Skip Menu |
 

To: krb5-bugs@mit.edu
From: Sam Hartman <hartmans@debian.org>
Date: Thu, 27 May 2004 19:25:53 -0400
Cc: 250966-forwarded@bugs.debian.org
Subject: [Russ Allbery] Bug#250966: /usr/sbin/klogind: Authorization behavior not fully documented
Download (untitled)
message/rfc822 4KiB
Return-Path: <debbugs@bugs.debian.org>
Received: from solipsist-nation ([unix socket])
by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP;
Tue, 25 May 2004 21:38:12 -0400
X-Sieve: CMU Sieve 2.2
Return-Path: <debbugs@bugs.debian.org>
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by suchdamage.org (Postfix) with ESMTP id 355F213174
for <hartmans@suchdamage.org>; Tue, 25 May 2004 21:38:12 -0400 (EDT)
Received: from spohr.debian.org (spohr.debian.org [128.193.0.4])
by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id
i4Q1c8eP007942
for <hartmans@mit.edu>; Tue, 25 May 2004 21:38:09 -0400 (EDT)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
id 1BSnHz-0002jo-00; Tue, 25 May 2004 18:33:03 -0700
X-Loop: owner@bugs.debian.org
Subject: Bug#250966: /usr/sbin/klogind: Authorization behavior not fully
documented
Reply-To: Russ Allbery <rra@stanford.edu>, 250966@bugs.debian.org
Resent-From: Russ Allbery <rra@stanford.edu>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: Sam Hartman <hartmans@debian.org>
Resent-Date: Wed, 26 May 2004 01:33:02 UTC
Resent-Message-ID: <handler.250966.B.108553441531146@bugs.debian.org>
X-Debian-PR-Message: report 250966
X-Debian-PR-Package: krb5-rsh-server
X-Debian-PR-Keywords: security
Received: via spool by submit@bugs.debian.org id=B.108553441531146
(code B ref -1); Wed, 26 May 2004 01:33:02 UTC
Received: (at submit) by bugs.debian.org; 26 May 2004 01:20:15 +0000
Received: from smtp3.stanford.edu [171.67.16.138]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BSn5a-00083m-00; Tue, 25 May 2004 18:20:15 -0700
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147])
by smtp3.Stanford.EDU (8.12.11/8.12.11) with SMTP id i4Q1KDTs027824
for <submit@bugs.debian.org>; Tue, 25 May 2004 18:20:14 -0700
Received: (qmail 12188 invoked by uid 1000); 26 May 2004 01:20:13 -0000
Message-ID: <20040526012013.12187.qmail@windlord.stanford.edu>
From: Russ Allbery <rra@stanford.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
X-Mailer: reportbug 2.60
Date: Tue, 25 May 2004 18:20:13 -0700
Delivered-To: submit@bugs.debian.org
Resent-Sender: Debian BTS <debbugs@bugs.debian.org>
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
solipsist-nation.suchdamage.org
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham
version=2.63
X-Spam-Level:
MIME-Version: 1.0

Package: krb5-rsh-server
Version: 1.3.3-1
Severity: normal
File: /usr/sbin/klogind
Tags: security

(Apologies if the security tag was inappropriate; I don't consider this
to be a major security hole or anything, but it does raise a security
issue, which was reportbug's definition.)

If klogind is used and configured with a default realm, and someone with
a user principal in that realm attempts to log on to an account that does
not have a .k5login file at all, that login appears to be authorized.
This may be somewhat surprising if one is not following the same namespace
as the Kerberos realm klogind is using, since the man page doesn't say
this and sort of implies that .k5login is always checked.

Ideally, it would be nice to have a switch to klogind that says "always
deny authorization if no .k5login file is present," but at the least I
think this should probably be documented in the klogind man page.

Note that this also isn't documented in the .k5login man page.

-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to C)

Versions of packages krb5-rsh-server depends on:
ii krb5-config 1.6 Configuration files for Kerberos V
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libcomerr2 1.35-6 The Common Error Description libra
ii libkrb53 1.3.3-1 MIT Kerberos runtime libraries
ii netbase 4.16 Basic TCP/IP networking system

-- no debconf information
Here's a patch to the klogind and kshd man pages that documents the
authorization behavior when .k5login isn't present and that removes the
last vestiges of references to .rhosts support (which was ripped out of
the code a while back).
Download klogind-authz
application/octet-stream 3.9KiB

Message body not shown because it is not plain text.

From: Russ Allbery <rra@stanford.edu>
Subject: CVS Commit
Document the authorization logic used in the absence of .k5login files.
Remove all remaining references to .rhosts authentication; the code to
implement this was already removed.

Commit By: rra



Revision: 18112
Changed Files:
U trunk/src/appl/bsd/klogind.M
U trunk/src/appl/bsd/kshd.M