]> git.ipfire.org Git - thirdparty/cups.git/commit
projects / thirdparty / cups.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a991802) | patch
Fix HTTP PeerCred authentication for domain users (fixes #1001) 1029/head
authorVladislav Tarakanov <vladislav.tarakanov@bk.ru>
Mon, 12 Aug 2024 22:11:39 +0000 (02:11 +0400)
committerVladislav Tarakanov <vladislav.tarakanov@bk.ru>
Mon, 12 Aug 2024 22:11:39 +0000 (02:11 +0400)
commitcdf1d70536fa68f91df74ee078d13f61e2a343c4
treeccbcb235f27194864da4bb42c79e76a948a5c7a1tree
parenta991802ae2f97bae82a44633b2f4ba7813e2b9eacommit | diff
Fix HTTP PeerCred authentication for domain users (fixes #1001)

- Remove domain from user name during local user authentication (e.g., "user@example.com" –> "user"). This practice can be beneficial for maintaining compatibility with older versions of Kerberos. However, enabling this option can have negative consequences. It may result in confusion between domain and local users with identical names, potentially leading to incorrect assignment of user permissions and unintentional permission escalation, thus creating a security risk. Therefore, it is advisable to avoid using this option in most cases.
- Add "StripUserDomain" parameter to cups-files.conf

Co-authored-by: Irgaliev Amin <irgaliev01@mail.ru>
Co-authored-by: Artyom Proskurnyov <temap@mail.ru>
Reviewed-by: Alexander Pevzner <pzz@apevzner.com>
conf/cups-files.conf.in diff | blob | blame | history
man/cups-files.conf.5 diff | blob | blame | history
scheduler/auth.c diff | blob | blame | history
scheduler/conf.c diff | blob | blame | history
scheduler/conf.h diff | blob | blame | history
Mirror of https://github.com/OpenPrinting/cups.git