Bug 245406 - merge account with new commiter account
Summary: merge account with new commiter account
Status: Closed FIXED
Alias: None
Product: Services
Classification: Unclassified
Component: Bug Tracker (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Only Me
Assignee: Oleksandr Tymoshenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-06 18:12 UTC by Richard Scheffenegger
Modified: 2020-04-07 06:09 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Richard Scheffenegger freebsd_committer 2020-04-06 18:12:51 UTC
Hi,

there should be a new rscheff@freebsd.org account, where this rscheff@gmx.at account should be merged with.
Comment 1 Richard Scheffenegger freebsd_committer 2020-04-06 18:19:02 UTC
Just to confirm that the new @freebsd.org account exists.

How is simply resetting the kpasswd via SSH using the right @freebsd user name not an easy route for a denial of service? (E.g. anyone can reset the kerberos passwords for all commiters, who have to recover their passwords tediously thereafter, no?
Comment 2 Oleksandr Tymoshenko freebsd_committer freebsd_triage 2020-04-07 06:09:04 UTC
(In reply to Richard Scheffenegger from comment #1)

Hi Richard,

Accounts have been merged. Closing PR as fixed.

You can reset the user's password only if you have user's private SSH key to login to the kpasswd server. Without it attacker can only get this far:

% ssh rscheff@kpasswd.freebsd.org
Permission denied (publickey).