X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=vohnQAuMZdRhxwDvox33mjLwMwQg9yYL4oyigX+6MzT9oY29i4m8O
	aiiX4Xm52gTrCYaEnA19zfupohrwOPmq9NyW7uncDNBhfpDfGO6iqG1GjpDzsJ+J
	LndCOUqIcBltpj+yZaYMKgQyhxAu9M3pewDhfDU494OgOYlxa9DiGA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=T2gpVLZ2osX1sQtwGVodD9sSs/Y=; b=bRL2MDWWj56sq3T490uFIGWE5HpC
	a/TH+VISz4RXqvNwQyl/P2YO6jqHjteHTHSiemi2z1MTBctmTjKWhMPH4dcWEa9K
	TQUA2LIAJc8mdjUJWjKLlqMbDN06zHCAi23vVhyDUP182HJOR3oagOW0Qof6ROfJ
	GCEbgpDzLst44fE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=corinna-cygwin AT cygwin DOT com, corinnacygwincygwincom
X-HELO: mout.kundenserver.de
Date: Mon, 28 Jan 2019 17:52:27 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: Bill Stewart <bstewart AT iname DOT com>
Cc: cygwin AT cygwin DOT com
Subject: Re: sshd permits logon using disabled user?
Message-ID: <20190128165227.GQ3912@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: Bill Stewart <bstewart AT iname DOT com>, cygwin AT cygwin DOT com
References: <1690850474 DOT 834980 DOT 1548391349102 DOT ref AT mail DOT yahoo DOT com> <1690850474 DOT 834980 DOT 1548391349102 AT mail DOT yahoo DOT com> <d6f98cbc-bd2f-1c13-98bb-7ef42c000115 AT baur-itcs DOT de> <CANV9t=RKVWPfiqNMbnSgevTBvm8S1G-oFWK3BEisdgaSGz2OzA AT mail DOT gmail DOT com> <20190125174833 DOT GA1710 AT zebra> <CANV9t=Q2ZRqVD99a+qdVTet1hn_aM6RY5B2Cm1oc0E4Lf9x2ig AT mail DOT gmail DOT com> <20190128095947 DOT GN3912 AT calimero DOT vinschen DOT de> <CANV9t=Tk=k5ohYw5TcvYy7TrWUBOTA4JXqE=75H+6n_-o53ZSQ AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="hTKW8p8tUZ/8vLMe"
Content-Disposition: inline
In-Reply-To: <CANV9t=Tk=k5ohYw5TcvYy7TrWUBOTA4JXqE=75H+6n_-o53ZSQ@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)

--hTKW8p8tUZ/8vLMe
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jan 28 08:02, Bill Stewart wrote:
> On Mon, Jan 28, 2019 at 2:59 AM Corinna Vinschen
> <corinna-cygwin AT cygwin DOT com> wrote:
>=20
> > Can you please test again with the latest snapshot from
> > https://cygwin.com/snapshots/?  The new S4U authentication method
> > used in this snapshot automatically applies the Windows account rules so
> > in my testing the patch I applied originally is not required anymore.
> > Consequentially I disabled it to rely fully on the Windows function's
> > behaviour.  Can you test this, too, please, just to be sure?
>=20
> Thank you Corinna; I will test.
>=20
> Will the S4U authentication work on standalone (non domain-joined)
> machines also?

It uses MsV1_0 S4U on standalone workstations, Kerberos S4U on domain
meber machines with fallback to MsV1_0 under some circumstances.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--hTKW8p8tUZ/8vLMe
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxPM0sACgkQ9TYGna5E
T6AlOg//ZZyZ/+aVCnnIfRpnF1z/TuBaVnLkDI5lguEC39BM+Go00WHWcw+1Y2tf
4ZEgn0rJq/2VOEPZzD6+nwxGXeEnBnI+Yj4VwG2Ug8JqGaE8lsgkOD3apLOZHvGQ
xI3IeWy3lst9dO7Z6WrdQwULAirKZpa0kEH8Q2Pdo4OTm2c6hUBT32G2BDjp0NR/
f+3hVzAXAdxdCYId4ncoLu4mhGK61yHBkHAFRq2NmlN9PmZ79HPMJIWfHJkgEeCL
WLwIqp5ieRSqC/l8HCe/ZVxouMeMMjBEZMBnDboZZLFmOESlvuStxXyB0HCeHegL
l0xUu5/on10RAbh23njuf9RBaxCl6eX/hNGQov5cOg6pK72assgGHJWQ+u5oYo/o
7wSzbLjPJjjXnvA65RpDvF9TzcdgayNWhbggbq1ZWrzwifVJW7Np+6xFJYDa5QAS
HPgtjtRhWl1zTHS5HmW/BxN2ncQxw5dBu4jm5Hs13jwYzgm1BiOyy08O2L/AFB6W
9pSpSp0kvRUgKO/l/yVGy4p1VwS5WvhTyJ0X9aa3gnowyICNP3kjPKFwUruNvCo4
uwfeMBdGJxxos5PLUr4Fuvws9eXiiJNd6ot+6UV3WdSwOYpVdLyLT/tTHrVQCdI4
Fa7ps0SabwtBGGOMcH+UITfBbh/z3UmcVVhkKLf4KJiHPlfI28I=
=noCr
-----END PGP SIGNATURE-----

--hTKW8p8tUZ/8vLMe--