This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

csih and sspi with guest accounts


Reini Urban schrieb:
You can inspect the library without downloading and unpacking the tarballs using this link:
http://cygwin.cwilson.fastmail.fm/ITP/cygwin-service-installation-helper.sh
>
Thanks, will be considered for the next postgresql package.

I'd need to warn the user on XP about an active
"net user Guest" account. "Guest" needs to be localized, hmm.
I have "Gast" in german.
This is a big security hole with the new sspi auth on postgresql.
Originally I wanted to use sspi as default auth scheme for postgresql-8.3.0-1, instead of md5-default


See http://people.planetpostgresql.org/mha/index.php?/archives/155-Integrated-Security-in-PostgreSQL-8.3.html
and esp. http://www.ngssoftware.com/papers/database-on-xp.pdf


I believe having a global shell function for the postinstaller
to check for xp and an active Guest account would make sense for the service helper.
csih_is_xp()
csih_guestaccount_active()


csih_is_2008() would also be appreciated.

In my case one has to to disable the Guest account with
net user Guest /active:no
to be able to activate sspi in /usr/share/postgresql/pg_hba.conf
So far I plan to solve this with documentation, which rarely someone reads, which I see from the questions in the list.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://helsinki.at/ http://spacemovie.mur.at/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]