[Bug 1406940] Re: ecryptfs does not work for domain users (AD, likewise/powerbroker)
Dustin Kirkland
dustin.kirkland at gmail.com
Thu Aug 13 16:54:39 UTC 2015
Hmm, looking at this patch and I'm quite nervous. Backslashes and
dollar signs in user names -- that sounds fraught with peril.
@tyhicks, @slangesek, @pitti: could you guys review the pam portions of
this patch for security and safety?
** Changed in: ecryptfs-utils (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: ecryptfs-utils (Ubuntu)
Importance: Wishlist => Low
** Changed in: ecryptfs-utils (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1406940
Title:
ecryptfs does not work for domain users (AD, likewise/powerbroker)
Status in ecryptfs-utils package in Ubuntu:
Triaged
Bug description:
Ecryptfs encryption does not work for domain users in an active
directory domain, integrated with likewise open / powerbroker for the
following reasons:
- domain user names contain backslashes (DOMAIN\user.name). Ecryptfs checks for valid usernames, which mustn't contain backslashes
- There is no pam hook which automatically activates encryption of the home directory of new domain users
Steps to reproduce:
- Set up AD controller, e.g. via samba4
- Set up ecryptfs-utils on an ubuntu machine
- Add ubuntu machine to domain with likewise open / powerbroker
- Login with domain user
Result:
- Home directory is unencrypted
Additional steps:
- Manually encrypt home directory of domain user
Additional result:
- On login decryption fails with message: "Username has unsupported characters"
Expected result:
Home directories of domain users can easily be encrypted and decrypted with ecryptfs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1406940/+subscriptions
More information about the Ubuntu-sponsors
mailing list