Actions
Bug #1202
closedShell access permission required for IPsec Xauth clients
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/16/2011
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
In order for a client to successfully authenticate against an IPsec mobile setup that has Xauth enabled, the user must have some form of shell access before Xauth will work.
This has been reported/confirmed by several people on IRC.
We already put users without shell access in /etc/passwd, but we also lock them out. If we had an IPsec-Xauth permission it would only need to unlock the account, and leave the shell at nologin.
Actions