Bug 39901 - squid allows basic auth for deactivated accounts
squid allows basic auth for deactivated accounts
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Squid
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Daniel Tröder
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-12 11:44 CET by Jürn Brodersen
Modified: 2015-12-09 16:46 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2015-11-12 11:44:44 CET
Squid allows basic auth for deactivated accounts.
Only after also locking all login methods squid refuses the login.

See also:
https://hutten.knut.univention.de/mediawiki/index.php/Produkttests_UCS_4.1_Apache_%26_Squid#Passwort-Auswertung_am_Proxy
Comment 1 Daniel Tröder univentionstaff 2015-11-26 18:08:38 CET
the ldap query now checks for disabled posix and kerberos accounts

code: 65965
yaml: 65967 univention-squid.yaml
Comment 2 Felix Botner univentionstaff 2015-12-07 13:23:57 CET
OK - univention-squid (if posix or kerberos is disabled for a user, that
     user can no longer use squid basic auth)
OK - YAML
Comment 3 Janek Walkenhorst univentionstaff 2015-12-09 16:46:21 CET
<http://errata.software-univention.de/ucs/4.1/25.html>