On Thu, 2009-11-05 at 17:32 +0100, Petter Reinholdtsen wrote: > I really hope you find time to fix this in Lenny, as it affects Debian > Edu. The issue is also a security issue, where users can by-pass > netgroup based limitations by changing the case of the username they use > when logging in. See > <URL: http://bugs.skolelinux.org/show_bug.cgi?id=1383 > for more > information about that facet of this problem. Thanks for pointing this out and providing the link. I will contact the security team and prepare an update. It is strange though that the group membership is lost because I would think those lookups would also be case-insensitive. I noticed the case-insensitive problem before (that's why it's fixed in 0.6.11) but not the group-membership problem. -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Attachment:
signature.asc
Description: This is a digitally signed message part