Re: Proposal: have client CVS send remote username to server CVS

[Alexey Mahotkin]

>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:

>>  If OpenSSH client will always send wrong info (I mean username and
>> password here), then cvs-server will never authenticate it ;)

NLY> I think we're arguing different points here.  My point is that
NLY> the OpenSSH client can send over a valid CVS username and
NLY> password.  It's just that the username/password doesn't belong to
NLY> the client.  

I can't understand how you can call "valid" u/p that do not belong to
the client.  Who thinks of them as valid? 

Hm.  Probably I've been a little incosistent in previous letter.  Yes, 
you need _two_ passwords, one for ssh and and another for pserver.
But the first password is rather irrelevant to CVS. 

NLY> IOW, it doesn't protect against non-repudiation.

Huh?  Sorry, I've looked up the word in dictionary, but it didn't make
the phrase clearer.  That's just my English terminology problem.  And
the abbreviation is unknown to me...

--alexm

P.S.: Derek, could you please make any conclusion or summary out of
our long enough and learned enough dispute? ;)