71b0389 mkhomedir: add support for pre-CVE-2020-10737 behavior

Authored and Committed by abbra 5 months ago
    mkhomedir: add support for pre-CVE-2020-10737 behavior
    
    Pre-CVE-2020-10737 behavior was used to allow creating home directories
    on NFS mounts when non-Kerberos authentication method is in use. This is
    exactly the case where a race condition addressed by the CVE-2020-10737
    fix could have happened. However, there are legit use cases where this
    setup is needed.
    
    Add '-f' option to mkhomedir helper to activate previous behavior. In
    order to enable it, a change to oddjobd-mkhomedir.conf configuration
    file is needed by explicitly adding '-f' option to the executable file
    definition.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2050079
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    
        
file modified
+13 -3