Bug 1780

Summary:

Option to disable .k5login support

Product:

Portable OpenSSH

Reporter:

jchadima

Component:

Kerberos support

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

normal

CC:

jfch

Priority:

Version:

5.5p1

Hardware:

All

OS:

All

Attachments:

Description	Flags
Proposed solution	none
Proposed solution	none
Proposed solution	none

Description jchadima 2010-06-14 17:44:57 AEST

.k5login allows a user to let others access his account w/o admin intervention.

There are 2 potential problems in some setups.

A) Company policy that prevents account sharing
B) Access to other users credentials using social engineering techniques to
make someone log into your account and forward you his credentials

For these reasons it would be useful if there were a sshd_config option to
prevent sshd from using .k5login files.

Comment 1 jchadima 2010-06-14 17:47:01 AEST

Created attachment 1859 [details]
Proposed solution

Comment 2 jchadima 2010-09-16 03:24:19 AEST

Created attachment 1927 [details]
Proposed solution

Comment 3 jchadima 2010-11-15 20:53:41 AEDT

Created attachment 1956 [details]
Proposed solution

Optimize the patch