[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Follow up on Authorize Only issue
The security implications of unrestricted access to *any* user attributes
are fairly severe.
For example, should a NAS be able to retrieve the Tunnel-Password attribute
of any user, regardless of whether they are connected?
There are also VSAs that contain sensitive information.
The Call-Check Service typically provides very little information in the
Access-Accept (all that is needed is whether to accept or reject the call)
so there is minimal leakage.
If this is allowed, it should follow the principle of "least privilege",
only providing the attributes relevant to SSH.
For the SSHSM usage case, the question is whether it is an
unacceptable security risk for a trusted NAS to be able to obtain
authorization information about a user that is not actually
"present" at the NAS?
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.