On Fri, Oct 15, 2010 at 7:01 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote: > No. system_auth is still the NFS standard for internal use in both > academic and professional environments. auth_dh has uses, but it > doesn't help against any machine with allocated or cracked local root > access. This isn't your "local machine", it's the network wide home > directory system, and there are plenty of them out there without even > this step.
I don't doubt that, but my point is in this particular scenario there are far bigger issues that render anything SVN does entirely moot. If I have root access to the filesystem, it doesn't matter what SSH does to try to encrypt the password, because I have full access to your account. I can just change your PATH to point to my trojaned SVN binary and grab your password that way, for example. There simply isn't any level of precaution sufficient to protect you from a rogue root user on a UNIX system. I'm not saying there aren't situations where it's a good idea to have SVN encrypt passwords, just that this isn't a very good example of one. If people can boot a LiveCD and get root access to your NFS shares, they already have the keys to the castle. -- David Brodbeck System Administrator, Linguistics University of Washington
