csih and sspi with guest accounts
Reini Urban
rurban@x-ray.at
Sat Mar 8 20:09:00 GMT 2008
Reini Urban schrieb:
>> You can inspect the library without downloading and unpacking the
>> tarballs using this link:
>> http://cygwin.cwilson.fastmail.fm/ITP/cygwin-service-installation-helper.sh
>
> Thanks, will be considered for the next postgresql package.
I'd need to warn the user on XP about an active
"net user Guest" account. "Guest" needs to be localized, hmm.
I have "Gast" in german.
This is a big security hole with the new sspi auth on postgresql.
Originally I wanted to use sspi as default auth scheme for
postgresql-8.3.0-1, instead of md5-default
See
http://people.planetpostgresql.org/mha/index.php?/archives/155-Integrated-Security-in-PostgreSQL-8.3.html
and esp. http://www.ngssoftware.com/papers/database-on-xp.pdf
I believe having a global shell function for the postinstaller
to check for xp and an active Guest account would make sense for the
service helper.
csih_is_xp()
csih_guestaccount_active()
csih_is_2008() would also be appreciated.
In my case one has to to disable the Guest account with
net user Guest /active:no
to be able to activate sspi in /usr/share/postgresql/pg_hba.conf
So far I plan to solve this with documentation, which rarely someone
reads, which I see from the questions in the list.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://helsinki.at/ http://spacemovie.mur.at/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list