[debian-edu-commits] debian-edu/pkg-team/ 01/01: debian/gosa.NEWS: Add information on password string now getting base64 encoded prior to handing it over to the sambaHashHook script.

[Mike Gabriel]

This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository gosa.

commit 5e1aa33f4f64425908175069ed9200b105405152
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Sun Jan 31 10:35:24 2016 +0100

    debian/gosa.NEWS: Add information on password string now getting base64 encoded prior to handing it over to the sambaHashHook script.
---
 debian/gosa.NEWS | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/debian/gosa.NEWS b/debian/gosa.NEWS
new file mode 100644
index 0000000..45cd303
--- /dev/null
+++ b/debian/gosa.NEWS
@@ -0,0 +1,14 @@
+gosa (2.7.4+reloaded2-8) unstable; urgency=low
+
+  For avoiding code injections during Samba account password changes, the
+  user password entered in GOsa now gets base64 encoded prior to handing
+  it over to the sambaHashHook. On the sambaHashHook side you have to
+  make sure that the handed over string gets base64-decoded prior to
+  NT/LM hash generation.
+
+  If you configure sambaHashHook in gosa.conf (or in LDAP), please make
+  sure to adapt the code for generating Samba's NT and LM hashes.
+
+  For further references, please consult the man page of gosa.conf (5).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Sun, 31 Jan 2015 10:29:30 +0100

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git