[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: System password authentication
From: |
Larry Jones |
Subject: |
Re: System password authentication |
Date: |
Tue, 15 Apr 2003 02:33:31 -0400 (EDT) |
Eric Siegerman writes:
>
> Ideally, CVS would emulate login's behaviour, by not prompting
> for a password if the field is null. But the little I know of
> CVS's internals suggests that trick is impossible -- by the time
> the username hits the server, I imagine the password's already
> been prompted for.
Exactly -- the client prompts for username and password when you run
"cvs login" before ever contacting the server. For other uses, CVS just
consults your ~/.cvspass file and doesn't prompt at all.
> The "no-password == no-prompt" trick would have been useful in
> CVSROOT/passwd, though, for read-only anon-CVS access -- no less
> secure than publishing the password on a web site as everyone
> does now, but certainly less annoying. Oh well.
For some time now CVS pserver has interpreted a null password in
CVSROOT/passwd as matching any password at all (the client sends
an empty password if there's no matching entry in ~/.cvspass), so
there's no need to publish a password for anonymous access.
-Larry Jones
Hmph. -- Calvin