[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: System password authentication

From: Larry Jones
Subject: Re: System password authentication
Date: Tue, 15 Apr 2003 02:33:31 -0400 (EDT)

Eric Siegerman writes:
> Ideally, CVS would emulate login's behaviour, by not prompting
> for a password if the field is null.  But the little I know of
> CVS's internals suggests that trick is impossible -- by the time
> the username hits the server, I imagine the password's already
> been prompted for.

Exactly -- the client prompts for username and password when you run
"cvs login" before ever contacting the server.  For other uses, CVS just
consults your ~/.cvspass file and doesn't prompt at all.

> The "no-password == no-prompt" trick would have been useful in
> CVSROOT/passwd, though, for read-only anon-CVS access -- no less
> secure than publishing the password on a web site as everyone
> does now, but certainly less annoying.  Oh well.

For some time now CVS pserver has interpreted a null password in
CVSROOT/passwd as matching any password at all (the client sends
an empty password if there's no matching entry in ~/.cvspass), so
there's no need to publish a password for anonymous access.

-Larry Jones

Hmph. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]