[Cvsnt] Permissions for changing files in module
Tony Hoyle
tmh at nothing-on.tv
Wed Feb 20 16:46:48 GMT 2002
On Wed, 20 Feb 2002 09:53:45 +0000 (UTC), "Koen" <no at ssppaamm.com>
wrote:
>1. Make a user account on the domain (or local computer) for each CVS user
OK
>2. Use pserver protocol with impersonation
>No ntserver protocol, because: (1) in that case the NT passwords must be
>sent over the net and they are easily decrypted, and (2) we also need to
>access the repository from Linux machines...
If you're that bothered about security then pserver is the *worst*
protocol to choose as the passwords are trivially decrypted. Kerberos
or SSH are needed for that level of security. sspi is a good middle
ground - you can in theory crack the NT passwords (they're MD5'd I
believe) but it would take a couple of weeks on a fast machine
provided you don't use passwords that aren't susceptible to a
dictionary attack.
>3.Use a passwd file to control who has access to the repository
>So: each user on the domain has two passwords to remember: his domain
>password and his CVS password.
>And only the administrator can set the password, not the user himself...
>In the passwd file this will look like:
> user1:CVSPassword:user1
> user2:CVSPassword:user2
Users can set their own passwords using 'cvs passwd'.
>4. use NTFS permissions to control access over files/directories (this can
>only be done by the CVS administrator...)
OK
Tony
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list