[EMAIL PROTECTED] on 2000.07.17 17:11:16
>Hm. Do you REALLY speak of scheme where:
>
>- client says 'ssh [EMAIL PROTECTED]', and says real password
>for 'cvsuser' (that's system account on server machine);
>
>- server says ok, welcome;
>
>- client says, 'oh, wait, could you please forget about what I've said
>first time, that's just you wouldn't let me in otherwise, but let me
>introduce myself for real now: I am 'dave'. Just 'dave', without any
>words to pass you.
>
>- 'oh,' says server, 'I too was slightly surprised when someone said
>he's 'CVS User', such funny name. Pleased to meet you, Dave, come in.
Yes.
>??????????? You surely _have_ to demand second password, and to
>authenticate against separate list of cvs users and I think that I
>look stupidly trying to explain evident.
A second password isn't that much more secure than two passwords (otherwise we'd
all be logging in with two passwords into all our systems). If you really
wanted to protect yourself:
1. You wouldn't allow many-to-one user mappings at all.
2. You shouldn't be using CVS since you don't trust your developers.
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
