[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication without clear password on the network

From: Yves Martin
Subject: Re: Authentication without clear password on the network
Date: Tue, 06 Jul 2004 12:42:33 +0200
User-agent: Gnus/5.090015 (Oort Gnus v0.15) Emacs/21.3

"Greg A. Woods" <address@hidden> writes:

> [ On Monday, July 5, 2004 at 12:03:57 (+0200), Yves Martin wrote: ]
>> Subject: Authentication without clear password on the network
>>  I'm currently using a CVS server with PAM authentication. So that my
>>  windows users simply use their domain user/password to authenticate
>>  with pserver client mode thanks to the SMB PAM module.
> Why not use SSH?  It would be much more secure.

>>  [ Additionnaly, users are anonymized to a single real 'cvs' user to
>>    avoid users creation on Linux ]
> Don't do that.  The security model used by Unix-like systems (GNU/Linux
> obviously included) requires that every human user have a unique system
> identity. 

 My constraints are oriented to reduce administrative tasks:

 - no system user on the UNIX server (there is no need for CVS
   features indeed - only the "log name" should be kept for the author
   field in RCS files)

 - authentication against the windows domain PDC (to avoid to manage
   another password or home directory ...)

 As far as I'm using the PAM SMB only for the CVS authentication, I do
 not break the UNIX security. The virtual 'cvs' user only access CVS
 files. In fact there is no human user connected to the machine but
 only a client/server CVS service.

 Current status:
 - The CVS server is used only in the enterprise network. So there is
   no need to be so secured but it is better that passwords are not
   sent as clear text (pserver currently !).

 - The user access is :pserver:address@hidden:/cvsroot. And the CVS
   pserver authenticate 'user' with PAM, then switch the process to
   'cvs' virtual user (hard-coded in sources !)

 - commit are controlled with CVSROOT/avail and the well-known set of
   Perl scripts (commitcheck, installed in commitinfo.

   So there is only one file to manage with CVS currently: the avail

 My objections about SSH:

 - SSH needs a system user per human user and it is too much job to

 - SSH needs to generate certificats and install public keys. It is
   the only way to use SSH with WinCVS - another "too much job" for

 As you can see, I clearly separate authentication (SMB PAM) and
 authorization (commitinfo).

 It works well except to control update access (checkout, update,
 export) and maybe tag commands. A way to correct that: create a
 system group per project (aka module) and add programmatically (after
 authentication) the real user's groups to the 'cvs' system user to
 control update access with group level.  But that is another
 My issue now concerns clear text passwords on the network.

Yves Martin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]