This is a (cleaned up) history of adding a repository for "ipm" to cdcvs, for user nagy.

We log onto cdcvs...

<bel-kwinth> rsh cdcvs -l root

This rlogin session is using DES encryption for all data transmissions.
....
       Fermilab  policy  and  rules for computing, including appropriate
       use, may be found at http://www.fnal.gov/cd/main/cpolicy.html

Add entries for an "ipmcvs" account in passwd and shadow. I copied another one and pasted; I'm ommitting the vi session here. (the convention is to have an "xyzcvs" account for repository "xyz".)

[root@cdcvs0 /root]# vi /etc/passwd
[root@cdcvs0 /root]# tail -1 /etc/passwd
ipmcvs:x:110:6409:E907 CVS User:/cvs/home/ipmcvs:/local/ups/prd/cvsh/v1_9/bin/cvsh
[root@cdcvs0 /root]# ed /etc/shadow
[root@cdcvs0 /root]# tail -1 /etc/shadow
ipmcvs:x:11802:0:99999:7:::

Added a repository diretory under /cvs, and home under /cvs/home/ I started by copying one of the other cvs user homes. Then cleaned out cvshlog files, and put myself and the requesting user in the .admin and .k5login files.

[root@cdcvs0 /root]# cd /cvs
[root@cdcvs0 /cvs]# mkdir ipm
[root@cdcvs0 /cvs]# chown ipmcvs ipm
[root@cdcvs0 /cvs]# cd home
[root@cdcvs0 home]# ls
cvsuser  dcdcvs  e907cvs  flcvs  nutevcvs  osscvs  w2kmigcvs  wrscvs
[root@cdcvs0 home]# cp -r dcdcvs ipmcvs
[root@cdcvs0 home]# chown -R ipmcvs ipmcvs
[root@cdcvs0 home]# ls -l
total 36
drwxr-xr-x   5 cvsuser  cvsuser      4096 Mar 11 15:35 cvsuser
drwxr-xr-x   2 dcdcvs   root         4096 Jan 27 15:13 dcdcvs
drwxr-xr-x   3 e907cvs  e907         4096 Feb 26 12:19 e907cvs
drwxr-xr-x   2 flcvs    root         4096 Jan 27 15:13 flcvs
drwxr-xr-x   2 ipmcvs   root         4096 Mar 11 16:44 ipmcvs
drwxr-xr-x   3 nutevcvs root         4096 Jan 28 13:41 nutevcvs
drwxr-xr-x   3 osscvs   root         4096 Feb 28 12:10 osscvs
drwxr-xr-x   2 w2kmigcv root         4096 Jan 27 15:13 w2kmigcvs
drwxr-xr-x   2 wrscvs   root         4096 Jan 27 15:13 wrscvs
[root@cdcvs0 home]# cd ipmcvs
[root@cdcvs0 ipmcvs]# ls
cvshlog  cvshlog.20011024.gz
[root@cdcvs0 ipmcvs]# rm cvshlog*
rm: remove `cvshlog'? y
rm: remove `cvshlog.20011024.gz'? y
[root@cdcvs0 ipmcvs]# ls
[root@cdcvs0 ipmcvs]# ls -a
.  ..  .admin  .bash_history  .cvshrc  .cvshrc.bak  .k5login
[root@cdcvs0 ipmcvs]# vi .admin
...
[root@cdcvs0 ipmcvs]# cat .admin
mengel
nagy
[root@cdcvs0 ipmcvs]# rm -f .bash_history
[root@cdcvs0 ipmcvs]# vi .k5login
[root@cdcvs0 ipmcvs]# cat .k5login
mengel@FNAL.GOV
nagy@FNAL.GOV

Next I updated the .cvshrc to list their new repository

[root@cdcvs0 ipmcvs]# vi .cvshrc
...
[root@cdcvs0 ipmcvs]# cat .cvshrc
PATH=/local/ups/prd/cvs/v1_11_5/bin:/local/ups/prd/diffutils/v2_7/bin:/usr/krb5/bin:/usr/loca
l/bin:/bin:/usr/bin
TMPDIR=/tmp
ipmcvs /cvs/ipm

This next bit is specific to allowing ssh access to the repository. Not everyone needs this, so in those cases you can skip this bit. We add a .ssh directory with an authorized_keys file. I have a key in the cvsuser account, so I copied my key in so I can test later.

[root@cdcvs0 ipmcvs]# mkdir .ssh
[root@cdcvs0 ipmcvs]# chown ipmcvs .ssh
[root@cdcvs0 ipmcvs]# chmod 700 .ssh
[root@cdcvs0 ipmcvs]# cd .ssh
[root@cdcvs0 .ssh]# ls
[root@cdcvs0 .ssh]# grep mengel /cvs/home/cvsuser/.ssh/authorized_keys > authorized_keys
[root@cdcvs0 .ssh]# cat authorized_keys
1024 35 1254285696944858972260304343500667763230624031273213190387560526619853097837645974226
738611971355744826866604109712149653211896945025185981530412504799995769172443882921612191220
483230748981666822789884206993707689981244700074744263413558910471608495712051803510637185397
65517043648997331545458149241182080811 mengel@ossbud

More ssh stuff, which you may not need for some repositories; to let them in, you also need to edit the sshd_config.cdvs0 file, and add the new account name to the list of allowed users.

