[Bug 2696] New: Allow to restrict access to service using authentication indicators
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Mar 22 01:12:40 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2696
Bug ID: 2696
Summary: Allow to restrict access to service using
authentication indicators
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2965
--> https://bugzilla.mindrot.org/attachment.cgi?id=2965&action=edit
allow specify auth-indicators
Kerberos 1.14 introduced authentication indicators [1], which allows us
to distinguish methods used to acquire specific kerberos token.
This policy can be specified either on the KDC side (you will not be
granted a ticket for SSH service) or on the side of service (as
implemented here).
The authentication indicators are exposed to the service as a named
attributes and therefore simply accessible. This change also implements
new configuration option GSSAPIRequiredAuthIndicators which allows to
specify space separated list of indicators that are eligible to access
this service.
[1] https://k5wiki.kerberos.org/wiki/Projects/Authentication_indicator
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list