Re: sshd permits logon using disabled user?

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Jan 28 10:18, Bill Stewart wrote:
> On Mon, Jan 28, 2019 at 9:52 AM Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> >
> > On Jan 28 08:02, Bill Stewart wrote:
> > > On Mon, Jan 28, 2019 at 2:59 AM Corinna Vinschen
> > > <corinna-cygwin@cygwin.com> wrote:
> > >
> > > > Can you please test again with the latest snapshot from
> > > > https://cygwin.com/snapshots/?  The new S4U authentication method
> > > > used in this snapshot automatically applies the Windows account rules so
> > > > in my testing the patch I applied originally is not required anymore.
> > > > Consequentially I disabled it to rely fully on the Windows function's
> > > > behaviour.  Can you test this, too, please, just to be sure?
> > >
> > > Thank you Corinna; I will test.
> > >
> > > Will the S4U authentication work on standalone (non domain-joined)
> > > machines also?
> >
> > It uses MsV1_0 S4U on standalone workstations, Kerberos S4U on domain
> > meber machines with fallback to MsV1_0 under some circumstances.
> 
> Hi Corinna,
> 
> This is great that the service can run using the SYSTEM account! It
> greatly simplifies management.

Along these lines I have an OpenSSH patch in the loop which reverts
the ssh-host-config script back to using the SYSTEM user, just as
in the olden Windows XP days.  I'll send it upstream as soon as
Cygwin 3.0 is officially released.  I attached the resulting
ssh-host-config script to this mail, if you or anybody else want
to test it.

> I tested and it worked as expected.
> 
> Thank you!

Super, thank you!  I guess I will role out a Cygwin test release in the
next couple of days.


Stay tuned,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: ssh-host-config
Description: Text document

Attachment: signature.asc
Description: PGP signature