Bug 130355

Summary:	sshd config contains specific LDAP servers enabled for authentication
Product:	Gentoo Security	Reporter:	Aquila <bart.braem>
Component:	Auditing	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	critical	CC:	lcars
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Aquila 2006-04-18 05:55:54 UTC

The current stable sshd config specifies LDAP servers for authentication and enables those. That seems like a very bad idea to me, users might unwillingly allow authentication against external servers. 
Excuse me if this is not a problem, I just want to be sure.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-05-14 05:41:54 UTC

lcars, please have a look, thx

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-14 09:32:17 UTC

Reassinging to security since bug-wranglers cannot see security restricted bugs.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-14 09:34:37 UTC

And now actually reassigning.

Comment 4 Andrea Barisani (RETIRED) gentoo-dev

2006-05-14 20:32:26 UTC

This is not the case anymore, can you please provide more information?

Check bug http://bugs.gentoo.org/show_bug.cgi?id=130354, is that the case?

What servers are you seeing? And if so please re-emerge openssh and see if that's
the case.

thx

Comment 5 Aquila 2006-05-14 23:49:30 UTC

Indeed bug #130354 describes the same problem.

*** This bug has been marked as a duplicate of 130354 ***