There is an open-source SSL tunneling software, called `stunnel' (see section `stunnel' -- SSL tunneling). It could be used to wrap the `:pserver:' communications with SSL, so that sensitive information like passwords and files' contents would go over the network in encrypted form.
You may use the `stunnel' together with any `checkpassword'-style program, be it ordinary UNIX authentication, PAM, or virtual repositories.
For example only, suppose that we are protecting the `:pserver:' with UNIX authentication, that is, using the `checkpassword' program.
By default the SSL-tunneled `:pserver:' uses port 22401.
You should arrange your system startup scripts so that `stunnel' daemon would start up automatically every time the machine reboots. Suppose, the startup script is called `/etc/init.d/cvs-stunnel', and contains the following:
#! /bin/sh /usr/local/bin/stunnel -d 22401 -l /usr/bin/cvs-pserver -- cvs-pserver /repos -- /usr/local/bin/checkpassword /usr/bin/cvs pserver
Go to the first, previous, next, last section, table of contents.