diff -u -p -Nr --exclude CVS cvs-1.12.9.orig/src/Makefile.in cvs-1.12.9/src/Makefile.in
--- cvs-1.12.9.orig/src/Makefile.in	2004-06-09 17:27:12.000000000 +0200
+++ cvs-1.12.9/src/Makefile.in	2006-08-07 19:48:07.000000000 +0200
@@ -233,6 +233,7 @@ cvs_SOURCES = \
 	run.c \
 	scramble.c \
 	server.c \
+	readpw.c \
 	socket-client.c socket-client.h \
 	stack.c stack.h \
 	status.c \
@@ -315,7 +316,7 @@ am_cvs_OBJECTS = add.$(OBJEXT) admin.$(O
 	server.$(OBJEXT) socket-client.$(OBJEXT) stack.$(OBJEXT) \
 	status.$(OBJEXT) subr.$(OBJEXT) tag.$(OBJEXT) update.$(OBJEXT) \
 	version.$(OBJEXT) vers_ts.$(OBJEXT) watch.$(OBJEXT) \
-	wrapper.$(OBJEXT) zlib.$(OBJEXT)
+	wrapper.$(OBJEXT) zlib.$(OBJEXT) readpw.$(OBJEXT)
 cvs_OBJECTS = $(am_cvs_OBJECTS)
 cvs_LDFLAGS =
 SCRIPTS = $(bin_SCRIPTS)
@@ -351,6 +352,7 @@ am__depfiles_maybe = depfiles
 @AMDEP_TRUE@	./$(DEPDIR)/root.Po ./$(DEPDIR)/rsh-client.Po \
 @AMDEP_TRUE@	./$(DEPDIR)/run.Po ./$(DEPDIR)/scramble.Po \
 @AMDEP_TRUE@	./$(DEPDIR)/server.Po ./$(DEPDIR)/socket-client.Po \
+@AMDEP_TRUE@	./$(DEPDIR)/readpw.Po \
 @AMDEP_TRUE@	./$(DEPDIR)/stack.Po ./$(DEPDIR)/status.Po \
 @AMDEP_TRUE@	./$(DEPDIR)/subr.Po ./$(DEPDIR)/tag.Po \
 @AMDEP_TRUE@	./$(DEPDIR)/update.Po ./$(DEPDIR)/vers_ts.Po \
@@ -483,6 +485,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scramble.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/readpw.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket-client.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stack.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/status.Po@am__quote@
diff -u -p -Nr --exclude CVS cvs-1.12.9.orig/src/readpw.c cvs-1.12.9/src/readpw.c
--- cvs-1.12.9.orig/src/readpw.c	1970-01-01 01:00:00.000000000 +0100
+++ cvs-1.12.9/src/readpw.c	2006-08-07 19:43:37.000000000 +0200
@@ -0,0 +1,153 @@
+/*
+    readpw.c - read the CVS password from an external file
+    Copyright (c) 2006  Martin Schulze <joey@infodrom.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+
+#define PWFILE "/tmp/work/cvs/cvs.passwd"
+
+/*
+ * Source: control_nextline() in dtaus.c from dtaus
+ */
+size_t readline (FILE *f, char **buf, unsigned int len)
+{
+  char line[100];
+  char tmp[100];
+  char *cp;
+  int i;
+
+  memset (line, 0, sizeof(line));
+  memset (*buf, 0, len);
+
+  cp = line;
+
+  while (!strlen(line) && (cp = fgets(line, 100, f))) {
+    if (strlen(line)) {
+      if (line[0] != '#') {
+        if (line[strlen(line)-1] != '\n') {
+          strcpy(tmp, line);
+          while (tmp[strlen(tmp)-1] != '\n' && (cp = fgets(tmp, 100, f)));
+        } else
+          line[strlen(line)-1] = '\0';
+        if (line[strlen(line)-1] == '\r')
+          line[strlen(line)-1] = '\0';
+        for (i=strlen(line);(line[i-1] == ' '||line[i-1] == '\t')&&i>0; i--)
+          line[i-1] = '\0';
+      } else
+        line[0] = '\0';
+    }
+  }
+  for (cp=line; *cp==' '; cp++);
+
+  if (strlen(cp)) {
+    memcpy(*buf, cp, strlen(cp) >= len ? len-1 : strlen(cp));
+    return (strlen (cp));
+  } else
+    return 0;
+}
+
+#define MAXLINE 100
+#define PWLEN 20
+
+char *getpwline (const char *fname, const char *repository, const char *logname)
+{
+  FILE *f;
+  char buf[MAXLINE], *bp = buf;
+  static char line[MAXLINE];
+  int inrepo = 0;
+  char *cp;
+
+  memset (line, 0, sizeof (line));
+
+  if ((f = fopen (fname, "r")) == NULL) {
+    perror ("fopen");
+    return line;
+  }
+
+  while (readline (f, &bp, 50)) {
+    if (buf[0] == '/') {
+      if (!inrepo && !strcmp (buf, repository))
+	inrepo = 1;
+      else if (inrepo)
+	inrepo = 0;
+    } else {
+      if (inrepo) {
+	if ((cp = strchr (buf, ':')) != NULL) {
+	  if ( (cp - buf) == strlen (logname)
+	       && !strncmp (buf, logname, strlen (logname))) {
+	    memcpy (line, buf, strlen(buf) >= MAXLINE ? MAXLINE-1 : strlen(buf));
+	  }
+	}
+      }
+    }
+  }
+  
+  if (ferror (f))
+    perror ("ferror");
+  if (fclose (f) < 0)
+    perror ("fclose");
+
+  return line;
+}
+
+/*
+*****************************************************************
+ */
+#ifdef TEST_READPW
+
+void getpasswd (const char *fname, const char *repository, const char *logname, char **pw, char **user)
+{
+  char *line;
+  char *cp, *xp;
+
+  memset (*pw, 0, PWLEN);
+  memset (*user, 0, PWLEN);
+
+  line = getpwline(fname, repository, logname);
+
+  if (line[0] == '\0')
+    return;
+
+  cp = strchr (line, ':');
+  cp++;
+
+  if ((xp = strchr (cp, ':')) != NULL) {
+    memcpy (*pw, cp, xp-cp >= PWLEN ? PWLEN-1 : xp-cp);
+    
+    xp++;
+
+    if (strlen (xp))
+      memcpy (*user, xp, strlen(xp) >= PWLEN ? PWLEN-1 : strlen(xp));
+  }
+}
+
+int main ()
+{
+  char pw[PWLEN], *ppw = pw;
+  char cvsuser[PWLEN], *pcu = cvsuser;
+
+  getpasswd (PWFILE, "/cvs/debian-doc", "jseidel", &ppw, &pcu);
+
+  printf ("%s<:>%s\n", pw, cvsuser);
+  printf ("XXXXXXXXXXXXX\n");
+
+  return 0;
+}
+#endif /*TEST_READPW */
diff -u -p -Nr --exclude CVS cvs-1.12.9.orig/src/server.c cvs-1.12.9/src/server.c
--- cvs-1.12.9.orig/src/server.c	2006-08-07 18:48:19.000000000 +0200
+++ cvs-1.12.9/src/server.c	2006-08-07 19:46:42.000000000 +0200
@@ -16,6 +16,10 @@
 #include "getnline.h"
 #include "buffer.h"
 
