bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM authentication patch - v2


From: Derek Robert Price
Subject: Re: PAM authentication patch - v2
Date: Fri, 18 Jul 2003 10:15:25 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Matt Doar wrote:

Correct. The functionality of the patch is *exactly* what I want. I'm
really hoping Derek finds time to get it in. The extra functionality
Derek mentioned would be nice, but I suspect it is not crucial for many
sites.


I think some sites will find the cleartext password issue, at the least, crucial. As is mentioned often on this list and in the CVS documentation, CVS stores password in almost clear text in ~/.cvspass and sends password across the network in cleartext by default. Adding this PAM functionality is going to open some configuration possibilities for system administrators, which is nice, but it is also making it much easier for them to allow their user's system and possibly network-wide password to be compromised.

I was hoping to engender some discussion on these issues and perhaps come up with some ideas for how to get around them. It's a can of worms I'm not sure I'm happy to be opening up, and why PAM support and other authentication methods have mostly been ignored by the CVS development team up to now in favor of things like SSH or tunneled pserver connections. It's also why this feature is currently considered experimental until we get some feedback.

I'm not one to necessarily stop people from shooting themselves in the foot, but I do like to let them know when I hand them a gun.

I was also hoping the discussion and ideas that come out of this might encourage others to submit patches. It is unlikely that I will have the time to handle all the PAM support myself and if this feature is going to move out of the experimental phase, it will need to be maintained.

Derek

--
               *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
--
BREAKFAST.EXE exited with non-zero status: Cereal Port Not Responding.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]