Re: Proposal: have client CVS send remote username to server CVS

[Derek R. Price]

Noel L Yap wrote:

> There might've been some misunderstanding here.  After rereading my post, I
> noticed I wasn't so clear about my description of SRP.  SRP does password
> authentication without ever sending the password (either in the clear or
> encrypted) over the wire.  Instead, it uses AKE (assymetric key exchange) to
> authenticate.
>
> If this wasn't a source of misunderstand, can you explain your point "I would
> not like to see such an insecure mechanism become part of the main CVS
> executable...".

Did you or did you not specify that you wish authentication on the server side to
be based on a single username and password for all users and that a user name to
use for logging would then be sent by the client?

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED]     OpenAvenue ( http://OpenAvenue.com )
--
I am not a dentist.
I am not a dentist.
I am not a dentist...

          - Bart Simpson on chalkboard, _The Simpsons_