- Got password updating working
- Got it working such that the cookie setting code is working
- Implemented Admin mode for cvsroot user only. This allows the cvsroot user to manage other users, groups and sysusers
- Also when in admin mode the cvsroot user can set another persons password to something new without having to know the old password (i.e. password reset)
- Also when in admin mode the sysuser is exposed as a drop down - allowing cvsroot to change a sysuser for a user
- Still need to workout read/write access properly, other security issues (possibly a setuid script allowing the apache user to become cvsroot to re-write and/or check out and in files like passwd, readers and writers for repositories).
- Another issue is what to do as far as for paranoia checking. For example, what should happen if cvsroot attempts to remove say the "int" group and there are still users associated with the int group?