Password authentication client
Password authenticated
Password authentication client
Password authenticated
The passwords are stored on the client side in a trivial encoding of the cleartext, and transmitted in the same encoding. The encoding is done only to prevent inadvertent password compromises (i.e., a system administrator accidentally looking at the file), and will not prevent even a naive attacker from gaining the password.
The separate CVS password file (see Password authentication server) allows people to use a different password for repository access than for login access. On the other hand, once a user has non-read-only access to the repository, she can execute programs on the server system through a variety of means. Thus, repository access implies fairly broad system access as well. It might be possible to modify CVS to prevent that, but no one has done so as of this writing. Furthermore, there may be other ways in which having access to CVS allows people to gain more general access to the system; no one has done a careful audit.
Note that because the `$CVSROOT/CVSROOT' directory
contains `passwd' and other files which are used
to check security, you must control the permissions on
this directory as tightly as the permissions on
`/etc'. The same applies to the `$CVSROOT'
directory itself and any directory
above it in the tree. Anyone who has write access to
such a directory will have the ability to become any
user on the system. Note that these permissions are
typically tighter than you would use if you are not
using pserver.
In summary, anyone who gets the password gets repository access, and some measure of general system access as well. The password is available to anyone who can sniff network packets or read a protected (i.e., user read-only) file. If you want real security, get Kerberos.
Password authentication client
Password authenticated