From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 117651 invoked by alias); 28 Jan 2019 17:19:07 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 117635 invoked by uid 89); 28 Jan 2019 17:19:07 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=account!, management, you! X-HELO: mout.gmx.com Received: from mout.gmx.com (HELO mout.gmx.com) (74.208.4.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 28 Jan 2019 17:19:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1548695944; bh=A0NI2VYHeey55iNOilx2OK9lSZa/Zz+CWlutido0/v4=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=ALS1MDn5UgbrBXELDxuR/Mjo+XXffSaw97pXTjZyiFCRK8kKL/5ei313KG5umKY0R UaaKI0hgzhAM/a4SDMIk6fUE3NZhz+sgQx+5coe12yFUxacZAd97N6UUFFCrELgOqd hUgQRh49Dvu6JBEgAVcP89BLyEjsBUnJgvJlchSA= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 Received: from mail-lj1-f180.google.com ([209.85.208.180]) by mail.gmx.com (mrgmxus002 [74.208.5.15]) with ESMTPSA (Nemesis) id 0MaIgg-1gUQme0UO0-00Jr7q for ; Mon, 28 Jan 2019 18:19:04 +0100 Received: by mail-lj1-f180.google.com with SMTP id t9-v6so14925443ljh.6 for ; Mon, 28 Jan 2019 09:19:03 -0800 (PST) MIME-Version: 1.0 References: <1690850474.834980.1548391349102.ref@mail.yahoo.com> <1690850474.834980.1548391349102@mail.yahoo.com> <20190125174833.GA1710@zebra> <20190128095947.GN3912@calimero.vinschen.de> <20190128165227.GQ3912@calimero.vinschen.de> In-Reply-To: <20190128165227.GQ3912@calimero.vinschen.de> From: Bill Stewart Date: Mon, 28 Jan 2019 17:19:00 -0000 Message-ID: Subject: Re: sshd permits logon using disabled user? To: cygwin@cygwin.com, Bill Stewart Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-01/txt/msg00262.txt.bz2 On Mon, Jan 28, 2019 at 9:52 AM Corinna Vinschen wrote: > > On Jan 28 08:02, Bill Stewart wrote: > > On Mon, Jan 28, 2019 at 2:59 AM Corinna Vinschen > > wrote: > > > > > Can you please test again with the latest snapshot from > > > https://cygwin.com/snapshots/? The new S4U authentication method > > > used in this snapshot automatically applies the Windows account rules so > > > in my testing the patch I applied originally is not required anymore. > > > Consequentially I disabled it to rely fully on the Windows function's > > > behaviour. Can you test this, too, please, just to be sure? > > > > Thank you Corinna; I will test. > > > > Will the S4U authentication work on standalone (non domain-joined) > > machines also? > > It uses MsV1_0 S4U on standalone workstations, Kerberos S4U on domain > meber machines with fallback to MsV1_0 under some circumstances. Hi Corinna, This is great that the service can run using the SYSTEM account! It greatly simplifies management. I tested and it worked as expected. Thank you! Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple