[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM authentication patch - v2

From: Mark D. Baushke
Subject: Re: PAM authentication patch - v2
Date: Wed, 16 Apr 2003 00:54:05 -0700

Brian Murphy <brian@murphy.dk> writes:

> Mark D. Baushke wrote:
> >I doubt I can convince you of how evil it is to send passwords in the
> >clear for your :pserver: connections to cvs. I just shudder to think of
> >folks seeing that cvs support PAM and thinking for some reason that it
> >is not leaking their passwords in a large number of ways.
> >
> >
> PAM also works with telnet. I don't think anyone thinks a PAM enabled login
> via telnet is any more secure than an ordinary passwd based login.

Some telnet versions allow for encryption either using SSL or are

In addition, there are many security pages documenting the 'evils' of
using telnet and suggesting that all right-minded people move to a
secure remote connection mechanism of some kind.

It should also be noted that folks have spend a bit of effort trying to
remove security flaws from telnet and telnetd and that a similar such
effort has not been contemplated for cvs which is inherently NOT secure.

        -- Mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]