Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Wed, 20 Feb 2002 09:53:45 +0000 (UTC), "Koen" <no at ssppaamm.com> wrote: >1. Make a user account on the domain (or local computer) for each CVS user OK >2. Use pserver protocol with impersonation >No ntserver protocol, because: (1) in that case the NT passwords must be >sent over the net and they are easily decrypted, and (2) we also need to >access the repository from Linux machines... If you're that bothered about security then pserver is the *worst* protocol to choose as the passwords are trivially decrypted. Kerberos or SSH are needed for that level of security. sspi is a good middle ground - you can in theory crack the NT passwords (they're MD5'd I believe) but it would take a couple of weeks on a fast machine provided you don't use passwords that aren't susceptible to a dictionary attack. >3.Use a passwd file to control who has access to the repository >So: each user on the domain has two passwords to remember: his domain >password and his CVS password. >And only the administrator can set the password, not the user himself... >In the passwd file this will look like: > user1:CVSPassword:user1 > user2:CVSPassword:user2 Users can set their own passwords using 'cvs passwd'. >4. use NTFS permissions to control access over files/directories (this can >only be done by the CVS administrator...) OK Tony _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs