Re: Proposal: have client CVS send remote username to server CVS

[Alexey Mahotkin]

>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:

>> ???????????  You surely _have_ to demand second password, and to
>> authenticate against separate list of cvs users and I think that I
>> look stupidly trying to explain evident.

NLY> A second password isn't that much more secure than two passwords
NLY> (otherwise we'd all be logging in with two passwords into all our
NLY> systems).  

No one says that two passwords are needed :) That's just _you_ need
the first password to establish ssh-protected channel.  You could do
the same with SSL (using public keys).  Or, you could just give out
the password for 'cvsuser' for everyone to setup their tunnel and to
authenticate with pserver over it.  Yes, it seems like you really
could.

NLY> If you really wanted to protect yourself: 1. You
NLY> wouldn't allow many-to-one user mappings at all.  

Why not?  Who cares about the real system account that cvs-server runs
under?  And if you'll implement ACLs in CVS, then you could completely
forget about the system accounts (as I've almost did).

NLY> 2. You shouldn't be using CVS since you don't trust your developers.

That's not an option ;)

--alexm