#1687 Disallow root SSH public key authentication
Closed: Fixed None Opened 7 years ago by jcholast.

pam_sss does not allow users named "root" to authenticate. Do the same thing for SSH by rejecting public key requests for users named "root" in sss_ssh_authorizedkeys.

Fields changed

owner: somebody => jcholast

Not a security issue -- someone would have to create a user named "root" on the IPA server and if someone has the power to create users on IPA server, we're busted anyway.

Honza says the patch is two lines. I think 1.9.4 makes sense.

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Fields changed

patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.9.4

2 years ago

Login to comment on this ticket.