X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=TMi
	Ax1v6p2xjyOWVEOY+WXjxGFPgtUi6TFQgju5jlstXnYzQUUxvQZIBv2TRNGhkcze
	ayCkj1hxGpNE6eVEHs8CJBUIThQ+kt0W30gV0arHGz61lKbUGpnCerlFN5+jhjhV
	Wy4wM126FSZWhlmKpCdRVBtwJMzN8HSh0SJlhNG0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; s=default; bh=bqzu6O0AY
	jldV3Vo6X6TsYneCPQ=; b=JnGFBlQCnSVMqNqsYEWdjCZEZn2YqOCySwzNHPlFY
	PH2HjEQEWUYXAk4plKc8jOtdmJ2qffa6ON4QXoEIbkw2FxakDkWMpWzsJu4mijjN
	eZ37dhP6zoP21fcSz9A0UM56ZgzV65y3pdrZHAetvy8a+7vyNBnwnlu+sBaMx5k2
	HA=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=authentication, H*Ad:D*gov, H*r:Unknown, our
X-HELO: blaine.gmane.org
To: cygwin@cygwin.com
From: Andrew Schulman <schulman.andrew@epa.gov>
Subject: thousands of NTLM requests per day
Date: Tue, 28 Feb 2017 10:17:06 -0500
Lines: 13
Message-ID: <bi4bbc1qpuhhp2pquc9ui5kfp74jj9n42b@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Archive: encrypt
X-IsSubscribed: yes

I got a call from our domain admins, asking me if I knew why my Windows 7
host would be sending many thousands of NTLMv1 authentication requests per
day. I don't know, and we're still trying to find out which application is
doing that, but here's what I wonder:

Could Cygwin be responsible for the authentication requests? I wonder about
this because Cygwin now queries Windows for user and group information that
used to be kept statically in /etc/passwd and /etc/group.

I don't know much about this. Sorry if it's an obtuse question. Any general
information would be appreciated.

Andrew


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple