This is the mail archive of the
cygwin
mailing list for the Cygwin project.
csih and sspi with guest accounts
- From: Reini Urban <rurban at x-ray dot at>
- To: Cygwin List <cygwin at cygwin dot com>
- Date: Sat, 08 Mar 2008 21:08:35 +0100
- Subject: csih and sspi with guest accounts
- References: <47CE07A2.5030505@cwilson.fastmail.fm> <47CEE4DD.6030608@x-ray.at>
Reini Urban schrieb:
You can inspect the library without downloading and unpacking the
tarballs using this link:
http://cygwin.cwilson.fastmail.fm/ITP/cygwin-service-installation-helper.sh
>
Thanks, will be considered for the next postgresql package.
I'd need to warn the user on XP about an active
"net user Guest" account. "Guest" needs to be localized, hmm.
I have "Gast" in german.
This is a big security hole with the new sspi auth on postgresql.
Originally I wanted to use sspi as default auth scheme for
postgresql-8.3.0-1, instead of md5-default
See
http://people.planetpostgresql.org/mha/index.php?/archives/155-Integrated-Security-in-PostgreSQL-8.3.html
and esp. http://www.ngssoftware.com/papers/database-on-xp.pdf
I believe having a global shell function for the postinstaller
to check for xp and an active Guest account would make sense for the
service helper.
csih_is_xp()
csih_guestaccount_active()
csih_is_2008() would also be appreciated.
In my case one has to to disable the Guest account with
net user Guest /active:no
to be able to activate sspi in /usr/share/postgresql/pg_hba.conf
So far I plan to solve this with documentation, which rarely someone
reads, which I see from the questions in the list.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://helsinki.at/ http://spacemovie.mur.at/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/