Re: sshd permits logon using disabled user?
- Date: Fri, 25 Jan 2019 04:42:29 +0000 (UTC)
- From: "matthew patton via cygwin" <cygwin@xxxxxxxxxx>
- Subject: Re: sshd permits logon using disabled user?
> I think refusing an account manually and deliberately disabled by an
> admin makes lots of sense.
Why is this even a discussion? You *ALWAYS* refuse a login to an account that is disabled, locked out, or has an expired password or failed any of the other criteria that might be in effect (day/time restrictions, source IP restrictions, etc.)
Is someone suggesting that the Windows authentication API is actually returning a success code despite any of these conditions?
Furthermore you also *NEVER* hint to the user why the login was denied. It's rule #1 of security engineering.
Denied is denied. Explanations or hints are verboten.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple