Re: Proposal: have client CVS send remote username to server CVS

[Alexey Mahotkin]

>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:

>> connection/keys/whatever it is using the proper private key (in
>> other >words, a private key with a corresponding & appropriate
>> public key already known to >the server).

NLY> No, this doesn't guarantee it.  For example, if the OpenSSH
NLY> client sent this info over the server, I can build OpenSSH in
NLY> such a way that it will always send the wrong info over.  I'll
NLY> still have proper keys and everything, but the username info will
NLY> have been spoofed.

If OpenSSH client will always send wrong info (I mean username and
password here), then cvs-server will never authenticate it ;)

--alexm