Date: 01 Jun 2001 15:47:00 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Brian Behlendorf <brian@collab.net> Cc: Alex Holst <a@area51.dk>, <freebsd-security@FreeBSD.ORG> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <xzpvgmgwbvv.fsf@flood.ping.uio.no> In-Reply-To: <Pine.BSF.4.31.0105311840420.52261-100000@localhost> References: <Pine.BSF.4.31.0105311840420.52261-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Behlendorf <brian@collab.net> writes: > On Fri, 1 Jun 2001, Alex Holst wrote: > > I was surprised when I read about the compromise, because it gives the > > impression that people are still using passwords (as opposed to keys > > with passphrases) for authentication in this day and age. Is that > > correct? If so, why is that? > CVS pserver. You don't need passwords to run CVS against a remote repository. All you need is 'CVSROOT=user@server:/path/to/repo' and 'CVS_RSH=ssh'. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvgmgwbvv.fsf>