From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215045-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 111003 invoked by alias); 24 Jan 2019 18:13:00 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 110994 invoked by uid 89); 24 Jan 2019 18:12:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=H*c:alternative
X-HELO: mout.gmx.com
Received: from mout.gmx.com (HELO mout.gmx.com) (74.208.4.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 24 Jan 2019 18:12:58 +0000
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
Received: from mail-lj1-f176.google.com ([209.85.208.176]) by mail.gmx.com (mrgmxus001 [74.208.5.15]) with ESMTPSA (Nemesis) id 0M08vC-1h3S441DuG-00uM5n for <cygwin@cygwin.com>; Thu, 24 Jan 2019 19:12:56 +0100
Received: by mail-lj1-f176.google.com with SMTP id c19-v6so6090327lja.5        for <cygwin@cygwin.com>; Thu, 24 Jan 2019 10:12:55 -0800 (PST)
MIME-Version: 1.0
References: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA@mail.gmail.com> <20190124154533.GK2802@calimero.vinschen.de> <CANV9t=RtGmpkogw0J7oCME+f4GNkeWo=QSJZFA_jOqyBxPLLdw@mail.gmail.com> <1b1ba104-977f-7297-6d8e-1b456acae305@baur-itcs.de>
In-Reply-To: <1b1ba104-977f-7297-6d8e-1b456acae305@baur-itcs.de>
From: Bill Stewart <bstewart@iname.com>
Date: Thu, 24 Jan 2019 18:13:00 -0000
Message-ID: <CANV9t=RKcVJX8=NuenDaHDq79CMkT--yerjEZwiPtk+5DtxOBQ@mail.gmail.com>
Subject: Re: sshd permits logon using disabled user?
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2019-01/txt/msg00211.txt.bz2

On Thu, Jan 24, 2019 at 10:58 AM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:

That sounds like the total opposite - allowing login without a password.
>
> Now, if there was a flag PASSWD_NOTPERMITTED or something like that,
> then we'd be able to emulate what can be done on Linux with "passwd -l
> username" and an ssh key file.
>

You are correct; "password not required" != "password not permitted."

I don't think Windows natively supports password-free logons using only key
files (but I might be wrong about that).

In any case, I'm not sure it's needed to support this scenario. Just set a
very long/random/complex password on the account.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple