Mail Archives: cygwin/2008/03/08/15:09:55

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2008/03/08/15:09:55

X-Recipient: archive-cygwin AT delorie DOT com

X-Spam-Check-By: sourceware.org

Message-ID: <47D2F243.4090309@x-ray.at>

Date: Sat, 08 Mar 2008 21:08:35 +0100

From: Reini Urban <rurban AT x-ray DOT at>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8

MIME-Version: 1.0

To: Cygwin List <cygwin AT cygwin DOT com>

Subject: csih and sspi with guest accounts

References: <47CE07A2 DOT 5030505 AT cwilson DOT fastmail DOT fm> <47CEE4DD DOT 6030608 AT x-ray DOT at>

In-Reply-To: <47CEE4DD.6030608@x-ray.at>

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Reini Urban schrieb:
>> You can inspect the library without downloading and unpacking the 
>> tarballs using this link:
>> http://cygwin.cwilson.fastmail.fm/ITP/cygwin-service-installation-helper.sh 
 >
> Thanks, will be considered for the next postgresql package.

I'd need to warn the user on XP about an active
"net user Guest" account. "Guest" needs to be localized, hmm.
I have "Gast" in german.
This is a big security hole with the new sspi auth on postgresql.
Originally I wanted to use sspi as default auth scheme for 
postgresql-8.3.0-1, instead of md5-default

See 
http://people.planetpostgresql.org/mha/index.php?/archives/155-Integrated-Security-in-PostgreSQL-8.3.html
and esp. http://www.ngssoftware.com/papers/database-on-xp.pdf

I believe having a global shell function for the postinstaller
to check for xp and an active Guest account would make sense for the 
service helper.
   csih_is_xp()
   csih_guestaccount_active()

csih_is_2008() would also be appreciated.

In my case one has to to disable the Guest account with
net user Guest /active:no
to be able to activate sspi in /usr/share/postgresql/pg_hba.conf
So far I plan to solve this with documentation, which rarely someone 
reads, which I see from the questions in the list.
-- 
Reini Urban
http://phpwiki.org/  http://murbreak.at/
http://helsinki.at/  http://spacemovie.mur.at/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
Message-ID:	<47D2F243.4090309@x-ray.at>
Date:	Sat, 08 Mar 2008 21:08:35 +0100
From:	Reini Urban <rurban AT x-ray DOT at>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8
MIME-Version:	1.0
To:	Cygwin List <cygwin AT cygwin DOT com>
Subject:	csih and sspi with guest accounts
References:	<47CE07A2 DOT 5030505 AT cwilson DOT fastmail DOT fm> <47CEE4DD DOT 6030608 AT x-ray DOT at>
In-Reply-To:	<47CEE4DD.6030608@x-ray.at>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com