Hi,
I'm trying to reproduce this bug to see if it's still valid, but so far
I haven't had much success. I tried crafting a /etc/sssd/sssd.conf
using Jens' diff, but after using sss_obfuscate on it I only see a small
excerpt being added to the end of the config file, and no lines being
removed.
I also looked at upstream's bug reports and tried finding something
related to this. There are some sss_obfuscate bugs that have been fixed
over the years, but nothing that really resembles this one.
Jens, would it be possible for you to check if this bug is still
reproducible, and to provide reproduction steps please? Meanwhile, I
will set this bug as Incomplete.
Moreover, I would like to post a comment made by one of the sssd
developers regarding sss_obfuscate:
====
First, an aside: please do not use the sss_obfuscate tool. It is virtually
useless and provides zero security benefit. It was added to placate a customer
who was paying a brain-dead auditor to review their use of the code. Obfuscated
passwords are 100% reversible encryption. Anyone who has access to the
sssd.conf can trivially reverse the password and get its plaintext password.
They need only take a look at the well-commented source code of the
sss_obfuscate tool. Given that the sssd.conf file is already forced to be
readable only by root, the obfuscation is an unnecessary option that only gives
an illusion of added security, we strongly recommend against using it at all.
====
With that in mind, and assuming that the bug is still valid, I consider
it to be low priority.
Thanks.
** Changed in: sssd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1430143
Title:
sss_obfuscate breaks /etc/sssd/sssd.conf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1430143/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
