Okay, if the problem is not a missing --allow-root, here are a
few other possibilities:
The user has no entry in the CVSROOT/passwd file, and the CVSROOT/config
file has SystemAuth=no so CVS will not fall back on the system password
file (or SystemAuth=yes, but the system password file has no entry for
this user either).
The user has an entry in the CVSROOT/passwd file, but there is no user
by that name on the system, and the CVSROOT/passwd entry does not map
the user to any valid system username.
The password is wrong (but CVS is usually pretty good about informing
the user of this, so that's probably not the answer).
Everything is set up correctly with the passwd files and in
/etc/inetd.conf, but you forgot an entry like this in /etc/services:
so inetd is not even listening on that port to pass connections off to