[Cvs-dev] Re: cvs-passwd patch

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

P J P <address@hidden> writes:

> On Thu, 26 Oct 2006, Mark D. Baushke wrote:
> > In point of fact, if you really feel you need to prompt for the old
> > password and use it (which I do NOT agree is desirable), then you will
> > probably also need to have another server extension to validate it. Of
> > course, having a password validation step is actually another potential
> > security hole, although not really a big one.
> 
>    Well, excluding the authentication step is the last option, I'm
> considering. What I didn't get is, server extension for
> authentication, what's that now?

If we assume that it is a bad idea to a :pserver: connection with
another connection method, then you would need a separate protocol
transaction to send across the old password to be validated.

> > Really? Then why are you not able to write sanity.sh tests that test
> > changing the password without connection via the :pserver: method?
> 
>     That's a *different* issue al together, Mark! All the methods of
> connection that cvs supports, are completely independent of
> each-other. 

But all commands that manipulate the repository should be able to
perform all of those manipulations regardless of connection method.

I have not even mentioned wondering how your methods will work with a
proxy in place. Clearly attempting to do a direct connection to validate
the old password may not even provide a path for the packets to go.

> And support for all of them, by a command, could be(or
> should be) the *desirable* characteristic, but certainly not the
> *required* one.  As, in case of :pserver:, there is no way, by which,
> a user can change her cvs password; Where as, for other methods, there
> are good enough means to do that, such as system 'passwd' command. Of
> course if SystemAuth=no, then again they are cursed.

I think you have switched SystemAuth=yes for SystemAuth=no here.

> > On the other hand, the CVSNT code certainly seems to allow a user to use
> > :ext: or :local: or any of their other authentication methods to change
> > their :pserver: password.
> 
>    That's (I guess)because, they don't authenticate the user, before
> promptng for the 'New Password: '; Which I'm considering as a last
> resort.

Okay.

> > I have no idea why you have not at least made the attempt to look at
> > their algorithms.
> 
>    I have no idea what makes you think like that!!

Possibly I have had too little sleep. Have you looked at the way the
passwd implementation is done on CVSNT? Is it different in control flow
than your implementation? Should it be different in control flow?

        -- Mark

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFFQjtOCg7APGsDnFERAq8hAJ0RIAEPkwhddyIbcNjtNrWcelLHvwCgjoKs
u1hocJEoKjr9AFHmZmxMhKg=
=TcII
-----END PGP SIGNATURE-----