Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • fusiondirectory-plugins fusiondirectory-plugins
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 57
    • Issues 57
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • fusiondirectory
  • fusiondirectory-pluginsfusiondirectory-plugins
  • Issues
  • #4385
Closed
Open
Created Dec 28, 2015 by matracine@matracineReporter

Locked users can connect using SSH keys

Hello,

Using Debian Jessie, configured with fusiondirectory repo : deb http://repos.fusiondirectory.org/debian-jessie jessie main Version installed is 1.0.9.1-1. Plugin SSH installed and fusiondirectory-plugin-ssh-schema installed/inserted on my SLAPD server.

I use a ssh-ldap-pubkey script on my servers to connect using public key authentication. When I lock a user in fusiondirectory, he can still connect to the server using his private key (no more sudo possible).

I think the way the user is locked is by adding a "! " to the encrypted password, so the ssh keys are not impacted... It could be OK to do the same thing on all the sshPublicKey attributes of the account ? ex : ssh-rsa !AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Or adding a keyword (diabled ?) at the begining of the key ? ex: disabled-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Regards

(from redmine: issue id 4385, created on 2015-12-28, closed on 2016-01-22)

  • Relations:
    • copied_to #4473
  • Changesets:
    • Revision 5207c5fd by Côme Chilliet on 2016-01-21T03:25:56.000Z:
Fixes #4385 Ignoring disabled- prefix when parsing SSH keys
  • Revision 16ec16e1 by Côme Chilliet on 2016-01-21T03:26:56.000Z:
Fixes #4385 Ignoring disabled- prefix when parsing SSH keys
  • Revision 0c07fabb by Côme Chilliet on 2016-01-21T03:27:12.000Z:
Fixes #4385 Ignoring disabled- prefix when parsing SSH keys
  • Custom Fields:
    • Bug in version: 1.0.9.1
Assignee
Assign to
Time tracking