[cvsnt] CVSNT protocols
dsomers at omz13.com
Wed Dec 27 12:38:49 GMT 2006
Andrea Polci wrote:
> I'm looking for some documentation on the many protocols supported by
> CVSNT (pserver, sspi, sserver, etc.).
> Actually I'm using pserver autentication method, and would like to know
> pros and cons of the other authentication methods.
> I've tried to google abut this but wasn't able to find anything
> exhaustive. Can anyone help me?
pserver is an insecure protocol... authentication and data is sent plain.
Passwords could be very easily sniffed. Use only in a LAN where you trust
everybody and every host on your network.
sserver is more-or-less the same as pserver, except that the authentication
and data is sent over an SSL-secured channel.
With sspi the authentication credentials are done by exchanging SSPI tokens
and other such stuff... and is considered secure(ish) against password
sniffing... the data may or may not be encrypted.
gserver... same again, but using kerberos-based credentials.
In simple terms, if you clients are windows-based, stick to :sspi:,
otherwise use :sserver:.
David Somers - typographer/programmer/whatever
Random and sometimes useful stuff blogged at http://www.omz13.com
More information about the cvsnt