Re: [Cvs-dev] Re: cvs-passwd patch

[Tony Hoyle]

Mark D. Baushke wrote:

> I think the CVSNT folks would likely have some input on this situation
> as they have had a method in place for changing a password for a long
> time. Tony? Have you any wisdom for us?


>   1) How does a CVS aministrator disable users changing passwords if
>      that is their local policy?

At the moment CVSNT doesn't do this internally but you can disable 
anything with a precommand script (we're looking at introducing fine 
grained permissions in the future).

>   2) How does a CVS administrator ensure that the 'anonymous' login (if
>      any) does not have the password changed by a malicious user? This
>      same question may apply to other administrative accounts such as is
>      used by the wandisco folks.

You need write access to the repository to change a password.  You can 
only change your own password unless you're a repository administrator.

In the normal case the anonymous user is in the readers file so has no 
access to the passwd command.  We strongly encourage read/write access 
to be done via non-pserver protocols such as ssh (on unix) or sspi (on 
windows) - although this isn't always possible, of course.  In practice 
it hasn't been an issue (and again a precommand script could fix the 
corner cases if they happened).

>   3) How does a CVS administrator detect if someone is using a
>      dictionary attack against :pserver: and what records, if any, are
>      to be kept that a particular user did change their password?

cvsnt has an audit plugin that logs every command to a database along 
with source IP, time, etc. so such things could be caught.  Nobody has 
written any kind of IDS plugin to use that data to detect an attack but 
I don't imagine it would be that hard.

Tony