Many thanks for the explanation. I will look into SSH. Are there any more
detailed reference for configuring/using SSH with CVS?
On another topic, I get following message:
Must be attached to terminal for 'am I' option
How can I get rid of this? Thanks again.
regards,
ls
[EMAIL PROTECTED] (Greg A. Woods) wrote:
[ On , July 2, 1900 at 00:51:37 (JST), lucky seven wrote: ]
Subject: support cvs login for rsh mode?
It would be nice to support cvs login for :ext: same as :pserver: , that
is, a
new line will generate in HOME/.cvspass for accessing via ext and that
line
will be removed at cvs logout. Due to security reason, .rhosts is not
allowed.
Ah, no, it wouldn't actually. Doing so would again make CVS the weak
link in whatever security they provide.
Any external remote execution facility will supply its own method of
eliminating user interaction during authentication, if that should be
safe to do given the style of authentication.
Certainly rsh and all versions of ssh provide such mechanisms currently
so there's definitely no need to make CVS the weak link in them.
If ~/.rhosts is not allowed in your environment and yet you're still
using RSH then you've got some seriously brain-damaged security people!
The only major loop-hole in the ~/.rhosts facility is that it allows
ordinary users to grant authorisation to other users. However if your
site is auditing for the presence of ~/.rhosts files then they can just
as easily audit their contents and thus prevent such a loop-hole with no
additional added risk (and in fact in some scenarios the overall risks
go *WAY* down when you allow ~/.rhosts because people stop typing their
passwords in the clear -- in fact forcing ~/.rhosts can be enormously
more secure than plain old telnet (it all depends on your exact
circumstances of course, including what threats you face).
Indeed if your site is not allowing ~/.rhosts then they certainly won't
allow a ~/.cvspass for RSH! (at least not so long as they have two
functioning neurons to rub together! ;-)
You should probably switch to SSH in any case though.
--
Greg A. Woods
+1 416 218-0098 VE3TCP [EMAIL PROTECTED] robohack!woods
Planix, Inc. [EMAIL PROTECTED]; Secrets of the Weird [EMAIL PROTECTED]
Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.