[EMAIL PROTECTED] on 2000.07.22 09:24:43
>>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
>
>>> but I'm fairly certain that even the people I trust implicitly can
>>> ocassionally leave their password written down in the wrong place.
>
>NLY> And do you also make sure that their .cvspass files can't be read
>NLY> (either off the filesystem or the network traffic)?
>
>That's completely orthogonal question to the issue of communication
>between client and server and to properly setting up REMOTE_USER.
I think everyone is misunderstanding the point of this proposal (and patch).
The point is that, when using pserver, CVS remembers you as the name within the
passwd file (which usually matches the client username) even though it may run
as some other user. Under client/server CVS, it'll remember you as the server
username. This proposal and patch changes the behaviour of client/server CVS
such that it acts just like pserver (without the pserver authentication --
authentication is left to .rhosts, SSH, or whatever).
Now, to have client/server CVS act more like pserver requires the client
username to be sent over to the server. The proposal has chosen to do this
through CVS, not through some other mechanism since it's extremely difficult to
securely send this info over to the server (it would require another server
that's secure from the users).
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
