Re: [PATCH] Authentication support for pserver

[Junio C Hamano <gitster@pobox.com>]

"Ævar Arnfjörð Bjarmason"  <avarab@gmail.com> writes:

>> On this aspect, I see no reason why we wouldn't have the passwords
>> crypt()ed or SHA1'd. Perl includes crypt() in the default
>> distribution, so it wouldn't add any dependency.
>
> It also includes Digest::SHA in the default distribution as of today:)
>
> I could add another option for allowing users to choose their password
> storage, e.g.:
>
> [gitcvs]
>     password_storage = plaintext # or sha1, crypt, ...

I personally feel that selectable password storage format is going
overboard.  Pick a reasonable one and use it everywhere.

Using some form of crypt is a good idea but then we would need a
separate mode of operation to gitcvs to generate user password.

	$ gitcvs adduser junio
        Password: ******
        Retype password: ******
	Added user 'junio' to .git/config
	$ exit

I personally do not care about deluser or change-password subcommands,
as you can always go directly to .git/config to remove the user and
recreate anew, but adding them might be nice finishing touches.

	$ gitcvs password junio
        New password: ******
        Retype password: ******
	Changed password for user 'junio' in .git/config        
	$ gitcvs deluser junio
        Are you sure you want to remove user 'junio' [y/N]? Y
	Removed user 'junio' from .git/config
	$ exit