Issue #2992: SSSD does not destroy user Kerberos cache upon logout - sssd

SSSD / sssd

#2992 SSSD does not destroy user Kerberos cache upon logout

Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by ondrejv2.

Steps to reproduce:
1. login to machine as <user> and log out
2. login as root, the 'su <user>'
3. run 'klist'
4. Valid principal is observed - this is security problem

Observed on RHEL-7

dpal commented 8 years ago

I remember we discussed it at some point. I know this is how things worked before SSSD but why is it an expectation that the cache should be cleaned?

jhrozek commented 8 years ago

I would say it was more important back when ccaches were stored on disk. pam_krb5 used to offer this option. But since we are using keyring now, then the ccaches are only accessible by root or by the UID of the user.

ondrejv2 commented 8 years ago

I think it might be less critical now, but I believe it is still important.
Imagine a malicious user gets root access to the machine - he could easily steal network identity of the user who has logged out few hours ago.

jhrozek commented 7 years ago

If a user gets root on the machine, he can install a keylogger.

This is a bug, but it's fine to fix it in the next version.

milestone: NEEDS_TRIAGE => SSSD 1.15 beta

ondrejv2 commented 7 years ago

agreed

jhrozek commented 7 years ago

Fields changed

rhbz: => todo

Metadata Update from @ondrejv2:
- Issue set to the milestone: SSSD Future releases (no date set yet)

7 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None
- Issue tagged with: KCM

6 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: Future milestone

4 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4033

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD Future releases (no date set yet)

type

defect

component

SSSD

version

1.13.0

selected

None

testsupdated

false

patch

false

rhbz

todo

design_review

false

review

false

changelog

None

keywords

None

coverity

None

mark

false

blocking

None

design

None

sensitive

false

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2992 SSSD does not destroy user Kerberos cache upon logout Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by ondrejv2.

Metadata

KCM Future milestone

#2992 SSSD does not destroy user Kerberos cache upon logout

Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by ondrejv2.