Username case sensitivity issue with multiple variants in /etc/passwd
Jason Jacques
jtjacques at gmail.com
Sun Oct 19 14:26:42 EST 2014
Hi,
I recently upgraded from 4.3 to 6.7 on Windows with cygwin and noticed that case sensitivity had been introduced for Windows usernames as per this discussion: http://marc.info/?l=openssh-unix-dev&m=126505289206175&w=2
It seems there is still a bug in the handling of usernames regarding case sensitivity however. The following /etc/passwd allows me to login as either Jason or dave to the same uid (case-sensitive, therefore jason and Dave do not work as expected):
Jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
dave:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
If I change the /etc/passwd to the following however, I can only login with the username Jason. jason (lower-case) does not work. This is dependant on which occurs first in the /etc/passwd file (i.e. if lowercase is first, that is the allowed variant):
Jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
In essence, it seems OpenSSH is now treating Jason and jason as different accounts based on unix practices, but if different cases are specified in /etc/passwd only the first variant is evaluated before determining if the login should proceed.
Thanks,
Jason Jacques
Email: jtjacques at gmail.com
Web: http://jasonjacques.co.uk
More information about the openssh-unix-dev
mailing list