From: | sandeep umesh <sandeepumeshbe@gmail.com> |
Date: | Wed, 1 Feb 2017 19:52:40 +0530 |
Subject: | Check for k5login permission |
To: | krb5-bugs@mit.edu |
Hello
As per our understanding, .k5login file is similar to ssh authorized_keys. A user put his keys in the authorized_keys file to ssh to a server without password. However ssh correctly check that only the ownerhas write access (600) to authorized_keys but the same check is not perform for k5login file. Anybody with write access to another user's home directory could potentially add a .k5login file with his kerberos id to take control of that user.