Package: libpam-ldap Version: 180-1.4 Severity: important
pam-ldap should compare the UID with the one stored in LDAP before reporting the progress as PAM_AUTHOK. Problem is, that the current schema definition of the UID attribute is non case sensitive and leading whitespaces seem to be ignored by the filter. So, for example, it is possible to authenticate by these uid's if you've defined a user with the LDAP specified UID "joe": "Joe", "JOE", "joe", " joe", etc. As a result, you get the environment variable USER filled with the "wrong" UID, which may break several applications using this variable to perform various actions. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
