This is the mail archive of the
mailing list for the Cygwin project.
Re: OpenSSH public key authentication: suspicios in domain environment.
- From: Larry Hall <lh-no-personal-replies-please at cygwin dot com>
- To: Konstantin Andreev <pkl at datatech dot ru>, cygwin at cygwin dot com
- Date: Thu, 16 Sep 2004 15:20:11 -0400
- Subject: Re: OpenSSH public key authentication: suspicios in domain environment.
- References: <firstname.lastname@example.org>
- Reply-to: Cygwin List <cygwin at cygwin dot com>
At 03:02 PM 9/16/2004, you wrote:
>Suppose, I have Windows XP workstation (TEX), member of domain DOM
>(Microsoft Windows Networking), and Cygwin/SSH daemon are running
>on this workstation (TEX).
>Suppose, on TEX, I set up record in /etc/passwd for domain user DOMUSR.
>If I logon on TEX as DOMUSR with password authentication, this logon
>is indistinguishable from regular local logon to TEX:
> - record in Security Log appeares
> - command shell is assigned with identical Access Token, and
> - command shell is running under DOMUSR account.
>But, if I try to logon on TEX as DOMUSR with public key authentication,
>logon succeeds, but strange things appears:
> - *NO* record appears in Security Log about logon event.
> - command shell has strange Access Token, in particular, it does
> not contain these SIDS:
> - Logon SID (S-1-5-5-0-...)
> - S-1-5-4 NT AUTHORITY\INTERACTIVE
> - S-1-2-0 \LOCAL
> - command shell holds all privileges enabled (like SYSTEM process),
> whereas some of the privileges should be disabled.
> - some utilities consider command shell process as running under
> "NT AUTHORITY\SYSTEM" account, in particular, "whoami.exe" from
> "Windows Server 2003 Resource Kit Tools".
>Could anybody comment this ?
Sure. This isn't strange. Just think about it. You haven't authenticated
with Windows so it certainly doesn't know you as an authenticated user. If
you want/need to be authenticated as this user in the domain, use password
authentication. There's plenty of discussion about this across many
resources, including this mailing lists' archives, the readme for openssh,
and the User's Guide
(<http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SWITCH>), if you're
looking for more insight.
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html