[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Info-cvs] CSERVER extension to cvs [DRAFT]
From: |
Martin Vogt |
Subject: |
[Info-cvs] CSERVER extension to cvs [DRAFT] |
Date: |
Mon, 18 Sep 2000 13:54:15 +0200 |
User-agent: |
Mutt/1.2.5i |
Hello,
this mail describes some problems with the pserver implemention,
when used in larger companies and describes a (possible) solution.
(cserver)
pserver: the current problem
=============================
The current pserver implementation has the major drawback
that it stores the password in clear text (more or less)
in you local homedirectory.
This is a potential security hole, if another user can read this
file he has at the same time the user password, which
mean the can log into a machine!
The usual solution for this is:
-You setup virtual cvs accounts. But this
has another problem, because:
i) You must tell the user this CVS password
ii) The user must remeber the password
In larger companies you cannot force the user to do this.
Its inconvinient, for the system admin and for the users.
cserver: a solution
===================
My idea to solve this problem is an extension to cvs,
a new protocol "cserver" the c stand for "cookie".
It should work like this:
The client sends the usual CSERVER VERIFICATION REQUEST
(when he does the first "login")
This time the users types as login his real Password which is
checked by the cserver. If this is ok, the Server sends
something like this:
I LOVE YOU COOKIE:123456
This cookie is stored in the .cvspass and is now used
for all BEGIN CSERVER AUTH REQUEST.
This solution has the advantage:
i) Someone who can read .cvspass gets only cvs access
and not the "full" login
ii) The password is not stored in clear text
iii) Users do not need a "special" CVS password for every CVS Repository
Implementation.
===============
In the CVSROOT/passwd you have another entry, the
cookie. The cvsclient must check for the COOKIE:123456 part
and then writes it into the .cvspass.
I think this can be done very easily.
Any ideas?
What do you think?
regards,
Martin
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Info-cvs] CSERVER extension to cvs [DRAFT],
Martin Vogt <=