A number of protocols are defined at this time. They are recognised at the server by their connection strings:
BEGIN GSSAPI REQUEST
Connection is authenticated using GSSAPI/Kerberos5. No END or username/password/root strings are sent.
BEGIN AUTH REQUEST
Connection is authenticated using the traditional cvs pserver. Username/password/root are sent as above and the login sequence is terminated with END AUTH REQUEST
BEGIN VERIFICATION REQUEST
As pserver, but the server drops the link as soon as username authentication is finished. Terminated with END VERIFICATION REQUEST
BEGIN SSL AUTH REQUEST
As pserver, but the entire session from the BEGIN until the termination of the connection is encrypted using SSL.
BEGIN SSL VERIFICATION REQUEST
As pserver, but the server drops the link as soon as username authentication is finished. Terminated with END SSL VERIFICATION REQUEST
Authentication is provided by the SSPI subsystem on win32 systems. The begin sequence is followed by a comma separated list of SSPI authentication mechanisms. The server then replies with the list of mechanisms it supports. The current implementation uses the SSPI Negotiate mechanism if it's available, otherwise uses NTLM. No username/password it sent during the login as the subsystem handles the authentication.