Re: [Cvs-dev] Re: cvs-passwd patch

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

P J P <address@hidden> writes:

> On Wed, 1 Nov 2006, Mark D. Baushke wrote:
> >>    No! all I'm saying is, "authentication of old password is required,
> >> by any means". And also that, "a user, herself, should be able to
> >> change her (:pserver: or anyother) password, using normal cvs client".
> >
> > Those requirements are not really compatible with the CVSNT protocol.
> 
>    I just don't understand this! Why something has to be consistent or
> compatible with something completely *irrational*, and *illogical*,
> like CVSNT authentication.

The CVSNT authentication is self-consistent and reasonable and rational
in my view.
 
>    I mean! It's an ages old practice to verify ones current
> credentials right before you change them; And it is well received and
> accepted too. Take any example, Unix/Linux 'passwd' does that, when I
> change my e-mail password it works like that, when I change my debit
> card pin number, they ask me for my current pin number, you consider
> any damn (sane)authentication Mark!, you'll observe this practice.

Ahhh.. but they don't use the equivalent of an embossed rot13 copy of
your pin number printed on the card do they? The illusion of security is
not security.

>    I don't know, why such (mal)practice was adopted by CVSNT guys. I
> don't want to know it! My point is, how could you put, compatiblity
> with something *unacceptable*, before rational. And if so, why don't
> you urge CVSNT guys to change theirs behaviour?

I suppose I might hvae suggested that they support the passwd-e
functionality if it ever gots into CVS.

> > Exactly. So, if you are a CVS client talking with a CVSNT server, you
> > will be required do the same thing.
> >
> > If you are a CVS server listening to a CVSNT client, then you will need
> > to accept the password change without a verification of the old password.
> >
> > It may be desirable to add a configuration option to CVSROOT/config to
> > allow the CVS maintainer to disallow this situation, although I think
> > this would need more discussion by the CVS and CVSNT maintainers.
> >
> > fwiw: I do not ever really trust the client to be secure. If the user is
> > able to make an authenticated connection, then it could have been anyone
> > at all who did it and the server really has no way to tell if the client
> > ever did the right thing or not.
> >
> > So, I honestly don't think that there ever needs to be a verification of
> > the old password. You know that I have said the same thing more than
> > once in the past, so it should not be a surprise to you.
> 
>     You know Mark, It's all getting more & more complicated(and less &
> less fun), unnecessarily. Sometimes I really feel sorry. Why things
> have to be like this, always?? I just wanted(and still want) to solve
> the problem, but solve it *properly*. You know, I think, I'll better
> take off that authentication step, and sleep well. I don't know, I'm
> not sure!

Okay. No worries. Continue to support your patch on your web site and no
hard feelings for the time waste on my side.

I do suggest that you may wish to change the protocol name you are using
if you are not directly supporting what CVSNT uses, otherwise customers
of your patch will not love you when they try to use it with other
servers.

Good luck with your future.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFFSi2vCg7APGsDnFERAquAAJ9HBhHJf9I/QcmS4r8oM57zLOloMACg80Yx
Ub8IgqwbTwFlYiXkNpjrZOY=
=IYug
-----END PGP SIGNATURE-----