~~NOTOC~~









====== CVS and Kerberos authentication: Howto ======

The Concurrent Versioning System [[wp>Concurrent_Versions_System|CVS]] "//is an open-source version control system that keeps track of all work and all changes in a set of files, typically the implementation of a software project, and allows several (potentially widely-separated) developers to collaborate.//"

CVS users can authenticate to the CVS server using gssapi/Kerberos5. Most linux/BSD distributions, however, do not include CVS binaries with Kerberos5 support. This is a howto for compiling, installing and using cvs with Kerberos authentication. 



===== Build and install  =====
 
You need to follow these simple steps :

  * Download heimdal Kerberos from [[http://www.h5l.org/|here]] and Install it. (heimdal installs by default to /usr/heimdal)

  * Get cvs from [[http://ftp.gnu.org/non-gnu/cvs/source|here]] (In this howto I am using version 1-12-13)

  * Configure and compile cvs with gssapi support

    ./configure --with-gssapi=/usr/heimdal --enable-encryption
    make
    make install


===== Setup and use =====





==== Setup the cvs server ====
 
  * Add cvs service to the Kerberos KDC

   (on the KDC)
   kadmind -l add cvs/your.cvs.host@YOUR-REALM

  * Export the cvs server key-tab
 
   (on the KDC)
   kadmind -l ext_keytab --keytab=/tmp/keytab-cvs

  * Transfer /tmp/keytab-cvs to the host your.cvs.host

   (on the KDC)
   scp /tmp/keytab-cvs root@your.cvs.host:/tmp

  * Copy the keytab to the system keytab in your.cvs.host

   ktutil copy /tmp/keytab-cvs /etc/krb5.keytab

 
  * Add the following line to **/etc/inetd.conf** :

    cvspserver  stream  tcp  nowait  root  /usr/bin/cvs cvs --allow-root=/storage/cvsroot pserver

//Change /storage/cvsroot to the path of your own CVSROOT //


==== Setup the client side ====


       * Install kinit and setup /etc/krb5.conf

    apt-get install heimdal-clients 

       * Setup cvs alias in your .bashrc (optional)

    alias kvs="cvs -d :gserver:$USER@your.cvs.host:/storage/cvsroot"

       * Get a TGT and try it 

    kinit 
    kvs co -c





===== Pre-compiled binaries (old and may not work)=====


|^FreeBSD | [[http://codealias.info/pkgs/cvs-bsd|Download]]|
|^Linux | [[http://codealias.info/pkgs/cvs-tux|Download]]|

Both binaries require the gssapi to be insalled in your system,
for linux, you need to type 
 
    apt-get install libgssapi4-heimdal

\\

{{tag>howto security Kerberos services}}