From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Prentis Brooks" <prentis@aol.net>
To: "Cygwin" <cygwin@sourceware.cygnus.com>
Subject: No this has a nasty bite
Date: Fri, 26 May 2000 10:45:00 -0000
Message-id: <NEBBLEPLMLJEEFHAGMDMMECJCAAA.prentis@aol.net>
X-SW-Source: 2000-05/msg00978.html

Alright, this is a problem... Corinna, if you happen to have a quick
solution before I start trying to dig around in the source, please let me
know.

Here is the problem:

You have RSA Authentication enabled and running as user foo on port 22.  You
have another Daemon running SSH with password authentication on port 26.  If
user bar sets up RSA keys in his/her home directory and then connects to
port 22, it will authenticate him/her via the keys in bar's home directory
and then promptly drop them to the shell as foo... this is bad.


Any ideas on how to:

1) Identify who the RSA enabled process is running under
2) Once one is known, ensure that the user coming in is the user we are
running under, rejecting if not.

Prentis


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com