| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| Date: | Mon, 17 Dec 2012 11:21:29 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Cygrunsrv and special Windows virtual accounts "NT SERVICE" |
| Message-ID: | <20121217102129.GB1183@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <5F8AAC04F9616747BC4CC0E803D5907D053F8671 AT MLBXv04 DOT nih DOT gov> <20121214160616 DOT GI6237 AT calimero DOT vinschen DOT de> <5F8AAC04F9616747BC4CC0E803D5907D053F86BD AT MLBXv04 DOT nih DOT gov> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <5F8AAC04F9616747BC4CC0E803D5907D053F86BD@MLBXv04.nih.gov> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Dec 14 16:23, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote: > > http://cygwin.com/ml/cygwin/2012-12/msg00154.html > > Thanks. > > > I'm wondering if it's such a bright idea to use a NULL password based on > > a check for a certain domain. That's practically guaranteed to break > > at one point again. > > I don’t think Microsoft is going to drop "NT SERVICE\" in any near future > (they've just had the feature introduced!). This is the only domain that > needs to be treated specially (for now). That's not how I understand the documentation: http://technet.microsoft.com/en-us/library/dd548356.aspx Virtual accounts use the NT SERVICE domain, but managed accounts seem to be subsumed under your normal AD domain name. > > !pass || pass[0] == '\0' > > MSDN says that password-less accounts must provide an empty string > (and it does not mention NULL). More cumbersome logic can involve > checking for both the special domain and empty/NULL password (as above), > resulting in NULL lpPassword only when both checks have been met. > > > what about something like `-w NULL'? > > I would not vote for this. This precludes that the string "NULL" cannot > be used as an otherwise regular password. Apart from the fact that NULL is a terrible password, I'd still be more comfortable to allow a NULL password as a user defined option on the command line. If not -W NULL, what about '-w -' or a long-only option like --null-pwd? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |