1780 – Option to disable .k5login support

Bug 1780 - Option to disable .k5login support

Summary: Option to disable .k5login support

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Kerberos support (show other bugs)
Version:	5.5p1
Hardware:	All All

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-06-14 17:44 AEST by jchadima
Modified:	2011-09-25 15:35 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Proposed solution (4.71 KB, patch) 2010-06-14 17:47 AEST, jchadima	no flags	Details \| Diff
Proposed solution (6.06 KB, patch) 2010-09-16 03:24 AEST, jchadima	no flags	Details \| Diff
Proposed solution (5.79 KB, patch) 2010-11-15 20:53 AEDT, jchadima	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jchadima 2010-06-14 17:44:57 AEST

.k5login allows a user to let others access his account w/o admin intervention.

There are 2 potential problems in some setups.

A) Company policy that prevents account sharing
B) Access to other users credentials using social engineering techniques to
make someone log into your account and forward you his credentials

For these reasons it would be useful if there were a sshd_config option to
prevent sshd from using .k5login files.

Comment 1 jchadima 2010-06-14 17:47:01 AEST

Created attachment 1859 [details]
Proposed solution

Comment 2 jchadima 2010-09-16 03:24:19 AEST

Created attachment 1927 [details]
Proposed solution

Comment 3 jchadima 2010-11-15 20:53:41 AEDT

Created attachment 1956 [details]
Proposed solution

Optimize the patch