[Bug 1383] New: usernames are caseinsensitive during login
http://bugs.skolelinux.org/show_bug.cgi?id=1383
Summary: usernames are caseinsensitive during login
Product: Skolelinux
Version: lenny-test
Platform: All
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P1
Component: debian-edu-config
AssignedTo: debian-edu@lists.debian.org
ReportedBy: ronny@skolelinux.org
usernames are case insesitive during login.
i have tested with thinclient, and NX and danielsan have tested on a
workstation
the username RoNnY can login just as well as the correct username ronny
when you login with a different username you loose your group meneberships.
it's like a separate account with the same homedir.
This can allow the user to circumvent group based restrictions and loose access
rights for group based file rights.
set to p1 for it's security implications.
http://honk.sigxcpu.org/projects.html#pam-naming might be used to fx: enforce
lowercase usernames.
kind regards
Ronny Aasen
--
Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Reply to: