[Freeipa-devel] [PATCH] krb 1.12's OTP-Over-RADIUS
Simo Sorce
simo at redhat.com
Wed Mar 6 18:15:24 UTC 2013
On Wed, 2013-03-06 at 12:56 -0500, Nathaniel McCallum wrote:
> Patch is attached.
>
> There are currently a few security downsides to this patch:
> 1. The daemon (ipa-otpd) runs as root and binds anonymously
> 2. ipatokenRadiusSecret is readable by an anonymous bind
>
> This patch also adds some new dependencies, namely:
> 1. libverto (a dependency of krb5)
> 2. systemd
> 3. a krb5 patched for libk5radius support [1]
>
> In the interest of trying to meet the Fedora Features deadline, I am
> providing the patch in spite of the above issues.
>
> Nathaniel
>
> 1 - http://bit.ly/ZqtK79
The actual link for those that will see this thread in future and do not
want to trust a .ly redirector:
https://github.com/npmccallum/krb5/commit/9cb035a01eea0494c28206bd4afbf085793fdc6d
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list