[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cvs security - ssh vs pserver?

begin: Joey Hess <joey@kitenet.net> quote
> Peter Jay Salzman wrote:
> > i just found out that using method 2, you can't assign a shell of /bin/false.
> > cvs won't work.   so option 2 also means "giving a shell account on my
> > machine".
> 
> Read http://kitenet.net/programs/sshcvs
> 
> > any thoughts?  is pserver really as insecure as dpkg claims in the
> > configuration of the package?
> 
> It uses plain-text passwords, which is pretty insecure, yes.
 
joey, i have no problem with plain text passwords.

just as long as they can't get _shell access_ with that password.

one more question -- i gave that URL a brief read.  it's not clear that this
method allows people to import changes to the their local copy.   does it?

please excuse my newbieness.  i /just/ learned how to use cvs a few days ago.
i'm still struggling with concept and terminology.

thanks.
pete

-- 
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
PGP Public Key:  finger p@dirac.org
Reply to: