2.9.3.2 Using the client with password authentication

cvs -d :pserver:faun.example.org:/usr/local/cvsroot checkout someproj

or

CVSROOT=:pserver:bach@faun.example.org:2401/usr/local/cvsroot
cvs checkout someproj

However, unless you're connecting to a public-access repository (i.e., one where that username doesn't require a password), you'll need to supply a password or log in first. Logging in verifies your password with the repository and stores it in a file. It's done with the login command, which will prompt you interactively for the password if you didn't supply one as part of $CVSROOT:

cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot login
CVS password:

or

cvs -d :pserver:bach:p4ss30rd@faun.example.org:/usr/local/cvsroot login

After you enter the password, CVS verifies it with the server. If the verification succeeds, then that combination of username, host, repository, and password is permanently recorded, so future transactions with that repository won't require you to run cvs login. (If verification fails, CVS will exit complaining that the password was incorrect, and nothing will be recorded.)

The records are stored, by default, in the file `$HOME/.cvspass'. That file's format is human-readable, and to a degree human-editable, but note that the passwords are not stored in cleartext--they are trivially encoded to protect them from "innocent" compromise (i.e., inadvertent viewing by a system administrator or other non-malicious person).

You can change the default location of this file by setting the CVS_PASSFILE environment variable. If you use this variable, make sure you set it before cvs login is run. If you were to set it after running cvs login, then later CVS commands would be unable to look up the password for transmission to the server. Once you have logged in, all CVS commands using that remote repository and username will authenticate with the stored password. So, for example

cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot checkout foo

should just work (unless the password changes on the server side, in which case you'll have to re-run cvs login).

Note that if the `:pserver:' were not present in the repository specification, CVS would assume it should use rsh to connect with the server instead (see section 2.9.2 Connecting with rsh).

Of course, once you have a working copy checked out and are running CVS commands from within it, there is no longer any need to specify the repository explicitly, because CVS can deduce the repository from the working copy's `CVS' subdirectory.

The password for a given remote repository can be removed from the CVS_PASSFILE by using the cvs logout command.