Displaying 1 result from an estimated 1 matches for "requires_pwchange".
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
openssh-unix-dev at mindrot.org
kerberos at ncsa.uiuc.edu
We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5
module. When a Kerberos principal has the REQUIRES_PWCHANGE
(+needchange) flag set, OpenSSH+pam_krb5 will still successfully
authenticate the user. Local 'su' and 'login' fail in this case which
leads us to believe it's at least partially a problem with OpenSSH's
PAM code.
We first noticed this flaw on SLES8 and verified the same p...