X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=hYyxyj3/9JGSyaQw
	MZQcJMxtax7iF+ITGoWSn4BFlnzr20DWBGH7Ws/hzUqMe5J7hQlj3OlfMcPr9UsD
	nEBNKcwIbJgzA9zt0a4EstbNdPzgLEAzwIt71M6qQS25Y1Xr8D4Sn1SDF0gPszmh
	nydvTLtQB4zk4gg8MUwNHf/WIJs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=/hsP39Iv1P/brsliFvx39+
	O0e+I=; b=VRlv5CjYIBGzdVYDOnPs5hxB3gfqaKCWfYKuEQsGo1lxRiBJ2kFrPc
	hHe4f+x0h7+TamAvxQiGRAe7GYGg4RanGghM0tbEKGxNpLor42mhuWUerOBPBKJA
	GM9xiweiIIbXi4xNK7uNSdVCQjRuI52gDMafNJ05aVl0522ymFplc=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.1 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=H*F:D*yandex.ru, H*M:yandex, schulman, Schulman
X-HELO: forward3m.cmail.yandex.net
Authentication-Results: smtp2h.mail.yandex.net; dkim=pass header.i=@yandex.ru
X-Yandex-Suid-Status: 1 0,1 0
Date: Tue, 28 Feb 2017 19:30:04 +0300
From: Andrey Repin <anrdaemon@yandex.ru>
Reply-To: cygwin@cygwin.com
Message-ID: <1436100995.20170228193004@yandex.ru>
To: Andrew Schulman <schulman.andrew@epa.gov>, cygwin@cygwin.com
Subject: Re: thousands of NTLM requests per day
In-Reply-To: <bi4bbc1qpuhhp2pquc9ui5kfp74jj9n42b@4ax.com>
References: <bi4bbc1qpuhhp2pquc9ui5kfp74jj9n42b@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Andrew Schulman!

> I got a call from our domain admins, asking me if I knew why my Windows 7
> host would be sending many thousands of NTLMv1 authentication requests per
> day. I don't know, and we're still trying to find out which application is
> doing that, but here's what I wonder:

> Could Cygwin be responsible for the authentication requests? I wonder about
> this because Cygwin now queries Windows for user and group information that
> used to be kept statically in /etc/passwd and /etc/group.

Do you use cygserver ? If not, try to set it up, it should help with domain
information caching. If the problem you observe is caused by Cygwin activity,
you should see a decrease in such requests.

> I don't know much about this. Sorry if it's an obtuse question. Any general
> information would be appreciated.


-- 
With best regards,
Andrey Repin
Tuesday, February 28, 2017 19:28:37

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple