Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Shibboleth Authentication with Sympa
- From: Ryann Levo <address@concealed>
- To: address@concealed
- Subject: [sympa-users] Shibboleth Authentication with Sympa
- Date: Fri, 13 Jul 2007 14:01:45 -0400
Hello all,
We're working with Sympa 5.2.3 and we have Shibboleth authentication (staying within our institution - currently not allowing others to auth) working. However we found a slight security issue that since our customers can change their mail attribute in LDAP (what Shib uses to get the users's information), there's the potential that someone could change their mail attribute to another person's email address and basically auth into Sympa and have the other person's rights/views into their lists (of course the most dangerous one would be the listmaster's email address).
Has anyone else run into this problem using Sympa and Shibboleth?
Any thoughts or ideas would be of great help - and unfortunately not allowing our customers to modify their mail attribute is not an option.
Ryann
--
Ryann A. Levo
Sr. System Software Engineer
IT @ Johns Hopkins
410.735.7655 (Office)
410.735.4190 (FAX)
http://it.jhu.edu
-
[sympa-users] Shibboleth Authentication with Sympa,
Ryann Levo, 07/13/2007
- [sympa-users] Re: Shibboleth Authentication with Sympa, Olivier Salaün, 07/14/2007
Archive powered by MHonArc 2.6.19+.