|
From: | Tony Hoyle |
Subject: | Re: [Cvs-dev] Re: cvs-passwd patch |
Date: | Mon, 25 Sep 2006 19:03:23 +0100 |
User-agent: | Mozilla Thunderbird 1.0.7 (Windows/20050923) |
Mark D. Baushke wrote: > I think the CVSNT folks would likely have some input on this situation > as they have had a method in place for changing a password for a long > time. Tony? Have you any wisdom for us?
1) How does a CVS aministrator disable users changing passwords if that is their local policy?
At the moment CVSNT doesn't do this internally but you can disable anything with a precommand script (we're looking at introducing fine grained permissions in the future).
2) How does a CVS administrator ensure that the 'anonymous' login (if any) does not have the password changed by a malicious user? This same question may apply to other administrative accounts such as is used by the wandisco folks.
You need write access to the repository to change a password. You can only change your own password unless you're a repository administrator.
In the normal case the anonymous user is in the readers file so has no access to the passwd command. We strongly encourage read/write access to be done via non-pserver protocols such as ssh (on unix) or sspi (on windows) - although this isn't always possible, of course. In practice it hasn't been an issue (and again a precommand script could fix the corner cases if they happened).
3) How does a CVS administrator detect if someone is using a dictionary attack against :pserver: and what records, if any, are to be kept that a particular user did change their password?
cvsnt has an audit plugin that logs every command to a database along with source IP, time, etc. so such things could be caught. Nobody has written any kind of IDS plugin to use that data to detect an attack but I don't imagine it would be that hard.
Tony
[Prev in Thread] | Current Thread | [Next in Thread] |