Go to the first, previous, next, last section, table of contents.


Wrapping `:pserver:' with SSL

There is an open-source SSL tunneling software, called `stunnel' (see section `stunnel' -- SSL tunneling). It could be used to wrap the `:pserver:' communications with SSL, so that sensitive information like passwords and files' contents would go over the network in encrypted form.

You may use the `stunnel' together with any `checkpassword'-style program, be it ordinary UNIX authentication, PAM, or virtual repositories.

For example only, suppose that we are protecting the `:pserver:' with UNIX authentication, that is, using the `checkpassword' program.

By default the SSL-tunneled `:pserver:' uses port 22401.

You should arrange your system startup scripts so that `stunnel' daemon would start up automatically every time the machine reboots. Suppose, the startup script is called `/etc/init.d/cvs-stunnel', and contains the following:

#! /bin/sh
/usr/local/bin/stunnel -d 22401 -l /usr/bin/cvs-pserver --
cvs-pserver /repos --
/usr/local/bin/checkpassword /usr/bin/cvs pserver


Go to the first, previous, next, last section, table of contents.