ISO login

From MTU LUG wiki

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
ISO Login is a page at http://www.login.mtu.edu/ that gives you a cookie that allows websites all over MTU to authenticate you. This system generates an x509 certificate signed by MTU's [http://www.login.mtu.edu/downloads/public/mtuca.crt CA] certificate. The certificate expires 8 hours after you login and contains only your username, not your password.
ISO Login is a page at http://www.login.mtu.edu/ that gives you a cookie that allows websites all over MTU to authenticate you. This system generates an x509 certificate signed by MTU's [http://www.login.mtu.edu/downloads/public/mtuca.crt CA] certificate. The certificate expires 8 hours after you login and contains only your username, not your password.
-
Around the begining of the Spring 2005 semester [[User:Jon787|Jon DeVree]] and Brian McPherson found a flaw in the system that allowed any self-signed certificate to be authenticate by the system. This allowed them to generate cookies that expired in years instead of hours and even cookies that were for other users. They utilized this to create phony users like [[EERC_Tree]], and vanity userids for [[User:Dark-Fx]] and [[User:xobes]] on the [[Barkboard|Barkboards]]. DCS fixed the flaw shortly after Jon and Brian reported it.
+
Around the begining of the Spring 2005 semester [[User:Jon787|Jon DeVree]] and Brian McPherson found a flaw in the system that allowed any self-signed certificate to be authenticate by the system. This allowed them to generate cookies that expired in years instead of hours and even cookies that were for other users. They utilized this to create phony users like [[EERC_Tree]], and vanity userids for [[User:Dark-Fx|Dark-Fx]] and [[User:xobes]] on the [[Barkboard|Barkboards]]. DCS fixed the flaw shortly after Jon and Brian reported it.
The ISO login system is currently being upgraded to resemble something closer to Kerberos.
The ISO login system is currently being upgraded to resemble something closer to Kerberos.
[http://www.login.mtu.edu/docs/public/mtuiso/ ISO Documentation]
[http://www.login.mtu.edu/docs/public/mtuiso/ ISO Documentation]

Revision as of 03:13, 15 April 2005

ISO Login is a page at http://www.login.mtu.edu/ that gives you a cookie that allows websites all over MTU to authenticate you. This system generates an x509 certificate signed by MTU's CA certificate. The certificate expires 8 hours after you login and contains only your username, not your password.

Around the begining of the Spring 2005 semester Jon DeVree and Brian McPherson found a flaw in the system that allowed any self-signed certificate to be authenticate by the system. This allowed them to generate cookies that expired in years instead of hours and even cookies that were for other users. They utilized this to create phony users like EERC_Tree, and vanity userids for Dark-Fx and User:xobes on the Barkboards. DCS fixed the flaw shortly after Jon and Brian reported it.

The ISO login system is currently being upgraded to resemble something closer to Kerberos.

ISO Documentation

Personal tools