[Bug 1780] New: Option to disable .k5login support

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jun 14 17:44:58 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1780

           Summary: Option to disable .k5login support
           Product: Portable OpenSSH
           Version: 5.5p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Kerberos support
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jchadima at redhat.com


.k5login allows a user to let others access his account w/o admin
intervention.

There are 2 potential problems in some setups.

A) Company policy that prevents account sharing
B) Access to other users credentials using social engineering
techniques to
make someone log into your account and forward you his credentials

For these reasons it would be useful if there were a sshd_config option
to
prevent sshd from using .k5login files.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list