Your message dated Thu, 27 Oct 2005 14:58:08 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in login package
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Jul 2004 13:27:45 +0000
>From [EMAIL PROTECTED] Wed Jul 07 06:27:45 2004
Return-path: <[EMAIL PROTECTED]>
Received: from albion.dl.ac.uk [148.79.80.39]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BiCSf-000296-00; Wed, 07 Jul 2004 06:27:45 -0700
Received: from fx by albion.dl.ac.uk with local (Exim 3.35 #1 (Debian))
id 1BiCSd-0005yk-00
for <[EMAIL PROTECTED]>; Wed, 07 Jul 2004 14:27:43 +0100
From: Dave Love <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: heimdal-servers: can't control Kerberized telnet access
X-Debbugs-CC: Dave Love <[EMAIL PROTECTED]>
Date: Wed, 07 Jul 2004 14:27:43 +0100
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: heimdal-servers
Version: 0.6.2-3
Severity: normal
If you use Kerberos for authentication and LDAP for account info,
there seems to be no way to restrict Kerberized telnet access to the
system. I.e. I want to use pam_listfile or something obeying
login.access to restrict access to a list of users which is a small
subset of those in the Kerberos/LDAP SSO system.
I expected to be able to use login.access for the job with telnetd -a
user or -a valid, but that doesn't work because telnet invokes
/bin/login, not the Heimdal version. (PAM is bypassed by /bin/login -f.)
If I start the daemon with `-L /usr/lib/heimdal-servers/login',
I can use login.access OK, but that's at least unobvious.
I guess there's reason to use /bin/login so that you get pam_env &c,
but I think this at least needs to be documented along with the -L
recipe for using the Heimdal login to obey login.access. Ideally I
guess there would be PAM support for the -a user/valid cases. As it
is, it's rather easy to leave a route into the system for unauthorized
users.
Also, the man page is wrong about the `-a valid' option. Since it
also uses login -f, you don't get the user verification via login(1)
that it promises.
-- System Information
Debian Release: 3.0
Architecture: sparc
Kernel: Linux albion.dl.ac.uk 2.4.26-sparc64 #1 Sat Apr 24 01:43:10 EDT 2004
sparc64
Locale: LANG=C, LC_CTYPE=en_GB
---------------------------------------
Received: (at 258067-done) by bugs.debian.org; 27 Oct 2005 04:58:17 +0000
>From [EMAIL PROTECTED] Wed Oct 26 21:58:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from snoopy.microcomaustralia.com.au [202.173.153.89]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EUzqC-0004Ef-00; Wed, 26 Oct 2005 21:58:17 -0700
Received: from localhost (localhost [127.0.0.1])
by snoopy.microcomaustralia.com.au (Postfix) with ESMTP id 01881D82BC;
Thu, 27 Oct 2005 14:58:12 +1000 (EST)
Received: from snoopy.microcomaustralia.com.au ([127.0.0.1])
by localhost (snoopy [127.0.0.1]) (amavisd-new, port 10024) with LMTP
id 16763-03; Thu, 27 Oct 2005 14:58:08 +1000 (EST)
Received: by snoopy.microcomaustralia.com.au (Postfix, from userid 10003)
id 339EAD8085; Thu, 27 Oct 2005 14:58:08 +1000 (EST)
Date: Thu, 27 Oct 2005 14:58:08 +1000
From: Brian May <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Fixed in login package
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at snoopy.apana.org.au
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
As bug #193869 is marked as fixed (login version 1:4.0.3-33), I am
assuming this bug is also fixed.
--
Brian May <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
