>--- Forwarded mail from Greg Woods >> 2. Using SSH requires giving the users a unix account on >> the server, rather than pserver's per-repository user >> list.
>Duh. If you're doing authentication and authorisation on a unix-based >file server then you MUST, _M_U_S_T_ use a unique system account for >ever real-world user or else you might as well not use any >authentication whatsoever. Pserver has NO accountability from the >system's point of view. None whatsoever. Don't use pserver. Ever. What I don't understand is why it's necessary to give people accounts on a system in order to permit them to store data on them. Take database servers, for example, which rely on the applications to authenticate and pass along the identity of users to be recorded faithfully by the engine. The trick there is the make sure that the connection to the client is secure, but you don't need individual user accounts for that. While I agree that on MY systems I really do want to record the user IDs of real users with my data, but I can think of several reasons to keep an application-specific user database that's separate from the operating system's and keep a very small user database to provide tighter control over access to the actual machine. >--- End of forwarded message from [EMAIL PROTECTED] _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
