[Freeipa-devel] [PATCH] krb 1.12's OTP-Over-RADIUS
Nathaniel McCallum
npmccallum at redhat.com
Wed Mar 6 17:56:10 UTC 2013
Patch is attached.
There are currently a few security downsides to this patch:
1. The daemon (ipa-otpd) runs as root and binds anonymously
2. ipatokenRadiusSecret is readable by an anonymous bind
This patch also adds some new dependencies, namely:
1. libverto (a dependency of krb5)
2. systemd
3. a krb5 patched for libk5radius support [1]
In the interest of trying to meet the Fedora Features deadline, I am
providing the patch in spite of the above issues.
Nathaniel
1 - http://bit.ly/ZqtK79
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-support-for-krb5-1.12-s-OTP-Over-RADIUS.patch
Type: text/x-patch
Size: 64473 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130306/c2f9a84d/attachment.bin>
More information about the Freeipa-devel
mailing list