As illustrated here:
Make sure you're using a version of CVS that provides PAM (pluggable authentication modules) support, is configured correctly for PAM and then you can let Centrify and Active Directory do the rest.
Configuration implies configuring your cvspserver config file accordingly for PAM and having an entry for cvs under the PAM directory for your platform that includes Centrify. In addition your AD users must be members of the cvs group.
Users of the commercial version can use AD groups and identities to control the cvs group and even define privileges around controlling the CVS server or xinetd daemon.
You can further define more access granularity by creating a cvs PAM right if you want to allow end users to use CVS clients but not have to log in interactively to the system (same way we illustrated here with MongoDB).
R.P