[PATCH 0/2] Cygwin: allow user and group case-insensitive Unicode strings

Corinna Vinschen vinschen at redhat.com
Wed Feb 20 23:41:23 AEDT 2019

Windows usernames are case-insensitive and almost any Unicode character
is allowed in a username.  The user should be able to login with her
username given in any case and not be refused.  However, this opens up
a security problem in terms of the sshd_config Match rules.  The match
rules for user and group names have to operate case-insensitive as well,
otherwise the user can override her settings by simply changing the case
at login time.

Corinna Vinschen (2):
  Revert "[auth.c] On Cygwin, refuse usernames that have differences in
  Cygwin: implement case-insensitive Unicode user and group name

 auth.c                           |  13 ---
 groupaccess.c                    |   4 +
 match.c                          |   4 +
 openbsd-compat/bsd-cygwin_util.c | 146 +++++++++++++++++++++++++++++++
 servconf.c                       |   4 +
 5 files changed, 158 insertions(+), 13 deletions(-)


More information about the openssh-unix-dev mailing list