Cygrunsrv and special Windows virtual accounts "NT SERVICE"
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Dec 17 10:21:00 GMT 2012
On Dec 14 16:23, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> > http://cygwin.com/ml/cygwin/2012-12/msg00154.html
>
> Thanks.
>
> > I'm wondering if it's such a bright idea to use a NULL password based on
> > a check for a certain domain. That's practically guaranteed to break
> > at one point again.
>
> I donât think Microsoft is going to drop "NT SERVICE\" in any near future
> (they've just had the feature introduced!). This is the only domain that
> needs to be treated specially (for now).
That's not how I understand the documentation:
http://technet.microsoft.com/en-us/library/dd548356.aspx
Virtual accounts use the NT SERVICE domain, but managed accounts
seem to be subsumed under your normal AD domain name.
> > !pass || pass[0] == '\0'
>
> MSDN says that password-less accounts must provide an empty string
> (and it does not mention NULL). More cumbersome logic can involve
> checking for both the special domain and empty/NULL password (as above),
> resulting in NULL lpPassword only when both checks have been met.
>
> > what about something like `-w NULL'?
>
> I would not vote for this. This precludes that the string "NULL" cannot
> be used as an otherwise regular password.
Apart from the fact that NULL is a terrible password, I'd still be more
comfortable to allow a NULL password as a user defined option on the
command line. If not -W NULL, what about '-w -' or a long-only option
like --null-pwd?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list