Re: CVSROOT/passwd enhancements

Tue, 23 May 2000 16:57:59 -0700 

Does anyone know how hard it would be to implement a PAM interface?  That
should leave things pretty extensible...

Derek

--
Derek Price                      CVS Solutions Architect
mailto:[EMAIL PROTECTED]     OpenAvenue ( http://www.OpenAvenue.com )
--
Life in a vacuum sucks.





Chris Cameron wrote:

> On Wednesday, May 24, 2000 7:40 AM, Larry Jones [SMTP:[EMAIL PROTECTED]]
> wrote:
> > I'm considering making some enhancements to the CVSROOT/passwd file
> > format and I'd like people's opinions:
> >
> > First, I'd like to interpret "*" in the password field as "the system
> > password for this user".  That would allow people who are not concerned
> > with network security to use system passwords along with user mapping.
> > For example, one could have a CVSROOT/passwd that looked like:
> >
> >       john:*:cvsadmin
> >       lisa:*:cvsadmin
> >       bill:*:cvsuser
> >       anne:*:cvsuser
> >
> > instead of having to give everyone separate CVS passwords or copy their
> > system passwords into CVSROOT/passwd and then having to worry about
> > keeping them in sync.
> >
> > Second, I'd like to interpret "*" in the username field as "any system
> > user".  That would allow even more simplification -- for example:
> >
> >       *:*:cvsuser
> >
> > could be used to allow any system user to run CVS; or
> >
> >       *:asdfghjklqwer:nobody
> >
> > could be used to allow anyone who knows the password to run CVS.
> >
> > An interesting side-effect of these changes is that the SystemAuth
> > config option would no longer be needed:
> >
> >       *:*
> >
> > is equivalent to SystemAuth=yes, and
> >
> >       *:x
> >
> > (or any other impossible password) is equivalent to SystemAuth=no.  This
> > has the added advantage of keeping all the password-related stuff in one
> > place.
> >
>
> We went to the password file because cvs running as any user except root
> couldn't read the shadow file to verify passwords.  This would not change
> the logic of your changes, but it could reduce the applicability.
>
> ***************************************************************
> Chris Cameron                    Open Telecommunications NZ Ltd
> Software Development Team Leader
> [EMAIL PROTECTED]                           P.O.Box 10-388
>       +64 4 495 8403 (DDI)                          The Terrace
> fax:  +64 4 495 8419                                 Wellington
> cell: +64 21 650 680                                New Zealand
> Life, don't talk to me about life ....(Marvin - HHGTTG)

Reply via email to