HOW TO TUNNEL CVS

Instead of using pserver, which is insecure, it is better to ssh to user
accounts on the CVS repository.

1. Put the following environment variables in ~/.cshrc (or equivalent for
other shells) on the local computer (HOST is the remote computer):

setenv CVSROOT HOST:/cvs
setenv CVS_RSH ssh

2. Create a cvs group on HOST containing all cvs users and set the ownership
and permissions of the CVS repository /cvs and /cvs/CVSROOT:

chown root.cvs /cvs
chmod 755 /cvs

chown root.cvs /cvs/CVSROOT
chmod 775 /cvs/CVSROOT
chmod o+t /cvs/CVSROOT

2. Create a separate cvs lock directory so that users do not need to have
write access to a particular project directory:

mkdir /cvs.lock
chown -R root.cvs /cvs.lock
chmod -R 775 /cvs.lock
chmod -R o+t /cvs.lock

Repeat this step whenever new directories are added to the cvs repository.

3. Put in CVSROOT/config on HOST the lines

SystemAuth=no
LockDir=/cvs.lock