Re: autentication

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gleidson Sá Barreto <address@hidden> writes:

> I dont undestand why many people use Pserver if
> ext-ssh is more secury.

Either do I.

> What is advantages of the Pserver?

I have to assume it is mostly over worked administrators. They can
enable it without needing to setup host accounts for all of their cvs
users.

However, they now need to do separate password management and they still
need to maintain unique userids for the cvs commits (well, the feature
branch allows them to use PAM-based authentication if they want to, but
why would a security-minded administrator want yet another application
that could cause an attach against passwords on the system?)

They also need to worry that some future exploit of cvs will be a root
exploit as the cvs pserver stuff starts life out of the inetd
configuration as a 'root' user.

The only benefit I can see for :pserver: is that it is simpler to grant
anonymous read-only access to a repository. It is still possible to do
given :ext:, but requires a bit more work by an administrator in this
case.

I would be completely in favor of removing :pserver: support from cvs.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFBfnYg3x41pRYZE/gRAty7AJ9wTHNEBbu8nBCEu6UKoY0eM30WWwCg0GvN
M6JwOEDg+7SFF/5WI/K0eLQ=
=Ky8R
-----END PGP SIGNATURE-----