Ubuntu
ldap-auth-client package

USERID with whitespace (GUI login)

Asked by Jerry

After switching to LDAP authentication last summer, we've noticed that if a user hits the space bar a couple of times before entering their username in a lightdm login screen, they still will be authenticated. This phenomenon also occurs if a user puts space at the end of their username. This could be a potential security issue.

After getting a desktop and typing last at the cmd line yields an example:

user1 :0 :0 Mon Apr 25 19:08 - 19:38 (00:29)
 user2 :0 :0 Mon Apr 25 16:25 - 16:45 (00:19)
user3 :0 :0 Mon Apr 25 10:28 - 11:57 (01:29)

** Note the space before the user2 username.

The issue becomes where users run CLI programs where their $USER is taken into account. A workaround has been implemented in /etc/bash.bashrc which basically strips the whitespace, but it would be great if we could prevent them (don't accept) from putting in the space to begin with. We've scoured ***/etc/ldap.conf*** (which seems like the most reasonable place) for a solution, but so far have not found a resolution.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ldap-auth-client Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
Last query:
Last reply:
Revision history for this message
Best actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report this as a bug. Mark it as a security bug.

Revision history for this message
Jerry (jebailie) said : 		#2

Thanks actionparsnip, that solved my question.

Revision history for this message
Jerry (jebailie) said : 		#3

Ok, I did as you've suggested.... submitted it as a security bug.