[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cvs with xinetd

From: adam_montville
Subject: RE: cvs with xinetd
Date: Thu, 3 May 2001 15:22:39 -0600

> > Also, I've been experiencing problems with my pserver
> > authentication.  This may be due to the fact that RedHat 
> installed with
> > MD5 passwords enabled.  Does this pose the problem I think it might?
> Hard to say, what problem do you think it might pose?  CVS uses the
> crypt(3) library function to check the user-supplied password against
> CVS and/or system passwords, so as long as your crypt() routine knows
> about MD5, it should work fine.

The very fact that it uses the crypt(3) library function is why I believe it
would "break".  Suppose I use jCVS to connect to my CVS server, on which MD5
passwords are used.  Further suppose that I don't want to use the layered
password protection that CVS provides because I'm on an internal network
protected elsewhere.  jCVS will create the password in-line with the fact
that crypt(3) is used to generate it.  However, the CVS pserver, not having
a passwd file, will look in the system files and find a password that was
generated with MD5.  The passwords can't match, except by chance (and a long
shot at that).  

If this is the case, then the moral of the story is to always use the passwd
file in CVS, or never use MD5 if you don't use the passwd file.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]