Password authentication client

Go forward to Password authentication security.
Go backward to Password authentication server.
Go up to Password authenticated.

Using the client with password authentication
.............................................

   Before connecting to the server, the client must "log in" with the
command `cvs login'.  Logging in verifies a password with the server,
and also records the password for later transactions with the server.
The `cvs login' command needs to know the username, server hostname,
and full repository path, and it gets this information from the
repository argument or the `CVSROOT' environment variable.

   `cvs login' is interactive -- it prompts for a password:

     cvs -d :pserver:bach@chainsaw.yard.com:/usr/local/cvsroot login
     CVS password:

   The password is checked with the server; if it is correct, the
`login' succeeds, else it fails, complaining that the password was
incorrect.

   Once you have logged in, you can force CVS to connect directly to
the server and authenticate with the stored password:

     cvs -d :pserver:bach@chainsaw.yard.com:/usr/local/cvsroot checkout foo

   The `:pserver:' is necessary because without it, CVS will assume it
should use `rsh' to connect with the server (*note Connecting via
rsh::.).  (Once you have a working copy checked out and are running CVS
commands from within it, there is no longer any need to specify the
repository explicitly, because CVS records it in the working copy's
`CVS' subdirectory.)

   Passwords are stored by default in the file `$HOME/.cvspass'.  Its
format is human-readable, but don't edit it unless you know what you
are doing.  The passwords are not stored in cleartext, but are
trivially encoded to protect them from "innocent" compromise (i.e.,
inadvertently being seen by a system administrator who happens to look
at that file).

   The password for the currently choosen remote repository can be
removed from the CVS_PASSFILE by using the `cvs logout' command.

   The `CVS_PASSFILE' environment variable overrides this default.  If
you use this variable, make sure you set it *before* `cvs login' is
run.  If you were to set it after running `cvs login', then later CVS
commands would be unable to look up the password for transmission to
the server.