[cvsnt] impersonation and pserver failures (continued)

Glen Starrett grstarrett at cox.net
Thu Jul 17 01:27:54 BST 2003


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


> 1. How important is it REALLY to have separate pserver logins? I don't
> think anyone is really going to sit outside of our building
> with a protocol
> sniffer waiting for the change to capture our source code. It
> also looks to
> me like the passwords which are stored are encrypted with
> something like
> the Unix crypt utility, so they are at least as secure as the Unix
> passwords themselves.

IMHO, It's really a judgment call on your tolerance of risk.  pserver has
poor encryption but works with lots of client types (Win32, *nix, Mac, ...),
and it works over the Internet.  sspi is a much better choice, but it
requires a Win32 client.  pserver's passwords, if sniffed, can be cracked.
If that same password is the domain password then you are risking a break-in
to your network.  If you are only using CVS internally on your local
networks then I woudn't worry about it and just use something convenient
that is reasonably secure (let the Win32 users have sspi and let everyone
else use pserver).

SSH is another alternative.  (I believe) it offers superior password
encryption, works over the internet, and works with a number of client
types.  It uses pserver password file though so you still need to get
pserver working first.

> 2. Could someone actually write a clear and detailed document
> giving the
> procedure for actually setting up local users, impersonation,
> etc. so that

I haven't ever used pserver with CVSNT, sorry I can't help there.  Do search
the archives here though because I've seen others discussing it from time to
time.

> I would also be happy to collate and correct so that there is a single
> correct document which describes how to get CVSNT up and
> running. There are
> many manuals now, telling many stories, some of which remain
> true, some of
> which are now outdated, and some of which were always just
> plain wrong.

I agree.  I documented my Win32 / sspi-only setup in the CVSNT wiki for the
same reasons [ but that won't help you much in this case ].

Regards,

Glen Starrett




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook