bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: System password authentication


From: Kevin Wang
Subject: Re: System password authentication
Date: Mon, 14 Apr 2003 15:11:16 -0700
User-agent: Mutt/1.4i

 From Larry Jones
> > I think code that
> > impliments security should be very simple - this code is not.
> 
> I agree that the code should be as simple as possible, but I don't think
> you can make it much simpler without changing CVS's authorization
> scheme.  In theory, I agree with Gregg Woods that CVS shouldn't be in
> the authentication business at all, but given that it already is, I'm
> not inclined to remove it since there are valid uses (although only on a
> reasonably secure intranet with trusted users).  You are, of course,
> welcome to submit a patch if you think you can do better.

question: how about making the authentication step a separate external
program that returned an exit code of 0 or 1 to indicate successful
authentication (and perhaps other error codes to indicate temporary
failure, etc)

and then cvs could come with a few programs that you could plug in;
one for regular passwd, one for pam, or write your own?

for security, you obviously don't want to send the user/passwd on the
command line, but how about as writes down a pipe?

Not sure how well that would port to windows, though.

   - Kevin




reply via email to

[Prev in Thread] Current Thread [Next in Thread]