Bug 39901 - squid allows basic auth for deactivated accounts
squid allows basic auth for deactivated accounts
Product: UCS
Classification: Unclassified
Component: Squid
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Daniel Tröder
Felix Botner
Depends on:
  Show dependency treegraph
Reported: 2015-11-12 11:44 CET by Jürn Brodersen
Modified: 2015-12-09 16:46 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2015-11-12 11:44:44 CET
Squid allows basic auth for deactivated accounts.
Only after also locking all login methods squid refuses the login.

See also:
Comment 1 Daniel Tröder univentionstaff 2015-11-26 18:08:38 CET
the ldap query now checks for disabled posix and kerberos accounts

code: 65965
yaml: 65967 univention-squid.yaml
Comment 2 Felix Botner univentionstaff 2015-12-07 13:23:57 CET
OK - univention-squid (if posix or kerberos is disabled for a user, that
     user can no longer use squid basic auth)
Comment 3 Janek Walkenhorst univentionstaff 2015-12-09 16:46:21 CET