[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Broken k5login authentication type.
|
From: |
Simon Josefsson |
|
Subject: |
Re: Broken k5login authentication type. |
|
Date: |
Wed, 08 Aug 2012 13:10:36 +0200 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Mats Erik Andersson <address@hidden> writes:
> onsdag den 8 augusti 2012 klockan 12:39 skrev Simon Josefsson detta:
>> Mats Erik Andersson <address@hidden> writes:
>>
>> Thank you! Patch applied.
>>
>> > * No falling back to other authentication types, as this would
>> > consitute a security breach in itself.
>>
>> I think you refer to the case where there is no .k5login file. I recall
>> that MIT/Heimdal fall back on a strcmp-like approach in this situation,
>> doesn't it? If the file doesn't exist, I think the semantics in
>> MIT/Heimdal is that if your principal matches the username, you are let
>> in. Please check this and followup.
>
> My preferred interpretation is that
>
> shishi_authorize_p (h, "k5login");
>
> should only set authorization type "k5login", nothing more, nothing less.
> Allowing the fall back is equivalent to make the above call be equal to
>
> shishi_authorize_p (h, "k5login basic");
>
> I find it important to be able to enforce a distinction here.
Good point, I agree.
It feels a bit awkward for every application to provide the "k5login
basic" string though. What if we want to introduce something new by
default in the future? Maybe there should be a "default" authorization
string that maps to (currently) "k5login basic". Then most applications
could use that, and we'd be more future safe. Thoughts?
/Simon