Username case sensitivity issue with multiple variants in /etc/passwd

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I recently upgraded from 4.3 to 6.7 on Windows with cygwin and noticed that case sensitivity had been introduced for Windows usernames as per this discussion: http://marc.info/?l=openssh-unix-dev&m=126505289206175&w=2

It seems there is still a bug in the handling of usernames regarding case sensitivity however. The following /etc/passwd allows me to login as either Jason or dave to the same uid (case-sensitive, therefore jason and Dave do not work as expected):

Jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
dave:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash

If I change the /etc/passwd to the following however, I can only login with the username Jason. jason (lower-case) does not work. This is dependant on which occurs first in the /etc/passwd file (i.e. if lowercase is first, that is the allowed variant):

Jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash
jason:unused:1006:513:Jason Jacques,U-SERVER\jason,S-1-5-21-XXXXXXXXXX-436374069-527237240-1006:/home/jason:/bin/bash

In essence, it seems OpenSSH is now treating Jason and jason as different accounts based on unix practices, but if different cases are specified in /etc/passwd only the first variant is evaluated before determining if the login should proceed.

Thanks,

Jason Jacques
Email: jtjacques@xxxxxxxxx
Web: http://jasonjacques.co.uk




_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux