[Cvsnt] Re: user-aliases ? - PARTIALLY WORKING NOW
Tony Hoyle
tmh at nothing-on.tv
Fri Apr 5 10:12:48 BST 2002
Brian Smith wrote:
> Well, the authentication part is there so that the server knows who the
> user is.
> But whether or not the user can access the repository in what way is an
> authorization
> issue that can be controlled by file permissions and/or the "readers"
> and "writers" files in the individual repositories. It seems dangerous
> to me to have non-pserver protocols use the passwd file because it makes
> it too easy to allow pserver access when you don't want to (if you don't
> have a passwd file, nobody can use pserver).
Pserver is easy to disable - just delete the protocol (eventually all
protocols will be able to be disabled via the control panel anyway).
Extending the passwd file with a 'valid protocols' field is also in the
back of my mind somewhere.
> I believe that traditionally (on unix), :gserver: and :kserver: modes
> have never sent the root in the authentication request because they have
> never used the passwd file, so they never needed to tell the server what
Certainly when encrypting it's good to have the option (I should
probably call check_repository_password on the 'root' request to allow
this). However the check is a good one. You don't want multiple files
for user authentication... there already is one (passwd) and it serves
its purpose.
Tony
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list