Re: Authentication without clear password on the network

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication without clear password on the network

From:	Yves Martin
Subject:	Re: Authentication without clear password on the network
Date:	Tue, 06 Jul 2004 12:42:33 +0200
User-agent:	Gnus/5.090015 (Oort Gnus v0.15) Emacs/21.3

"Greg A. Woods" <address@hidden> writes:

> [ On Monday, July 5, 2004 at 12:03:57 (+0200), Yves Martin wrote: ]
>> Subject: Authentication without clear password on the network
>>
>>  I'm currently using a CVS server with PAM authentication. So that my
>>  windows users simply use their domain user/password to authenticate
>>  with pserver client mode thanks to the SMB PAM module.
>
> Why not use SSH?  It would be much more secure.

>>  [ Additionnaly, users are anonymized to a single real 'cvs' user to
>>    avoid users creation on Linux ]
>
> Don't do that.  The security model used by Unix-like systems (GNU/Linux
> obviously included) requires that every human user have a unique system
> identity. 

 My constraints are oriented to reduce administrative tasks:

 - no system user on the UNIX server (there is no need for CVS
   features indeed - only the "log name" should be kept for the author
   field in RCS files)

 - authentication against the windows domain PDC (to avoid to manage
   another password or home directory ...)

 As far as I'm using the PAM SMB only for the CVS authentication, I do
 not break the UNIX security. The virtual 'cvs' user only access CVS
 files. In fact there is no human user connected to the machine but
 only a client/server CVS service.

 Current status:
 - The CVS server is used only in the enterprise network. So there is
   no need to be so secured but it is better that passwords are not
   sent as clear text (pserver currently !).

 - The user access is :pserver:address@hidden:/cvsroot. And the CVS
   pserver authenticate 'user' with PAM, then switch the process to
   'cvs' virtual user (hard-coded in sources !)

 - commit are controlled with CVSROOT/avail and the well-known set of
   Perl scripts (commitcheck, cvs_acls.pl) installed in commitinfo.

   So there is only one file to manage with CVS currently: the avail
   file.

 My objections about SSH:

 - SSH needs a system user per human user and it is too much job to
   maintain.

 - SSH needs to generate certificats and install public keys. It is
   the only way to use SSH with WinCVS - another "too much job" for
   users.

 As you can see, I clearly separate authentication (SMB PAM) and
 authorization (commitinfo).

 It works well except to control update access (checkout, update,
 export) and maybe tag commands. A way to correct that: create a
 system group per project (aka module) and add programmatically (after
 authentication) the real user's groups to the 'cvs' system user to
 control update access with group level.  But that is another
 story. 
 My issue now concerns clear text passwords on the network.

-- 
Yves Martin

[Prev in Thread]

Current Thread

[Next in Thread]

Authentication without clear password on the network, Yves Martin, 2004/07/05
- Re: Authentication without clear password on the network, Greg A. Woods, 2004/07/05
- Message not available
  - Re: Authentication without clear password on the network, Yves Martin <=
    - Re: Authentication without clear password on the network, Greg A. Woods, 2004/07/15

Prev by Date: Re: Number of unique accesses to a repository?
Next by Date: Re: binary files bad idea? why?
Previous by thread: Re: Authentication without clear password on the network
Next by thread: Re: Authentication without clear password on the network
Index(es):
- Date
- Thread