Password authentication server Password authenticated Password authentication security
Before connecting to the server, the client must log in with the command cvs login
. Logging in
verifies a password with the server, and also records
the password for later transactions with the server.
The cvs login
command needs to know the
username, server hostname, and full repository path,
and it gets this information from the repository
argument or the CVSROOT
environment variable.
cvs login
is interactive --- it prompts for a
password:
cvs -d :pserver:bach@chainsaw.yard.com:/usr/local/cvsroot login CVS password:
The password is checked with the server; if it is
correct, the login
succeeds, else it fails,
complaining that the password was incorrect.
Once you have logged in, you can force CVS to connect directly to the server and authenticate with the stored password:
cvs -d :pserver:bach@chainsaw.yard.com:/usr/local/cvsroot checkout foo
The `:pserver:
' is necessary because without it,
CVS will assume it should use rsh
to
connect with the server (see Connecting via rsh).
(Once you have a working copy checked out and are
running CVS commands from within it, there is no
longer any need to specify the repository explicitly,
because CVS records it in the working copy's
`CVS
' subdirectory.)
Passwords are stored by default in the file
`$HOME/.cvspass
'. Its format is human-readable,
but don't edit it unless you know what you are doing.
The passwords are not stored in cleartext, but are
trivially encoded to protect them from "innocent"
compromise (i.e., inadvertently being seen by a system
administrator who happens to look at that file).
The password for the currently choosen remote repository
can be removed from the CVS_PASSFILE by using the
cvs logout
command.
The CVS_PASSFILE
environment variable overrides
this default. If you use this variable, make sure you
set it before cvs login
is run. If you
were to set it after running cvs login
, then
later CVS commands would be unable to look up the
password for transmission to the server.