Next: Password authentication security, Previous: Password authentication server, Up: Password authenticated [Contents][Index]
To run a CVS command on a remote repository via
the password-authenticating server, one specifies the
pserver
protocol, optional username, repository host, an
optional port number, and path to the repository. For example:
cvs -d :pserver:faun.example.org:/usr/local/cvsroot checkout someproj
or
CVSROOT=:pserver:bach@faun.example.org:2401/usr/local/cvsroot cvs checkout someproj
However, unless you’re connecting to a public-access
repository (i.e., one where that username doesn’t
require a password), you’ll need to supply a password or log in first.
Logging in verifies your password with the repository and stores it in a file.
It’s done with the login
command, which will
prompt you interactively for the password if you didn’t supply one as part of
$CVSROOT:
cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot login CVS password:
or
cvs -d :pserver:bach:p4ss30rd@faun.example.org:/usr/local/cvsroot login
After you enter the password, CVS verifies it with
the server. If the verification succeeds, then that
combination of username, host, repository, and password
is permanently recorded, so future transactions with
that repository won’t require you to run cvs
login
. (If verification fails, CVS will exit
complaining that the password was incorrect, and
nothing will be recorded.)
The records are stored, by default, in the file $HOME/.cvspass. That file’s format is human-readable, and to a degree human-editable, but note that the passwords are not stored in cleartext—they are trivially encoded to protect them from "innocent" compromise (i.e., inadvertent viewing by a system administrator or other non-malicious person).
You can change the default location of this file by
setting the CVS_PASSFILE
environment variable.
If you use this variable, make sure you set it
before cvs login
is run. If you were to
set it after running cvs login
, then later
CVS commands would be unable to look up the
password for transmission to the server.
Once you have logged in, all CVS commands using that remote repository and username will authenticate with the stored password. So, for example
cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot checkout foo
should just work (unless the password changes on the
server side, in which case you’ll have to re-run
cvs login
).
Note that if the ‘:pserver:’ were not present in
the repository specification, CVS would assume it
should use rsh
to connect with the server
instead (see Connecting via rsh).
Of course, once you have a working copy checked out and are running CVS commands from within it, there is no longer any need to specify the repository explicitly, because CVS can deduce the repository from the working copy’s CVS subdirectory.
The password for a given remote repository can be
removed from the CVS_PASSFILE
by using the
cvs logout
command.
Next: Password authentication security, Previous: Password authentication server, Up: Password authenticated [Contents][Index]