bugzilla-daemon at bugzilla.mindrot.org
2010-Jun-14 07:44 UTC
[Bug 1780] New: Option to disable .k5login support
https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Summary: Option to disable .k5login support
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: jchadima at redhat.com
.k5login allows a user to let others access his account w/o admin
intervention.
There are 2 potential problems in some setups.
A) Company policy that prevents account sharing
B) Access to other users credentials using social engineering
techniques to
make someone log into your account and forward you his credentials
For these reasons it would be useful if there were a sshd_config option
to
prevent sshd from using .k5login files.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jun-14 07:47 UTC
[Bug 1780] Option to disable .k5login support
https://bugzilla.mindrot.org/show_bug.cgi?id=1780 --- Comment #1 from jchadima at redhat.com --- Created attachment 1859 --> https://bugzilla.mindrot.org/attachment.cgi?id=1859 Proposed solution -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Sep-15 17:24 UTC
[Bug 1780] Option to disable .k5login support
https://bugzilla.mindrot.org/show_bug.cgi?id=1780
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1859|0 |1
is obsolete| |
--- Comment #2 from jchadima at redhat.com 2010-09-16 03:24:19 EST ---
Created attachment 1927
--> https://bugzilla.mindrot.org/attachment.cgi?id=1927
Proposed solution
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-15 09:53 UTC
[Bug 1780] Option to disable .k5login support
https://bugzilla.mindrot.org/show_bug.cgi?id=1780
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1927|0 |1
is obsolete| |
--- Comment #3 from jchadima at redhat.com 2010-11-15 20:53:41 EST ---
Created attachment 1956
--> https://bugzilla.mindrot.org/attachment.cgi?id=1956
Proposed solution
Optimize the patch
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-25 05:35 UTC
[Bug 1780] Option to disable .k5login support
https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Jan F. Chadima <jfch at jagda.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jfch at jagda.eu
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.