Re: [stellation-res] why doesn't stellationd require a "password" argume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [stellation-res] why doesn't stellationd require a "password" argument?

From: "Mark C. Chu-Carroll" <mcc@xxxxxxxxxxxxxx>
Date: Sun, 21 Jul 2002 08:38:58 -0400
Delivered-to: stellation-res@xxxxxxxxxxxxxxx
List-archive: <http://dev.eclipse.org/pipermail/stellation-res/>
List-help: <mailto:stellation-res-request@dev.eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=unsubscribe>
Organization: IBM T. J. Watson Research Center
User-agent: KMail/1.4.1

On Sunday 21 July 2002 12:30 am, Florin Iucha wrote:
> On Sat, Jul 20, 2002 at 11:19:42PM -0400, shields@xxxxxxxxxxxxxx wrote:
> > On Sat, Jul 20, 2002 at 05:28:26PM -0400, Mark C. Chu-Carroll wrote:
> > ...
> >
> > > On Saturday 20 July 2002 01:09 pm, Florin Iucha wrote:
> > > When you do an "svc config database", Stellation initializes a
> > > repository, and inserts a username and password from your
> > > .svcrc file. (I'm not sure about what the default is if you didn't
> > > put anything into the .svcrc file; that's the area of code that
> > > Dave Shields is primarily responsible for.)
> >
> > The default username is your login name. There is no default password,
> > so you must provide one. (There used to be a default password, but I
> > deleted this feature before we let Stellation out into the wild, lest it
> > cause security problems).

I actually think this is wrong. We should require a password for
the user who created the repository. If there's no password in
their .svcrc, and they didn't provide one on the command-line,
the system should generate an error message requiring a password.
This way, it's just way too easy to accidentally create an open,
unprotected repository. The repository creator is, in effect, the root
user of the repository, the user who will ultimately control all the ACLs.

For creating other users, you need to provide a password (you can provide
a null password, but you must do so manually). 

> OK. How do I get two people to use the same repository?

There's two configure commands for users:

- To create a new user:
	svc configure user <username> <password>
- For a user to change their own password:
	svc configure password <newpassword>

When you access a repository, by default, it gets your username
from either the "--username" parameter, your .svcrc file, or
your login name, in that order. For the password, it's the "--password"
parameter, then the .svcrc file.

So, for another user to access the repository, you'd do an 
"svc configure user". Then the user would put their
username and password into their .svcrc file, and then use svc.

	-Mark

-- 
Mark Craig Chu-Carroll,  IBM T.J. Watson Research Center  
*** The Stellation project: Advanced SCM for Collaboration
***		http://www.eclipse.org/stellation
*** Work Email: mcc@xxxxxxxxxxxxxx  ------- Personal Email: markcc@xxxxxxxxxxx

Follow-Ups:
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha

References:
- [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: shields
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha

Prev by Date: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Next by Date: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Previous by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Next by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Index(es):
- Date
- Thread

Breadcrumbs