Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Brian Smith wrote: > Well, the authentication part is there so that the server knows who the > user is. > But whether or not the user can access the repository in what way is an > authorization > issue that can be controlled by file permissions and/or the "readers" > and "writers" files in the individual repositories. It seems dangerous > to me to have non-pserver protocols use the passwd file because it makes > it too easy to allow pserver access when you don't want to (if you don't > have a passwd file, nobody can use pserver). Pserver is easy to disable - just delete the protocol (eventually all protocols will be able to be disabled via the control panel anyway). Extending the passwd file with a 'valid protocols' field is also in the back of my mind somewhere. > I believe that traditionally (on unix), :gserver: and :kserver: modes > have never sent the root in the authentication request because they have > never used the passwd file, so they never needed to tell the server what Certainly when encrypting it's good to have the option (I should probably call check_repository_password on the 'root' request to allow this). However the check is a good one. You don't want multiple files for user authentication... there already is one (passwd) and it serves its purpose. Tony _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs