[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM authentication patch - v2
From: |
Mark D. Baushke |
Subject: |
Re: PAM authentication patch - v2 |
Date: |
Wed, 16 Apr 2003 00:54:05 -0700 |
Brian Murphy <brian@murphy.dk> writes:
> Mark D. Baushke wrote:
>
> >I doubt I can convince you of how evil it is to send passwords in the
> >clear for your :pserver: connections to cvs. I just shudder to think of
> >folks seeing that cvs support PAM and thinking for some reason that it
> >is not leaking their passwords in a large number of ways.
> >
> >
> PAM also works with telnet. I don't think anyone thinks a PAM enabled login
> via telnet is any more secure than an ordinary passwd based login.
Some telnet versions allow for encryption either using SSL or are
GSSAPI-based.
In addition, there are many security pages documenting the 'evils' of
using telnet and suggesting that all right-minded people move to a
secure remote connection mechanism of some kind.
It should also be noted that folks have spend a bit of effort trying to
remove security flaws from telnet and telnetd and that a similar such
effort has not been contemplated for cvs which is inherently NOT secure.
-- Mark
- Re: PAM authentication patch - v2, (continued)
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/15
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/15
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/15
- Re: PAM authentication patch - v2, Kevin Wang, 2003/04/15
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/15
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/16
- Re: PAM authentication patch - v2,
Mark D. Baushke <=
- Re: PAM authentication patch - v2, Larry Jones, 2003/04/16
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/16
- Re: PAM authentication patch - v2, Mark D. Baushke, 2003/04/16
- Re: PAM authentication patch - v2, Larry Jones, 2003/04/16
- Re: PAM authentication patch - v2, Derek Robert Price, 2003/04/16
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/16
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/16
- Re: PAM authentication patch - v2, Derek Robert Price, 2003/04/16
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/16
- Re: PAM authentication patch - v2, Brian Murphy, 2003/04/17