[CLUE-Admin] Anonymous CVS Access
Jed S. Baer
thag at frii.com
Sat Jan 24 14:55:24 MST 2004
On Fri, 23 Jan 2004 17:41:14 -0700
CLUE President <president at clue.denver.co.us> wrote:
> It sounds like one method may be to encrypt a null string. So, for
> kicks, I used apache's htpasswd file to generate an anonymous user with
> blank for a password -- i.e., I just hit return when prompted:
>
> $ /usr/bin/htpasswd -c test anonymous
> New password:
> Re-type new password:
> Adding password for user anonymous
>
> And to my surprise, there is an encrypted string in my 'test' file:
>
> $ cat test
> anonymous:1U/4BN3Z1tgDM
>
> Try pasting in the value after : into the passwd file for the 'password'
> of the anonymous user., e.g.,
>
> anonymous:1U/4BN3Z1tgDM:pubcvs
> and I bet it will work.
I had thought of trying that too. Thanks for the htpasswd tip though.
Encrypting a null string seems such a kludge that I find it hard to
believe that all the sites allowing anonymous CVS access are doing it --
without there being obvious mention of it.
OK, I just found it. It's a change from CVS 1.10 to 1.11. Only 1.11 allows
empty-string in the passwd file to match anything entered. So, until we
upgrade CVS, the only way to allow anyone read-only access would be to use
the empty-string or publish a password for anonymous.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list