sshd permits logon using disabled user?
Stefan Baur
X2Go-ML-1@baur-itcs.de
Thu Jan 24 16:16:00 GMT 2019
Am 24.01.19 um 16:59 schrieb Corinna Vinschen:
> I think refusing an account manually and deliberately disabled by an
> admin makes lots of sense.
>
> I'm not so sure about locked out accounts. THis might need some
> discussion.
It's been a while since I did Windows administration, so I can't really
make a recommendation here ... BUT:
If an admin can lock out an account (separately from disabling it
entirely), say, by setting an initial password, checking the "user must
change password on first login", and also checking "user is not allowed
to change password" simultaneously (if that's possible), or, say, by
just setting a random password without telling it to anyone ever,
followed by firing so many login attempts at the account that it gets
locked out, then telling them apart and treating locked out accounts
differently would make sense, IMO.
Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190124/9f8617eb/attachment.sig>
More information about the Cygwin
mailing list