Follow this link to skip to the main content

Setup Remote Client for CLARAty Repository Access

These instructions are for setting up remote access to the CLARAty CVS repository on Fedora Core 4 machines.

  1. Set up kerberos client
  2. Set up CVS client
  3. Remotely access CLARAty CVS repository
  4. Setup external instituion (Mihail)

Set up kerberos client

  1. Install kerberos client

    2. Make sure "kinit" is installed and in your path. If kinit is not installed, login as root and install it using the following command:
    yum install krb5-workstation

  2. Configure kerberos client

    3. Create the file /etc/krb5.conf containing the following:
    [appdefaults]
       renewable = true
       renew_lifetime = 7days
       forwardable= true
       proxiable = true

    [libdefaults]
      default_realm = JPL.NASA.GOV
      renew_lifetime = 7days
      forwardable= true
      fcc-mit-ticketflags = true
      dns_lookup_realm = true
      dns_lookup_kdc = true

    [domain_realm]
      .fltops.jpl.nasa.gov = JPL.NASA.GOV
      .jpl.nasa.gov = JPL.NASA.GOV
      jpl.nasa.gov = JPL.NASA.GOV

    [realms]
      JPL.NASA.GOV = {
      kdc = kerberos01.jpl.nasa.gov
      kdc = kerberos02.jpl.nasa.gov
      kdc = kerberos03.jpl.nasa.gov
      kpasswd_server = kerberos.jpl.nasa.gov
      kpasswd_protocol = SET_CHANGE
      admin_server = kerberos.jpl.nasa.gov
    }
    JPL.NASA.GOV = {
    kdc = kerberos01.jpl.nasa.gov
    kdc = kerberos02.jpl.nasa.gov
    kdc = kerberos03.jpl.nasa.gov
    admin_server = kerberos.jpl.nasa.gov
    }

Set up CVS client

  1. Check for kerberos support
    2. If CVS client has already been installed check if it has kerberos support.

    Issue the following command:
    ldd {cvs binary directory}/cvs
    example:
    ldd /usr/bin/cvs

    The output should look something like this:

    linux-gate.so.1 => (0x003b2000)
    libz.so.1 => /usr/lib/libz.so.1 (0x00b3c000)
    libcrypt.so.1 => /lib/libcrypt.so.1 (0x04cda000)
    libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x005d7000) <---- this line is required
    libkrb4.so.2 => /usr/lib/libkrb4.so.2 (0x00b15000)
    libnsl.so.1 => /lib/libnsl.so.1 (0x04d0a000)
    libdes425.so.3 => /usr/lib/libdes425.so.3 (0x00b0f000)
    libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00700000)
    libc.so.6 => /lib/libc.so.6 (0x009e4000)
    libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00563000)
    libcom_err.so.2 => /lib/libcom_err.so.2 (0x0055e000)
    libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00726000)
    libresolv.so.2 => /lib/libresolv.so.2 (0x00549000)
    /lib/ld-linux.so.2 (0x009c6000)

    If the following line is missing from the ouput you must compile CVS with kerberos support:

    libcrypt.so.1 => /lib/libcrypt.so.1 (0x04cda000)

  2. Compile CVS with kerberos support

    3. This step is only needed if your CVS installation does not have kerberos support. See step "1." above for how to check
    if your current CVS installation has kerberose support.

    Download and untar the cvs source files.

    Issue the folloing commands in the directory you untared the cvs source files to:

    ./configure --with-gssapi --enable-encrypt
    make make check //this is optional
    make install

    Description of flags:

      anable-encrypt // allows for data sent between cvs client and server to be encrypted
      with-gssap // allows for kerbrose 5 authentication using the GSSAPI

Remotely access CLARAty CVS repository

    Issue the following commands:

    kinit
    "enter your AFS password"
    ssh keuka
    "enter your AFS password"

    The ssh connection should close by itself. Make sure you're in a directory you have write access to and issue the following command:
    cvs -d :gserver:keuka:/afs/jpl.nasa.gov/group/claraty/private/cvs_test_root checkout example