[Bug 1383] New: usernames are caseinsensitive during login

To: debian-edu@lists.debian.org
Subject: [Bug 1383] New: usernames are caseinsensitive during login
From: drift@skolelinux.org
Date: Tue, 13 Oct 2009 11:43:16 +0200
Message-id: <bug-1383-95@http.bugs.skolelinux.org/>

http://bugs.skolelinux.org/show_bug.cgi?id=1383

           Summary: usernames are caseinsensitive during login
           Product: Skolelinux
           Version: lenny-test
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: debian-edu-config
        AssignedTo: debian-edu@lists.debian.org
        ReportedBy: ronny@skolelinux.org


usernames are case insesitive during login. 
i have tested with thinclient, and NX and danielsan have tested on a
workstation

the username RoNnY can login just as well as the correct username ronny
when you login with a different username you loose your group meneberships.
it's like a separate account with the same homedir. 
This can allow the user to circumvent group based restrictions and loose access
rights for group based file rights. 

set to p1 for it's security implications.

http://honk.sigxcpu.org/projects.html#pam-naming might be used to fx: enforce
lowercase usernames. 

kind regards
Ronny Aasen


-- 
Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

Reply to:

Follow-Ups:
- [Bug 1383] usernames are caseinsensitive during login
  - From: drift@skolelinux.org

Prev by Date: Re: towards a lenny release, part 2
Next by Date: [Bug 1383] usernames are caseinsensitive during login
Previous by thread: accommodations at the gathering in oslo 30 oktober
Next by thread: [Bug 1383] usernames are caseinsensitive during login
Index(es):
- Date
- Thread