[cvsnt] may be bug? encryption required:
Julian Brierley
JulianBrierley at hotmail.com
Wed Jul 21 12:05:42 BST 2004
Rune Christensen wrote:
> Hello
>
> If I remember correctly you can delete the pserver_protocol.dll and after
> that it will not be possible to use pserver to log on to a Windows CVSNT
> Server.
>
> Cheers
> Rune
>
>
>>-----Original Message-----
>>From: cvsnt-bounces at cvsnt.org
>>[mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Gennady G. Marchenko
>>Sent: Wednesday, July 21, 2004 9:29 AM
>>To: cvsnt at cvsnt.org
>>Subject: [cvsnt] may be bug? encryption required:
>>
>>
>>I set
>>encryptionlevel=4
>>and windows client after attempt connection to cvs server
>>(pserver method) say:
>>"This server requires an encrypted connection"
>>It's ok, but when I connect to cvs server from cvsnt (linux)
>>with pserver method login operation successfuly end without errors.
>>
>>My task: close unecrypted connection for win and *nix clients.
>>
>>Gennady.
>>_______________________________________________
You can remove the pserver_protocol DLL and stop the login.
However my understanding is that a client which attempts a pserver login
will send the trivially encoded password to the server in the BEGIN AUTH
REQUEST before the server is able to refuse the login.
Therefore if you want your passwords to only be securely transmitted
tell your users not to attempt a pserver login.
sserver encrypts all information after the initial BEGIN SSL AUTH
REQUEST connection string.
See http://www.cvsnt.org/cvsclient/Connection-string.html
Julian
More information about the cvsnt
mailing list