1 files changed, 34 insertions, 10 deletions

diff --git a/contrib/cvs/src/mkmodules.c b/contrib/cvs/src/mkmodules.c
index ec5d770..3c63433 100644
--- a/contrib/cvs/src/mkmodules.c
+++ b/contrib/cvs/src/mkmodules.c
@@ -275,6 +275,12 @@ static const char *const modules_contents[] = {
     NULL
 };
 
+static const char *const config_contents[] = {
+    "# Set this to \"no\" if pserver shouldn't check system users/passwords\n",
+    "#SystemAuth=no\n",
+    NULL
+};
+
 static const struct admin_file filelist[] = {
     {CVSROOTADM_LOGINFO, 
 	"no logging of 'cvs commit' messages is done without a %s file",
@@ -316,14 +322,27 @@ static const struct admin_file filelist[] = {
     {CVSROOTADM_WRITERS,
 	"a %s file specifies read/write users",
 	NULL},
-    /* Some have suggested listing CVSROOTADM_PASSWD here too.  The
-       security implications of transmitting hashed passwords over the
-       net are no worse than transmitting cleartext passwords which pserver
-       does, so this isn't a problem.  But I'm worried about the implications
-       of storing old passwords--if someone used a password in the past
-       they might be using it elsewhere, using a similar password, etc,
-       and so it doesn't seem to me like we should be saving old passwords,
-       even hashed.  */
+
+    /* Some have suggested listing CVSROOTADM_PASSWD here too.  This
+       would mean that CVS commands which operate on the
+       CVSROOTADM_PASSWD file would transmit hashed passwords over the
+       net.  This might seem to be no big deal, as pserver normally
+       transmits cleartext passwords, but the difference is that
+       CVSROOTADM_PASSWD contains *all* passwords, not just the ones
+       currently being used.  For example, it could be too easy to
+       accidentally give someone readonly access to CVSROOTADM_PASSWD
+       (e.g. via anonymous CVS or cvsweb), and then if there are any
+       guessable passwords for read/write access (usually there will be)
+       they get read/write access.
+
+       Another worry is the implications of storing old passwords--if
+       someone used a password in the past they might be using it
+       elsewhere, using a similar password, etc, and so saving old
+       passwords, even hashed, is probably not a good idea.  */
+
+    {CVSROOTADM_CONFIG,
+	 "a %s file configures various behaviors",
+	 config_contents},
     {NULL, NULL}
 };
 
@@ -694,6 +713,7 @@ rename_rcsfile (temp, real)
 
 const char *const init_usage[] = {
     "Usage: %s %s\n",
+    "(Specify the --help global option for a list of other help options)\n",
     NULL
 };
 
@@ -785,8 +805,12 @@ init (argc, argv)
 	       "initial checkin" but I fail to see the point as we know what
 	       file it is from the name.  */
 	    retcode = add_rcs_file ("initial checkin", info_v,
-				    fileptr->filename, "1.1", NULL, NULL,
-				    0, NULL, NULL);
+				    fileptr->filename, "1.1", NULL,
+
+				    /* No vendor branch.  */
+				    NULL, NULL, 0, NULL,
+
+				    NULL, 0, NULL);
 	    if (retcode != 0)
 		/* add_rcs_file already printed an error message.  */
 		err = 1;