On 7/15/06, Duncan Murdoch <murdoch@stats.uwo.ca> wrote:
> On 7/15/2006 11:19 AM, Les Mikesell wrote:
>
> > There are two real issues with plaintext passwords even if you
> > trust the adminstrator. One is that vulnerabilities happen and
> > files end up in the wrong hands in spite of the best intentions.
> > The other is that it is human nature to reuse passwords. Even
> > if you trust the admin with access to the subversion files you
> > may not trust him to have access to other unrelated accounts
> > where you might have used that same password.
>
> David Anderson just posted some good advice: have the admin randomly
> generate the password and tell it to the user. (svnserve requires the
> admin to enter the password into the config file, so the admin may as
> well generate it).
and this is the place where I say I will whip up a little script to do
it automatically
without editing passwd by hand and then sending the user the password per mail.
depending on how long it will take for SASL to be included in an
official release I
might as well implement some cron-job which checks for the passwd's
each creation timestamps and after 30/60/90days changes that one
password for that user and mails the new one. I like this solution.
btw, if there is something like that already available tell me, to
prevent duplication.
PS: my initial idea with base64 was based on the assumption that the
user creates a base64 text of his new passwd, mails that to the admin
and she then uses that as input to the passwd-update.sh/.py/.rb
script. the whole purpose was for the admin not to see the password by
reading his inbox and not typing it by hand into passwd.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 15 19:18:41 2006