Details
P4 Description
Customer is writing a banking application for end customer and trying to use
javax.security.auth.login.LoginContext with the JNDI NIS provider underneath
a JndiLogin module for accessing user and group information held in end
customer's NIS servers.
In this setting, there seems to be no way to prevent the NIS provider from
trying to locate NIS servers by issuing an indirect RPC call to the subnet
broadcast address, whereupon it will proceed to select one of those answering
the broadcast for future use. This happens even although the login configuration
specifies absolute nis urls pointing at a particular NIS server by IP address.
(There is a way to create an InitialContext on top of the NIS provider in such
a way that subsequent relative lookups do go to a particular server, without
any broadcasts, but this functionality is (it appears) not accessible in any
manner which could be used by the LoginContext class.)
This is a security concern to the customer and their end customer - anyone
able to connect a rogue NIS server to the network could subvert the application
authentication mechanism.
javax.security.auth.login.LoginContext with the JNDI NIS provider underneath
a JndiLogin module for accessing user and group information held in end
customer's NIS servers.
In this setting, there seems to be no way to prevent the NIS provider from
trying to locate NIS servers by issuing an indirect RPC call to the subnet
broadcast address, whereupon it will proceed to select one of those answering
the broadcast for future use. This happens even although the login configuration
specifies absolute nis urls pointing at a particular NIS server by IP address.
(There is a way to create an InitialContext on top of the NIS provider in such
a way that subsequent relative lookups do go to a particular server, without
any broadcasts, but this functionality is (it appears) not accessible in any
manner which could be used by the LoginContext class.)
This is a security concern to the customer and their end customer - anyone
able to connect a rogue NIS server to the network could subvert the application
authentication mechanism.