X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=GVjV8R+
	dU3CH/m28K/kDlv6WMJ9lRw3whDyAFV9Z/femADYSmPziBE2L1CpTNtM0XyZwza6
	FPN7NFQFWKnjvdIEp1SLdI1j0f9FkEXhsPhm3I14JTySRPh28Qkk19Ku1Cd8suPw
	O7UQ/Q/XXJ+b3pLX70FKqfxrNB9U4Qcm+n3g=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=dB4SH7vOYA7Yf
	Z2mxRUFQ/K3Ti8=; b=wiz1bUgbhairgdD72Syf3bPtvUHiFr/U3NFdfOlTQfDGe
	y58hijC6+VZHPQh6mLE1siWuRigNtoM+kvfe38dNNlLU+El2SHHkrSrRlV+i10X2
	rYMX4yvuJzqcXc3FYvdfElu5TZ+J0M0WIAhtSuA/N70RJbE0M5mVl0km0nuvnI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=H*c:alternative
X-HELO: mout.gmx.com
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version: 1.0
References: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA AT mail DOT gmail DOT com> <20190124154533 DOT GK2802 AT calimero DOT vinschen DOT de> <CANV9t=RtGmpkogw0J7oCME+f4GNkeWo=QSJZFA_jOqyBxPLLdw AT mail DOT gmail DOT com> <1b1ba104-977f-7297-6d8e-1b456acae305 AT baur-itcs DOT de>
In-Reply-To: <1b1ba104-977f-7297-6d8e-1b456acae305@baur-itcs.de>
From: Bill Stewart <bstewart AT iname DOT com>
Date: Thu, 24 Jan 2019 11:12:42 -0700
Message-ID: <CANV9t=RKcVJX8=NuenDaHDq79CMkT--yerjEZwiPtk+5DtxOBQ@mail.gmail.com>
Subject: Re: sshd permits logon using disabled user?
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes

On Thu, Jan 24, 2019 at 10:58 AM Stefan Baur <X2Go-ML-1 AT baur-itcs DOT de> wrote:

That sounds like the total opposite - allowing login without a password.
>
> Now, if there was a flag PASSWD_NOTPERMITTED or something like that,
> then we'd be able to emulate what can be done on Linux with "passwd -l
> username" and an ssh key file.
>

You are correct; "password not required" != "password not permitted."

I don't think Windows natively supports password-free logons using only key
files (but I might be wrong about that).

In any case, I'm not sure it's needed to support this scenario. Just set a
very long/random/complex password on the account.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple