[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM authentication patch - v2

From: Kevin Wang
Subject: Re: PAM authentication patch - v2
Date: Tue, 15 Apr 2003 17:12:29 -0700
User-agent: Mutt/1.4i

 From Mark D. Baushke
> > Most people probably have a non-password protected private ssh key in
> > their ~/.ssh directory too. The cvs passwords are stored so that only
> > the user can read/write them.
> Actually, I suspect you are mistaken in your assumptions. It is way too
> easy to mount user volumes or NFS filesystems and access the dot files
> in a user tree if you are on a LAN. Storing passwords or non-password
> protected private ssh keys are always to be discouraged.
> After all, if you are going to give them PAM credentials on your cvs
> server, why not just let them rsh into the box and use the :ext: method
> without risking any passwords at all?
> I guess that I really do not understand why :pserver: needs to use PAM
> authentication. I am not saying there is not a reason, I just have not
> understood it.

our environment: 

imap uses system password, and is typically 'remembered' by their email
client (outlook), which we all know is trivially hashed in the registry.

cvs server is redhat

users are pretty much all on windows machines that primarilly support
:pserver:.  I actually have no idea if rsh would work under windows.
rsh is actually not installed, so it'd have to be ssh.

so it would be nice to tie into the existing /etc/passwd password system.
most users already use the same password for mail and cvs. policy or not,
that's what the users want to do; single sign-on.

   - Kevin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]