[#646] Passwords hashes are visible in nss_passwd

Description

Summary:

Detailed description

Passwords hashes are visible in nsspasswd, while this is normally restricted to nssshadow.

As a fix we can: - add another gforgenssroot user with a view on nssshadow, - add a password-based authentication for gforgenssroot in /etc/nss-pgsql-root.conf - return 'x' as the password field in nsspasswd

General Information
Submitted by:
Sylvain Beucler
Date Submitted: 2014-03-24 13:52
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/646
Actions
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Resolution:
none
Difficulty:
none
Target release:
none
Follow-up tabs
Message  ↓
Date: 2015-05-22 13:23
Sender: Sylvain Beucler

Déplacé de Bugs vers Feature requests

Date: 2015-05-22 13:23
Sender: Sylvain Beucler

ITK requires a way to authenticate the user, using user (non-root) privileges. Currently password hashes are already leaked in 'scm-passwd'. The only way I found to avoid this is to rely on mod-authnz-external+pwauth , which is not packaged for CentOS 7. Moving to wishlist.

No attached documents

No related commits.

Field Old Value Date By
typeBugs2015-05-22 13:23
Sylvain Beucler

No relations found.