[cvsnt] cvs login should only work with PSERVER (was: Trouble remotely checking out files from the CVS server)

Tony Hoyle tony.hoyle at march-hare.com
Sat Mar 22 20:25:27 GMT 2008

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Arthur Barrett wrote:
> cvs login should only work with PSERVER - it was only ever intended to
> be a 
> pserver function.  Using it with SSPI and SSH is unnecessary and can
> lead to 
> security problems.

News to me... It's needed for SSPI over VPN where you don't have direct 
access to the domain, and the use with SSH is precisely because using 
certificates is such a pain in the neck (and hard to explain for a lot 
of people).  That's why login is designed to be multiprotocol from the 

IMO if the local machine is compromised you're hosed anyway.. someone 
can just install a keylogger/compromised client/whatever.  If it isn't, 
the registry is good enough.

On Unix the same is true - SSH trusts the local directory enough to be 
able to store authentication certificates in it... and those have the 
ability achieve passwordless login.

 > user (which perhaps ought to be restricted somewhat anyway) and for SSH
 > it has
 > no benefit at all (CVSNTAGENT should be used).

Cvsagent is unrelated to SSH.  It's simply a temporary reposotory of 
passwords - it works fine with pserver too.

By all means recommend people use the agent.. but removing the login 
functionality is going to kill the usage for a lot of people... 
including me!


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook