X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=LrqmR76AT9EC3dc15xTjSrEFW4rf6JeW73t2CmSr6Ccn31ikRo1a9
	Z8lW9jasWWzmU8YPKI0xAjANX17OHtiSlknYa7A3WsdEyVp6mQLRhXy+JdgLYj6v
	N1zwVcQWDGt1cf6NXsK/2YrISBJRwFhFECtbcoT45UaFQp6wk0wKWc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=CipNJj9xgmKMiaZOtn593afm1Fc=; b=X7cm0vZXhANVj2Psae7aA2wCXF4D
	og5yj75rC1bREn5E2bQ+O5I/dOtfVJwJ9XgBqqQnnPZwCgHEfKwjDNd6xE0FKkTL
	vtX0OV49P83tU2qCYMmQyW6HqoTlqWJyELtwr/gE/jS5shJHAZZ6sbFW9obpv4ix
	jZuQO+EUUABGZWs=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=
X-HELO: mout.kundenserver.de
Date: Wed, 13 Feb 2019 17:26:14 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: Bill Stewart <bstewart AT iname DOT com>
Cc: cygwin AT cygwin DOT com
Subject: Re: sshd: computer name's case must match?
Message-ID: <20190213162614.GA3718@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: Bill Stewart <bstewart AT iname DOT com>, cygwin AT cygwin DOT com
References: <CANV9t=QxA_FW-3OCZuYFJpxrekbO8Yc-WsnxGLiyc0Bqz=fPUw AT mail DOT gmail DOT com> <20190213103200 DOT GK3718 AT calimero DOT vinschen DOT de> <20190213122509 DOT GL3718 AT calimero DOT vinschen DOT de> <CANV9t=TW6Kwxo9pN=3Hp8Yzi5A4i2qQpiLoGyEqxR5rq7vu5pA AT mail DOT gmail DOT com> <20190213161029 DOT GY3718 AT calimero DOT vinschen DOT de> <CANV9t=RiBTNsGUwEf6BS9A6b=fMcHeiGD_RDOueKHJ5c9Zwe_g AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="LQAwcd5tHl0Qlnzi"
Content-Disposition: inline
In-Reply-To: <CANV9t=RiBTNsGUwEf6BS9A6b=fMcHeiGD_RDOueKHJ5c9Zwe_g@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)

--LQAwcd5tHl0Qlnzi
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 13 09:23, Bill Stewart wrote:
> On Wed, Feb 13, 2019 at 9:10 AM Corinna Vinschen
> <corinna-cygwin AT cygwin DOT com> wrote:
>=20
> > This can't work correctly with OpenSSH.  The decision to allow only
> > the correct case in OpenSSH was made back in 2010, because otherwise
> > we would need a lot of special rules in OpenSSH just for Cygwin.
> > Sorry, but that's how it is.
>=20
> Thanks for the explanation -- this is understandable.
>=20
> In that case, the former arrangement before the patch was preferable.
>=20
> That is: For DOMAIN+username or COMPUTERNAME+username, the part before
> the "+" must be UPPERCASE, but the username is not case-sensitive.
>=20
> IMO This is the simplest and most straightforward arrangement.

No, that was a bug.  With case insenitive usernames, the pattern
matching in OpenSSH won't work and you create a potential security
problem.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--LQAwcd5tHl0Qlnzi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxkRSYACgkQ9TYGna5E
T6DnqxAAoORU+ix1ZF5uzt0xYAitbtx1mxze9tRsNnG9WvpNWBBvWW/1ZQ0/C8sY
5u0l4SYBx6vhMXw/QLSvj8U4abCRvXCSIOH3oQvS1dL6rmM6ZPjU1dDcgk1PUkUD
XbYH+9zwr+NVQlUKnsc6hm0U/ST5Iuh1AMajqUoOCASzDN2/cJsgZnZZ+/o4sFPZ
uTdqxGBwKywl67kK6098Bf3KnWCsiNtKr8x/HEexwGJwuoAbOewQLPE+0ziu9fMB
dSq8+5UMJ5qv2KDvYkI9lQFM7aXNSrcI7l6J11ISbMBmuVFKWHUfzd1/sVRhZRA2
Wk391t5L96A8kwflEflVBUBiinQ3gFq/gJE7pTDtKwbLG7+h0HBtIU2GbiySnqKx
f7TW9d60lpgH7QioA3upN9XOSU0se2hh/xOY1FErHs5hHmbY464suMbwKmVf3XY3
vZEwr2EJF7aTpLCuM8+qVJwAyDo/lkNu2IgUOfhJUkSHFP3QUnii7h8qtid7jo1W
B/WSDejH0/wXCOtdSYxUrz0Vr0NU/CzyTSQf6NZ/hAFK0Om2qV3Nm+pFVgjUujI/
JBbiQepxtIpoEdlUAKZnTRQOXtGF/pa1uJTit8szXjue+4UtkrBDk75mDOdzErOq
4kpQscwzzW3Cxm+/dc4Veh1JQk2NIEEQsSvXM4j+cmcEhb5RZNQ=
=NjKh
-----END PGP SIGNATURE-----

--LQAwcd5tHl0Qlnzi--