GitLab

Hello,

Using Debian Jessie, configured with fusiondirectory repo : deb http://repos.fusiondirectory.org/debian-jessie jessie main Version installed is 1.0.9.1-1. Plugin SSH installed and fusiondirectory-plugin-ssh-schema installed/inserted on my SLAPD server.

I use a ssh-ldap-pubkey script on my servers to connect using public key authentication. When I lock a user in fusiondirectory, he can still connect to the server using his private key (no more sudo possible).

I think the way the user is locked is by adding a "! " to the encrypted password, so the ssh keys are not impacted... It could be OK to do the same thing on all the sshPublicKey attributes of the account ? ex : ssh-rsa !AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Or adding a keyword (diabled ?) at the begining of the key ? ex: disabled-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Regards

(from redmine: issue id 4385, created on 2015-12-28, closed on 2016-01-22)

• Relations:
  • copied_to #4473
• Changesets:
  • Revision 5207c5fd by Côme Chilliet on 2016-01-21T03:25:56.000Z:

Fixes #4385 Ignoring disabled- prefix when parsing SSH keys

• Revision 16ec16e1 by Côme Chilliet on 2016-01-21T03:26:56.000Z:

Fixes #4385 Ignoring disabled- prefix when parsing SSH keys

• Revision 0c07fabb by Côme Chilliet on 2016-01-21T03:27:12.000Z:

Fixes #4385 Ignoring disabled- prefix when parsing SSH keys

• Custom Fields:
  • Bug in version: 1.0.9.1