| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=jyf5ExIj2SuwDAEs3ujtc7eLUNCP4rqjN6dplEaiipz6TVDQtRlp+ | |
| SDuqDFbG4rirs0RPamof0DgcRW71AF8o7bpMMA5W1I6qb5zgh6hDuSgo/vMrwxgd | |
| 8UpEB/jBg0uyq4CZVtbqz0RTsdNovTeqV7rEGVksOlgVKpO3P04Il8= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=LU4r+pxlUGRr5b0yUUiVfWj/JNE=; b=SlCzuXT/0W3VKAfLA1OE7uX/2gKh | |
| 4evE7zsxIi8vztbMMkgfzUacBcCtGc096Vuh7Fz3WgS6f5IExFepE4hFVutQb2mo | |
| xafOxOTA/z+7ht7pTP+3n7g7zg4s5PFUN+wYRPo1UJD51HXQADmVRITxFYeZGb76 | |
| dMlza1YbySXN9wE= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=she, malicious, BUT, guy |
| X-HELO: | mout.kundenserver.de |
| Date: | Thu, 24 Jan 2019 17:36:12 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: sshd permits logon using disabled user? |
| Message-ID: | <20190124163612.GM2802@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA AT mail DOT gmail DOT com> <20190124154533 DOT GK2802 AT calimero DOT vinschen DOT de> <2b348ac3-63d1-2cd3-430d-2568d650a583 AT baur-itcs DOT de> <20190124155918 DOT GL2802 AT calimero DOT vinschen DOT de> <51ded8a7-ffc0-c1b0-8bb6-8d2f5870ec68 AT baur-itcs DOT de> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <51ded8a7-ffc0-c1b0-8bb6-8d2f5870ec68@baur-itcs.de> |
| User-Agent: | Mutt/1.10.1 (2018-07-13) |
--bAwSoJxbKYwy34Oe Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jan 24 17:16, Stefan Baur wrote: > Am 24.01.19 um 16:59 schrieb Corinna Vinschen: > > I think refusing an account manually and deliberately disabled by an > > admin makes lots of sense. > >=20 > > I'm not so sure about locked out accounts. THis might need some > > discussion. >=20 > It's been a while since I did Windows administration, so I can't really > make a recommendation here ... BUT: >=20 > If an admin can lock out an account (separately from disabling it > entirely), say, by setting an initial password, checking the "user must > change password on first login", and also checking "user is not allowed > to change password" simultaneously (if that's possible), or, say, by > just setting a random password without telling it to anyone ever, > followed by firing so many login attempts at the account that it gets > locked out, then telling them apart and treating locked out accounts > differently would make sense, IMO. This description sounds extremly artificial to me. We should work under the assumption that the admin is the good guy. Usually a user locks itself out, or is locked out by a malicious login attempt. The admin can only define rules for locking out, other than that she can only remove the "account locked" flag. Corinna --=20 Corinna Vinschen Cygwin Maintainer --bAwSoJxbKYwy34Oe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxJ6XwACgkQ9TYGna5E T6DUgxAAnWvVkSsoiN/jzQtjhfstKdz9YJ9kV3Bkob5ojALRHpYM2qQsg1DeTUyg rMN/uwGt1i3ZqMKs4yWe1p8ZeHfy2DMkS0M4qyrFNyPVBuq5chwWkgkMhGkOJgYu v4WE8lizT6zewAcid6gFas2hYNjH8fh9xwlQzSEPURNt3YYkvosyMw9LdZZbvmHM UH3gHpEWomB31DcbZYk7nq+8Z07innJPGGKRqfbOqGCO40Eg/1zrZJ3iZWkZdmc8 21cdAolM27oxC1jcMJiWXr5EeDNm/WZKGlsR4kBkIq75Xb+KEbEZvMDqlaIFINE0 zvUVJmYUnoW3WMnZTyLHTUDnb6ANJNGDBYOMA0YrseiztQHpM0QwVfHVPXZZ8ga1 Lt3L7qzCywOa5JP5Qej1i2A8x/LMIAZW8GN8Txx1cikNgrXD3HhdyqlHtonLdK6K V9i5tWvX1hS2AaMKU5bbzRkegbqvb0XDeRapU1l4oPSoonyqrQ1F5PI8XfXRwTOX uNrhH2t4oao0xloVl+dxLx8SwuvPtjZiDihDGq8OxaP/6ShM7OyvltimIWAnp+U9 GcubWT292tbXiUYnQVxQ1qEsvF11uVcI+tr+HG2l0usR73qFi/F2SeJih905oI9h 9NeEQBO6hMaObZxmTq5i/yXW9pPnzW0dsb2QgtyVtWbFYXXxWlI= =8Aj5 -----END PGP SIGNATURE----- --bAwSoJxbKYwy34Oe--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |