[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Any plan to merge cvspwd into cvs?

From: Ben Kial
Subject: Re: Any plan to merge cvspwd into cvs?
Date: Sun, 05 May 2002 18:25:47 GMT

I am new to CVS administration and I could some education here...

The "cvspwd" only changes the password file under CVSROOT/password.
This has nothing to do with any Unix user account. I don't understand how
can this cause any security problem? Worst comes to worst, a hacker can
only add/modify/delete CVS users (which in my setting I map them all to
a Unix "cvsguest" user account). The best (or worst) he can do is to mess
up the CVS repository, right?



"Greg A. Woods" <address@hidden> wrote in message
> [ On Wednesday, May 1, 2002 at 07:23:23 (GMT), Ben Kial wrote: ]
> > Subject: Any plan to merge cvspwd into cvs?
> >
> > I have been using "cvspwd" to manage my CVS user accounts in
> > my :pserver host so that I don't have to create Unix accounts for
> > each CVS user. However, "cvspwd" can only be executed by the
> > repository owner, which means each CVS user cannot change
> > their own password...
> >
> > Is there any plan from the CVS team to include "cvspwd" into future
> > releases of CVS and have a "cvs passwd" command for users to
> > manage their own passwords?
> I should certainly hope not.
> That would be an additional security risk on top of a major security
> Please consider switching to SSH.
> --
> Greg A. Woods
> +1 416 218-0098;  <address@hidden>;  <address@hidden>;
> Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird

reply via email to

[Prev in Thread] Current Thread [Next in Thread]