Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 28 Aug 2002 19:26:05 +0600
From: Boris Smirnov <bgs AT eastwind DOT ru>
Reply-To: Boris Smirnov <bgs AT eastwind DOT ru>
Organization: Eastwind
X-Priority: 3 (Normal)
Message-ID: <835722562.20020828192605@eastwind.ru>
To: cygwin AT cygwin DOT com
Subject: NT/2K account for anonymous ftp access
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello,

Here is the problem: to enable anonymous ftp access one must create
(or use existing, i.e. guest) account that has empty password and "Log
on locally" privilege, but this allows anyone to log on a console. It
would be better to have this account disabled for NT, that is to
behave like a "suid only" account on Unix.
I've successfully tested such "disabled" accounts with ssh - when you
can log on using that account via ssh only whith public key
authentication. Also, ssh privsep feature uses this sort of account
combined with chroot call for doing all network stuff during
authentication process.
Is it difficult to implement "disabled" account support for anonymous
access in ftpd?

-- 
Best regards,
 Boris Smirnov


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/