[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: System password authentication
From: |
Kevin Wang |
Subject: |
Re: System password authentication |
Date: |
Mon, 14 Apr 2003 15:11:16 -0700 |
User-agent: |
Mutt/1.4i |
From Larry Jones
> > I think code that
> > impliments security should be very simple - this code is not.
>
> I agree that the code should be as simple as possible, but I don't think
> you can make it much simpler without changing CVS's authorization
> scheme. In theory, I agree with Gregg Woods that CVS shouldn't be in
> the authentication business at all, but given that it already is, I'm
> not inclined to remove it since there are valid uses (although only on a
> reasonably secure intranet with trusted users). You are, of course,
> welcome to submit a patch if you think you can do better.
question: how about making the authentication step a separate external
program that returned an exit code of 0 or 1 to indicate successful
authentication (and perhaps other error codes to indicate temporary
failure, etc)
and then cvs could come with a few programs that you could plug in;
one for regular passwd, one for pam, or write your own?
for security, you obviously don't want to send the user/passwd on the
command line, but how about as writes down a pipe?
Not sure how well that would port to windows, though.
- Kevin