https://bugzilla.mindrot.org/show_bug.cgi?id=3853
Bug ID: 3853
Summary: Potential Match User block evasion for kerberos realm
users
Product: Portable OpenSSH
Version: 10.0p2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
I have a Linux server joined in Microsoft Active Directory
I have enforced only lowercase letters for usernames through PAM to
avoid the pitfall where due to the case-insensitivity of AD the "Match
User" block can be skipped,
which from what I've read is expected and is not an issue of openssh,
but there seems to be 1 more tricky condition,
which is when the user precedes their username with the domain, as in
"ssh <domain>\\<username>@<server name>"
Doing this, their username will not match the "Match User" block.
I'm not completely sure whether this is expected behavior or not, but
backslashes are not valid for unix usernames, so perhaps the preceding
<domain>\\ should be ignored?
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
