[cvsnt] Questions about sserver protocol
Jonathan Belson
jon at witchspace.com
Wed May 18 12:39:16 BST 2005
Hiya
Since 'pserver' has a reputation for being relatively insecure
(transmitting passwords in unencrypted form), I've been looking at the
other protocols which cvsnt supports. My main concern is to prevent
unauthorized access, but encrypting the data is important too.
For various reasons I can't use 'ssh', so I've been playing with
'sserver'. Since hard and fast information on 'sserver' is hard to come
by, I have a few questions which I'm hoping someone can answer for me:
1. Does 'sserver' encrypt the password when logging on to a cvs server?
2. Does 'sserver' only use encryption if 'EncryptionLevel' is set to
'4'? Does setting '4' imply '3', too?
3. I created a certificate and key as described in 'InstallationLinux'
section 1.9. I added references to these in PServer (CertificateFile
and PrivateKeyFile), but I found I could still log into the cvs server
without making the certificate available to the client. Does the client
actually need a copy of the certificate, or is it all handled by the server?
Regards,
--Jon
http://www.witchspace.com
More information about the cvsnt
mailing list