OpenSSH-RSAAuth-NFS
Tim McGarry
tim at mcgarry.ch
Fri Jul 27 18:21:36 EST 2001
Here's a bunch of changes I've made to the current portable version of
OpenSSH.
The aim is that the rsa_authentication flag in sshd_config can be given the
values "without-nfs" This is really handy within a large organization where
incorrectly secured home directories can allow authorized_keys(2) to be
modified by someone other than the owner.
So now rsa_authentication can take the values (no,without-nfs,yes). Maybe it
would be better to use (no,yes,with-nfs). So it's an active decision that
the user has to make if the wish to allow authorized_keys(2) from nfs
mounts.
I'd like to feed this enhancement back into the OpenBSD build, NFS security
is not just a problem that relates to Solaris.
Tim McGarry
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-rsa-nfs.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010727/2a00f1c0/attachment.txt
More information about the openssh-unix-dev
mailing list