Password authentication server Password authenticated Password authentication security
Before connecting to the server, the client must log in with the command
cvs login. Logging in
verifies a password with the server, and also records
the password for later transactions with the server.
cvs login command needs to know the
username, server hostname, and full repository path,
and it gets this information from the repository
argument or the
CVSROOT environment variable.
cvs login is interactive --- it prompts for a
cvs -d :pserver:firstname.lastname@example.org:/usr/local/cvsroot login CVS password:
The password is checked with the server; if it is
login succeeds, else it fails,
complaining that the password was incorrect.
Once you have logged in, you can force CVS to connect directly to the server and authenticate with the stored password:
cvs -d :pserver:email@example.com:/usr/local/cvsroot checkout foo
:pserver:' is necessary because without it,
CVS will assume it should use
connect with the server (see Connecting via rsh).
(Once you have a working copy checked out and are
running CVS commands from within it, there is no
longer any need to specify the repository explicitly,
because CVS records it in the working copy's
Passwords are stored by default in the file
$HOME/.cvspass'. Its format is human-readable,
but don't edit it unless you know what you are doing.
The passwords are not stored in cleartext, but are
trivially encoded to protect them from "innocent"
compromise (i.e., inadvertently being seen by a system
administrator who happens to look at that file).
The password for the currently choosen remote repository
can be removed from the CVS_PASSFILE by using the
cvs logout command.
CVS_PASSFILE environment variable overrides
this default. If you use this variable, make sure you
set it before
cvs login is run. If you
were to set it after running
cvs login, then
later CVS commands would be unable to look up the
password for transmission to the server.