https://bugzilla.novell.com/show_bug.cgi?id=538064
https://bugzilla.novell.com/show_bug.cgi?id=538064#c37
--- Comment #37 from Dr. Werner Fink 2010-09-28 15:31:46 UTC ---
man 7 security:
[...]
localuser & localgroup
On systems which can determine in a secure fashion the creden-
tials of a client process, the "localuser" and "localgroup"
authentication methods provide access based on those creden-
tials. The format of the values provided is platform specific.
For POSIX & UNIX platforms, if the value starts with the charac-
ter '#', the rest of the string is treated as a decimal uid or
gid, otherwise the string is defined as a user name or group
name.
If your system supports this method and you use it, be warned
that some programs that proxy connections and are setuid or set-
gid may get authenticated as the uid or gid of the proxy pro-
cess. For instance, some versions of ssh will be authenticated
as the user root, no matter what user is running the ssh client,
so on systems with such software, adding access for
localuser:root may allow wider access than intended to the X
display.
.. what happend about forwarded X11 and TCP connections by ssh/sshd?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.