On Wednesday, May 24, 2000 7:40 AM, Larry Jones [SMTP:[EMAIL PROTECTED]]
wrote:
> I'm considering making some enhancements to the CVSROOT/passwd file
> format and I'd like people's opinions:
>
> First, I'd like to interpret "*" in the password field as "the system
> password for this user". That would allow people who are not concerned
> with network security to use system passwords along with user mapping.
> For example, one could have a CVSROOT/passwd that looked like:
>
> john:*:cvsadmin
> lisa:*:cvsadmin
> bill:*:cvsuser
> anne:*:cvsuser
>
> instead of having to give everyone separate CVS passwords or copy their
> system passwords into CVSROOT/passwd and then having to worry about
> keeping them in sync.
>
> Second, I'd like to interpret "*" in the username field as "any system
> user". That would allow even more simplification -- for example:
>
> *:*:cvsuser
>
> could be used to allow any system user to run CVS; or
>
> *:asdfghjklqwer:nobody
>
> could be used to allow anyone who knows the password to run CVS.
>
> An interesting side-effect of these changes is that the SystemAuth
> config option would no longer be needed:
>
> *:*
>
> is equivalent to SystemAuth=yes, and
>
> *:x
>
> (or any other impossible password) is equivalent to SystemAuth=no. This
> has the added advantage of keeping all the password-related stuff in one
> place.
>
We went to the password file because cvs running as any user except root
couldn't read the shadow file to verify passwords. This would not change
the logic of your changes, but it could reduce the applicability.
***************************************************************
Chris Cameron Open Telecommunications NZ Ltd
Software Development Team Leader
[EMAIL PROTECTED] P.O.Box 10-388
+64 4 495 8403 (DDI) The Terrace
fax: +64 4 495 8419 Wellington
cell: +64 21 650 680 New Zealand
Life, don't talk to me about life ....(Marvin - HHGTTG)