[root@cdcvs0 /root]# vi /etc/sshd_config.cdcvs0
[root@cdcvs0 /root]# diff /etc/sshd_config.cdcvs0 /etc/sshd_config.cdcvs0.bak
26c26
< AllowUsers cvsuser nutevcvs e907cvs ipmcvs
---
> AllowUsers cvsuser nutevcvs e907cvs
[root@cdcvs0 /root]# ps -ef | grep ssh
root     469     1  0  2002 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd
root   26487     1  0  2002 ?        00:06:14 /usr/krb5/sbin/sshd -f /etc/sshd
root    7315     1  0 Feb25 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd
root   24771 24744  1 16:53 ttyp0    00:00:00 grep ssh
[root@cdcvs0 /root]# ps -efw | grep ssh
root     469     1  0  2002 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs1
root   26487     1  0  2002 ?        00:06:14 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0
root    7315     1  0 Feb25 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs2
[root@cdcvs0 /root]# kill 26487; /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0
[root@cdcvs0 /root]# ps -efw | grep ssh
root     469     1  0  2002 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs1
root    7315     1  0 Feb25 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs2
root   24778     1  5 16:53 ?        00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0
[root@cdcvs0 /root]# exit
Connection closed.

Now we come back in as the new ipmcvs account (this is why we added ourselves to the .admin file so we can get an interactive login)

<bel-kwinth> rsh cdcvs -l ipmcvs
This rlogin session is using DES encryption for all data transmissions.
...
       Fermilab  policy  and  rules for computing, including appropriate
       use, may be found at http://www.fnal.gov/cd/main/cpolicy.html
[e907cvs@cdcvs0 ipmcvs]$ cd /cvs/ipm
[e907cvs@cdcvs0 ipm]$ ls
[e907cvs@cdcvs0 ipm]$ cvs -d /cvs/ipm init
[e907cvs@cdcvs0 ipm]$ ls
CVSROOT
[e907cvs@cdcvs0 ipm]$ exit
Connection closed.

Next we do some test cvs things with the new repository.

<bel-kwinth> cd /tmp
<bel-kwinth> mkdir stuff
<bel-kwinth> cd stuff
<bel-kwinth> echo hello > file
<bel-kwinth> cvs -d ipmcvs@cdcvs.fnal.gov:/cvs/ipm import -m log stuff fermi init
<bel-kwinth> cd ..
<bel-kwinth> rm -rf stuff
<bel-kwinth> cvs -d ipmcvs@cdcvs.fnal.gov:/cvs/ipm co stuff
This rsh session is using DES encryption for all data transmissions.
cvs server: Updating stuff
U stuff/file
<bel-kwinth> cd stuff
<bel-kwinth> ls
CVS  file
<bel-kwinth> cvs log file
This rsh session is using DES encryption for all data transmissions.
RCS file: /cvs/ipm/stuff/file,v
Working file: file
head: 1.1
branch: 1.1.1
locks: strict
access list:
symbolic names:
	initial: 1.1.1.1
	fermi: 1.1.1
keyword substitution: kv
total revisions: 2;	selected revisions: 2
description:
----------------------------
revision 1.1
date: 2003/03/11 22:55:33;  author: mengel;  state: Exp;
branches:  1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2003/03/11 22:55:33;  author: mengel;  state: Exp;  lines: +0 -0

=============================================================================

Now some more testing, for the ssh stuff. Of course, if you didn't add ssh stuff above, don't bother testing it here...

<bel-kwinth> ssh-add
Enter passphrase for mengel@fnal.gov: 
Identity added: /afs/fnal/files/home/room1/mengel/.ssh/identity (mengel@fnal.gov)
<bel-kwinth> KRB5CCNAME=/tmp/junk
<bel-kwinth> export KRB5CCNAME
<bel-kwinth> klist
klist: No credentials cache file found (ticket cache /tmp/junk)
<bel-kwinth> CVS_RSH=/usr/krb5/bin/ssh
<bel-kwinth> export CVS_RSH
<bel-kwinth> cvs log file
21193: Warning: Remote host denied X11 forwarding.

RCS file: /cvs/ipm/stuff/file,v
Working file: file
head: 1.1
branch: 1.1.1
locks: strict
access list:
symbolic names:
	initial: 1.1.1.1
	fermi: 1.1.1
keyword substitution: kv
total revisions: 2;	selected revisions: 2
description:
----------------------------
revision 1.1
date: 2003/03/11 22:55:33;  author: mengel;  state: Exp;
branches:  1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2003/03/11 22:55:33;  author: mengel;  state: Exp;  lines: +0 -0

=============================================================================
<bel-kwinth> unset KRB5CCNAME

And finally, we clean up from our testing. The user probably doesn't want our "stuff" directory laying around.

<bel-kwinth> rsh cdcvs -l ipmcvs
This rlogin session is using DES encryption for all data transmissions.
...
       Fermilab  policy  and  rules for computing, including appropriate
       use, may be found at http://www.fnal.gov/cd/main/cpolicy.html
[ipmcvs@cdcvs0 ipmcvs]$ cat cvshlog
Tue Mar 11 17:00:43 2003 (mengel@bel-kwinth.fnal.gov) : -cvsh [kK]
Tue Mar 11 17:00:50 2003 (mengel@bel-kwinth.fnal.gov) : cvs server [sS]
[ipmcvs@cdcvs0 ipmcvs]$ cd /cvs/ipm
[ipmcvs@cdcvs0 ipmcvs]$ rm -rf stuff
[ipmcvs@cdcvs0 ipmcvs]$ exit
Connection closed.