Go to the first, previous, next, last section, table of contents.

Authentication basics

CVS-Nserver software uses flexible authentication and authorization mechanism to control access to a repository. Password-checking programs which comply to certain "checkpassword" protocol are used for that purpose. There is a large variety of such programs available, starting from simple UNIX-based authentication, to PAM (Pluggable Authentication Modules) authentication, from Kerberos to SSL.

There are several programs participating in server-side authentication, each of them doing their own particular task, and passing control to each other. Ultimately, when the access is granted, CVS server executable itself comes into play, which talks with a CVS client using the CVS client/server protocol.

There are two primary types of server-side programs: protocol front-ends and password checking programs.

Protocol front-ends are used only for certain types of access methods (namely, for :pserver: and its counterparts). Their only goal is to read the username and password from the network, and pass this information to a password-checking program.

Password-checking programs read the username and password information from protocol front-ends. Then it checks validity of username and password using any database you can imagine. Finally, password-checking program switches the system username to some value taken from database or simply some explicitly specified name (when managing anonymous-only repositories).

Go to the first, previous, next, last section, table of contents.