[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Given a user in /etc/passwd with a legal shell and home directory, but a
password of "*" (Kerberos authentication is used and there is no reason to
have a password in /etc/passwd as well). In $HOME there is a .ssh
directory, permissions 700.
/etc/security complains "Login %s is off but still has a valid shell and
alternate access files in home directory are still readable.
The code that generates this error is at /etc/security:52.
else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e
"$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test
! -O "$9"/$file)) ; then exit 1; fi; fi; done")) printf("Login %s is off but
still has a valid shell and alternate access files in\n\t home directory are
Maybe I just have a different concept of readable, but I assume that this
is a security problem if the file is readable by someone other than the
user? If so, shouldn't the cut be changed to cut -b 5-10?
Or if that isn't the case, what is the proper configuration for an account
that is authenticated by kerberos only so that the error is not produced?