Many thanks for the explanation. I will look into SSH. Are there any more
detailed reference for configuring/using SSH with CVS?
On another topic, I get following message:
Must be attached to terminal for 'am I' option
How can I get rid of this? Thanks again.
regards,
ls
[EMAIL PROTECTED] (Greg A. Woods) wrote:
> [ On , July 2, 1900 at 00:51:37 (JST), lucky seven wrote: ]
> > Subject: support cvs login for rsh mode?
> >
> > It would be nice to support cvs login for :ext: same as :pserver: , that
is, a
> > new line will generate in HOME/.cvspass for accessing via ext and that
line
> > will be removed at cvs logout. Due to security reason, .rhosts is not
> > allowed.
>
> Ah, no, it wouldn't actually. Doing so would again make CVS the weak
> link in whatever security they provide.
>
> Any external remote execution facility will supply its own method of
> eliminating user interaction during authentication, if that should be
> safe to do given the style of authentication.
>
> Certainly rsh and all versions of ssh provide such mechanisms currently
> so there's definitely no need to make CVS the weak link in them.
>
> If ~/.rhosts is not allowed in your environment and yet you're still
> using RSH then you've got some seriously brain-damaged security people!
> The only major loop-hole in the ~/.rhosts facility is that it allows
> ordinary users to grant authorisation to other users. However if your
> site is auditing for the presence of ~/.rhosts files then they can just
> as easily audit their contents and thus prevent such a loop-hole with no
> additional added risk (and in fact in some scenarios the overall risks
> go *WAY* down when you allow ~/.rhosts because people stop typing their
> passwords in the clear -- in fact forcing ~/.rhosts can be enormously
> more secure than plain old telnet (it all depends on your exact
> circumstances of course, including what threats you face).
>
> Indeed if your site is not allowing ~/.rhosts then they certainly won't
> allow a ~/.cvspass for RSH! (at least not so long as they have two
> functioning neurons to rub together! ;-)
>
> You should probably switch to SSH in any case though.
>
> --
> Greg A. Woods
>
> +1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
> Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
