Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Looking for c source code to generate cvs passwords



>>>>> "Jake" == Jake Morrison <jake_morrison@example.com> writes:

    Jake> Yes, the passwords stored in .cvslogin are trivially
    Jake> encoded, as they need to be sent to the server in
    Jake> cleartext. But the passwords on the server are in crypt
    Jake> format.

It's been, er, 3.5 years since I last set a password in my pserver, I
forgot about the DIY aspect of setting the password (I see from my
notes that I did adduser tempcvs; for NEWCVSUSER in ...; do passwd
tempcvs; fgrep tempcvs /etc/passwd | sed -e 's/tempcvs/$NEWCVSUSER/'
>> CVSROOT/passwd; done; deluser tempcvs :^).

Which is all very pointless (CVSROOT/passwd is the _strongest_ link in
this chain, users are far more likely to have insecure .cvslogin, not
to mention the network), but who cares.

For Anthony, the sensible thing to do is to use the ext server with
ssh, and set the group of untrusted users to something innocuous.  The
only problem I can think of is if he's got a OSF/1 server or Mac
users, our gikans were claiming that (a) ssh doesn't compile on that
OS and (b) there are no decent ssh packages for the Mac (I think
"decent" meant "free beer" free).

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links