|
»
[Bug 1383] New: usernames are caseinsensitive during login
|
View:
New views
7 Messages
—
Rating Filter:
Alert me
|
 |
[Bug 1383] New: usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Summary: usernames are caseinsensitive during login Product: Skolelinux Version: lenny-test Platform: All OS/Version: Linux Status: NEW Severity: critical Priority: P1 Component: debian-edu-config AssignedTo: debian-edu@... ReportedBy: ronny@... usernames are case insesitive during login. i have tested with thinclient, and NX and danielsan have tested on a workstation the username RoNnY can login just as well as the correct username ronny when you login with a different username you loose your group meneberships. it's like a separate account with the same homedir. This can allow the user to circumvent group based restrictions and loose access rights for group based file rights. set to p1 for it's security implications. http://honk.sigxcpu.org/projects.html#pam-naming might be used to fx: enforce lowercase usernames. kind regards Ronny Aasen -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Holger Levsen <holger@...> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |holger@... Status|NEW |ASSIGNED --- Comment #1 from Holger Levsen <holger@...> 2009-10-13 11:53:46 --- to explain the effects a bit more verbose: <sep> the poor admin at luster spent weeks troubleshooting a issue where a teacher never could access the school shared documents. she logged in constantly with capital first letter in her name, he constantly tested with her correct username. :s <sep> also this explains why some students had full internet when they logged in as exam users. since they would not be in the group blocking them in the proxy... -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Petter Reinholdtsen <pere@...> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pere@... --- Comment #2 from Petter Reinholdtsen <pere@...> 2009-11-05 12:05:32 --- The problem probably originates from the LDAP searches which are case insensitive. No idea how to avoid it. I believe the ldap search rules are in /etc/nss-ldapd.conf . -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
--- Comment #3 from Holger Levsen <holger@...> 2009-11-05 12:27:04 --- during the gathering we discussed to make login casesensitive again, for the benefit of releasing our lenny this year. this is because this fix is quite straightforward. if someone comes up with a fix for incasesenstive logins in time, this is of course also fine :-) -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Ronny Aasen <ronny@...> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://bugs.debian.org/55243 | |3 --- Comment #4 from Ronny Aasen <ronny@...> 2009-11-05 17:18:35 --- Debian bug, even potential for a stable point release update. At what time will we know if this will be in stable or not ? http://bugs.debian.org/552433 Ronny -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Oded Naveh <skilinux@...> changed: What |Removed |Added ---------------------------------------------------------------------------- URL|http://bugs.debian.org/55243| |3 | --- Comment #5 from Oded Naveh <skilinux@...> 2009-11-05 17:37:52 --- I believe this behaviour is determined by the "EQUALITY" matching rule defined for attribute "uid" in the schema, not sure which one (built-in perhaps?) as the definition in 'core.schema' is commented out, but it reads: # Derived from RFC 1274, but with new "short names" # #attributetype ( 0.9.2342.19200300.100.1.1 # NAME ( 'uid' 'userid' ) # DESC 'RFC1274: user identifier' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) No idea how to avoid it too. Looking at 'id' output: tjener:~# id demstu uid=10019(demstu) gid=10019(demstu) groups=10004(students),10005(none),10019(demstu) tjener:~# id DemStu uid=10019(DemStu) gid=10019(demstu) groups=10019(demstu) I suspect the inconsistency stems from the case sensitivity of: attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) in: objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) ) Both defined in 'nis.schema'. -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
[Bug 1383] usernames are caseinsensitive during login
by Bugzilla from drift@skolelinux.org
::
Rate this Message:
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Ralf <rgx@...> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rgx@... --- Comment #6 from Ralf <rgx@...> 2009-11-08 23:15:43 --- Yet another remark aside: Regarding scripts that are designed to kill left-behind processes of logged-out users (killer etc.), users could also evade process purging by using creative capitalisation. -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
| Free embeddable forum powered by Nabble | Forum Help |