+#define DSA_VERSION
+#define PWFILE "/etc/cvs.passwd"
+char *getpwline (const char *fname, const char *repository, const char *logname);
+
 #if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT)
 
 # ifdef HAVE_GSSAPI
@@ -5552,13 +5556,18 @@ static int
 check_repository_password (char *username, char *password, char *repository, char **host_user_ptr)
 {
     int retval = 0;
+#ifndef DSA_VERSION
     FILE *fp;
     char *filename;
+#else
+    char *cp;
+#endif
     char *linebuf = NULL;
     size_t linebuf_len;
     int found_it = 0;
     int namelen;
 
+#ifndef DSA_VERSION
     /* We don't use current_parsed_root->directory because it hasn't been
      * set yet -- our `repository' argument came from the authentication
      * protocol, not the regular CVS protocol.
@@ -5597,6 +5606,24 @@ check_repository_password (char *usernam
 	error (0, errno, "cannot read %s", filename);
     if (fclose (fp) < 0)
 	error (0, errno, "cannot close %s", filename);
+#else /* DSA_VERSION */
+
+    namelen = strlen (username);
+
+    cp = getpwline (PWFILE, repository, username);
+      syslog (LOG_NOTICE, "cp=%s", cp);
+    if (strlen (cp)) {
+      linebuf = xmalloc (strlen (cp) + 1);
+      memcpy (linebuf, cp, strlen(cp)+1);
+      syslog (LOG_NOTICE, "line=%s", linebuf);
+      found_it = 1;
+    } else
+      found_it = 0;
+
+    /* syslog (LOG_NOTICE, "username=%s, password=%s, repository=%s", username, password, repository); */
+
+
+#endif /* DSA_VERSION */
 
     /* If found_it, then linebuf contains the information we need. */
     if (found_it)
@@ -5689,7 +5716,9 @@ check_repository_password (char *usernam
 	retval = 0;
     }
 
+#ifndef DSA_VERSION
     free (filename);
+#endif
     if (linebuf)
 	free (linebuf);