Re: cvs with xinetd

[Larry Jones]

Adam W. Montville writes:
> 
> After doing some experimentation, I think I've determined that enabling
> MD5 passwords on my RedHat 7.0 box does, indeed, prevent OS-level
> authentication by CVS.  I built my box first with MD5 passwords enabled,
> and configured CVS for a pserver, but could not connect from another
> machine.  Then, I build the box with "traditional" passwords enabled
> (crypt(3)) and again configured CVS for a pserver.  At this point, all
> things were held equal except for the manner in which passwords were
> generated.  I can connect without a problem when MD5 passwords are
> disabled.

Then it would appear that RedHat and/or Linux in general implemented MD5
passwords in a less than desirable fashion.  What they should have done
is enhance crypt(3) to do MD5 based on the first character(s) of the
salt; since the traditional DES algorithm only uses 64 characters, there
are lots of invalid characters that can be used for extensions.  If they
didn't do that, and it seems from the above that they didn't, it may be
too late now, but I'd lobby long and hard to get it done.  Otherwise, it
breaks *every* application that does password verification: ftpd, xdm,
xlock, etc.  Presumably, they've patched all of those that come with the
system, which was undoubtedly a whole lot more work than doing it right
would have been.

-Larry Jones

Why can't I ever build character in a Miami condo or a casino somewhere?
-- Calvin