Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Tony, Thanks for your response concerning this issue. On 10/5/06, Tony Hoyle <tony.hoyle at march-hare.com> wrote: > This was a solved problem years ago - it's not a cvsnt issue. Yeah, I did not think it was a cvsnt issue. Thanks for the clarification. > If it were up to me (and I know it is not) I'd rather see the GetUserNameA > > call removed all together, and the user name gotten from the environment > > all > > the time, but there may be other reasons why GetUserNameA is is being > used. > > That would be a security breach. You can't just have any username in > I understand. In the same way 'sshd_server' is not a guaranteed secure user and cannot > be safely added as an exception. I concur. Alright, so I guess I'll need to try to get in fixed in cygwin/sshd if I choose to stick with this method of cvsnt user authentication. For now I'll use my workaround, as on that server I know I was the one who created the "sshd_s" account. Dwight On 10/5/06, Tony Hoyle <tony.hoyle at march-hare.com> wrote: > > Dwight Schauer wrote: > > The user for cgywin sshd on ws2k3 defaults to "sshd_server", not > "SYSTEM". > > In order for key based password-less logins to work on ws2k3 > sygwin/sshd, a > > user other than "SYSTEM" must be used. Vista has the same issue, but I > > don't > > plan be running my cvsnt server on Vista any time soon. > > Cygwin just need to use a proper LSA library in the same way that cvsnt > does it (in fact there's nothing to stop them using the CVSNT one > really). I'm very surprised they got the old method to work at all in > vista - MS are supposed to have removed the undocumentated APIs from the > public interface. > > This was a solved problem years ago - it's not a cvsnt issue. > > > If it were up to me (and I know it is not) I'd rather see the > GetUserNameA > > call removed all together, and the user name gotten from the environment > > all > > the time, but there may be other reasons why GetUserNameA is is being > used. > > That would be a security breach. You can't just have any username in > there because you can't trust the environment in which the server runs. > It's very difficult to start something as SYSTEM unless you're already > the administrator, so in that case you have a (limited) trust of the > environment. For any other user that is not guaranteed to be true. > > In the same way 'sshd_server' is not a guaranteed secure user and cannot > be safely added as an exception. > > Tony > _______________________________________________ > cvsnt mailing list > cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook > http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs >