %C2>

xinetd setup (for Linux)

To set up xinetd, I created /etc/xinetd.d/cvspserver: 
service cvspserver
{
        socket_type         = stream
        protocol            = tcp
        wait                = no
        user                = root
        passenv             = PATH
        server              = /usr/bin/env
        server_args         = -i cvs -f --allow-root=/usr2/cvsroot --allow-root\
=/home/real/cvsroot pserver
}
This also worked: 
service cvspserver
{
        socket_type         = stream
        protocol            = tcp
        wait                = no
        user                = root
        passenv             = PATH
        server              = /usr/bin/cvs
        server_args         = -f --allow-root=/usr2/cvsroot --allow-root=/home/\
real/cvsroot pserver
}
Then I did /etc/init.d/xinetd restart

Solaris 10 Notes

Under Solaris 10, I set up /etc/inetd.conf as before, but then ran inetconv -e to convert the cvspserver entry.

Add the following rules to /etc/ipf/ipf.conf 

pass in quick on bge0 proto tcp from any to 128.32.48.234 port = cvspserver flags S keep state group 100

# CVS
pass out quick on bge0 proto tcp from 128.32.48.234 to any port = cvspserver flags S keep state group 200

Run ipf -F a -f /etc/ipf/ipf.conf
 
Previous section  |  This section  |  Next section
Previous question  |  This question  |  Next question
You are not logged in
©1998-2008 GSRC