Project

General

Profile

Feature #26038

Remove legacy behavior of storing AD Credentials

Added by Andrew Walker about 2 years ago. Updated 10 months ago.

Status:
Closed
Priority:
Nice to have
Assignee:
Andrew Walker
Category:
Services
Target version:
Estimated time:
Severity:
Medium
Reason for Closing:
Not to be fixed
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

As things currently stand, it's trivially easy for root on the FreeNAS server to 'recover' the AD credentials that are used to join the server to an AD domain. This would not be as big of a problem if we used unprivileged AD accounts. Unfortunately, iX support commonly has clients use "Domain Admin" credentials for this purpose. This means that in many deployments, compromising the root account on a TN server can result in compromising the entire AD Domain. Not a good situation.

Basically, two things we're doing (that aren't terrible in themselves) can severely compromise the security of an AD environment.

Per quick exchange of messages with John, it appears that this behavior (storing AD credentials) is legacy, and can be removed with some code changes. This is consistent with what I've seen from domain-joined linux samba servers, which don't require storing AD credentials (apart from machine account information in secrets.tdb, etc.).

In addition to the code changes, we need to perhaps update our practices regarding how to join a FreeNAS / TrueNAS server to a domain. There is a doc in progress to address this secondary issue.

History

#1 Updated by Dru Lavigne about 2 years ago

  • Status changed from Untriaged to Unscreened
  • Assignee changed from Release Council to John Hixson

#2 Updated by John Hixson about 2 years ago

  • Status changed from Unscreened to Screened
  • Priority changed from Important to Nice to have
  • Target version set to 11.2-BETA1

#4 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 2 years ago

  • Target version changed from 11.2-BETA1 to 11.3

#5 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 2 years ago

  • Status changed from Screened to Not Started

#6 Updated by John Hixson over 1 year ago

  • Assignee changed from John Hixson to Timur Bakeyev

#7 Avatar?id=13649&size=24x24 Updated by Ben Gadd over 1 year ago

  • Target version changed from 11.3 to Backlog

#8 Avatar?id=13649&size=24x24 Updated by Ben Gadd over 1 year ago

  • Severity set to New

#9 Updated by John Hixson over 1 year ago

  • Assignee changed from Timur Bakeyev to John Hixson

#10 Updated by John Hixson over 1 year ago

  • Category changed from OS to Services

#12 Updated by John Hixson over 1 year ago

  • Severity changed from New to Medium

#13 Updated by Dru Lavigne about 1 year ago

  • Assignee changed from John Hixson to William Grzybowski

#14 Updated by William Grzybowski about 1 year ago

  • Assignee changed from William Grzybowski to Andrew Walker

#15 Updated by Andrew Walker 10 months ago

  • Status changed from Not Started to Closed
  • Reason for Closing set to Not to be fixed
  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No

#17 Updated by Dru Lavigne 10 months ago

  • Target version changed from Backlog to N/A
  • Private changed from Yes to No

Also available in: Atom PDF