[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Connection and authentication occurs before the CVS protocol itself is started. There are several ways to connect.
cvs
. It is
invoked with one argument, server
. Once it invokes the server,
the client proceeds to start the cvs protocol.
The pserver server listens on a port (in the current implementation, by having inetd call "cvs pserver") which defaults to 2401 (this port is officially registered). The client connects, and sends the following:
The client must send the
identical string for cvs root both here and later in the
Root
request of the cvs
protocol itself. Servers are encouraged to enforce this restriction.
The possible server responses (each of which is followed by a linefeed)
are the following. Note that although there is a small similarity
between this authentication protocol and the cvs protocol, they are
separate.
I LOVE YOU
I HATE YOU
E text
unrecognized auth response
and text, and then exit, upon
receiving this response.
error code text
unrecognized auth response
and text, and then exit, upon
receiving this response.
Note that text for this response, or the text in an E
response, is not designed for machine parsing. More vigorous use of
code, or future extensions, will be needed to prove a cleaner
machine-parseable indication of what the error was.
If the client wishes to merely authenticate without starting the cvs protocol, the procedure is the same, except BEGIN AUTH REQUEST is replaced with BEGIN VERIFICATION REQUEST, END AUTH REQUEST is replaced with END VERIFICATION REQUEST, and upon receipt of I LOVE YOU the connection is closed rather than continuing.
Another mechanism is GSSAPI authentication. GSSAPI is a generic interface to security services such as kerberos. GSSAPI is specified in RFC2078 (GSSAPI version 2) and RFC1508 (GSSAPI version 1); we are not aware of differences between the two which affect the protocol in incompatible ways, so we make no attempt to specify one version or the other. The procedure here is to start with `BEGIN GSSAPI REQUEST'. GSSAPI authentication information is then exchanged between the client and the server. Each packet of information consists of a two byte big endian length, followed by that many bytes of data. After the GSSAPI authentication is complete, the server continues with the responses described above (`I LOVE YOU', etc.).
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |