Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
Arthur Barrett wrote: > > cvs login should only work with PSERVER - it was only ever intended to > be a > pserver function. Using it with SSPI and SSH is unnecessary and can > lead to > security problems. News to me... It's needed for SSPI over VPN where you don't have direct access to the domain, and the use with SSH is precisely because using certificates is such a pain in the neck (and hard to explain for a lot of people). That's why login is designed to be multiprotocol from the start. IMO if the local machine is compromised you're hosed anyway.. someone can just install a keylogger/compromised client/whatever. If it isn't, the registry is good enough. On Unix the same is true - SSH trusts the local directory enough to be able to store authentication certificates in it... and those have the ability achieve passwordless login. > user (which perhaps ought to be restricted somewhat anyway) and for SSH > it has > no benefit at all (CVSNTAGENT should be used). Cvsagent is unrelated to SSH. It's simply a temporary reposotory of passwords - it works fine with pserver too. By all means recommend people use the agent.. but removing the login functionality is going to kill the usage for a lot of people... including me! Tony