[Cvs-dev] Re: cvs-passwd patch

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

P J P <address@hidden> writes:

> It seems that, folks are not following our thread about 'cvs-passwd
> patch' and the poll you've called for. I was just wondering, if you
> could open up a new poll, with an intuitive subject line to it? That
> will bring some difference, I hope!

Done.

>     Also, I'm still stuck up with the same authentication problem.
> Now, it looks like, authentication for :pserver: & :gserver: is done
> with the same 'connect_to_pserver()' and that for :kserver: can be
> done with few modifications to 'start_kerberos4_server()', others are
> still a mystery.

Right. Using connect_to_pserver() is clearly wrong. I have said you
should remove it. It should NOT be done in this manner. The problem also
exists if SystemAuth=yes in the CVSROOT/config file that the password
entry for this user might not actually be in the CVSROOT/passwd file. I
have added a poll question for the best way to deal with that situation
as well.

> I wanted to ask you that, let's say, if I do this authenticaion only
> for :pserver:, :gserver:, and :kserver: (as that looks doable at the
> moment), will that do? Others, anyways, don't seem to use
> CVSROOT/passwd authentication.

No, that will not do (in my opinion).

If you wish to have the client prompt for the old password, then it
should be sent to the server along with the new password along the same
server connection, but it should NOT initiate another :pserver:
connection to do the validation. You could have the passwd() function
descramble the old password and do the comparison when you are reading
the CVSROOT/passwd file to see if they match if you must do something
like it.

> I'll really appreciate, if you folks could offer some insight into it!

The way I am viewing this problem may be different than others, but I
see the 'cvs passwd' file as being a command to manage the
CVSROOT/passwd file on a server. If a user can send commands to
manipulate it, then they should be able to manipulate their own entry to
it and the administrator should be able to manipulate the entries of
anyone in the file with the possible exception of disabling/deleting
their own entry which CVSNT does not let them do.

There exists no way to ensure that someone has not walked away from
their desk and even prompting them to re-enter their credentials is
silly given that the password in the .cvspass file is trivially able to
be unscrambled by anyone who cares enough to do a simple google search.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFFQNnNCg7APGsDnFERAoWRAKDGx3ub7wRtzlJVdNgdkcpXwt/KVgCgvxQP
zEI0YDLpSzPk6JuN7TgJWzE=
=hsfA
-----END PGP SIGNATURE-----