This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: group"S-1-2-0"(users who login locally)in ssh;windows 2003


On Aug 21 11:13, Tom Rodman wrote:
> On Fri 8/18/06 16:28 +0200 cygwin@cygwin.com wrote:
> > The trick using /etc/group only works for password-LESS authentication,
> > sorry for not mentioning it, but usually the problems reported here are
> > with passwordless authentication so I just assumed this is the case here, too.  
> 
> A trick using /etc/group *does* work for password authentication - at
> least for domain groups. We edit /etc/group, every day via a cron job -

Hmm, I'm a bit irritated since actually it can't work, at least not as
you'd expect.  If a user token created by a password logon is not matching
the groups you added it to, the token is treated as invalid.  This would
happen, for instance, if the authenticating application (say, sshd), uses
setgroups(2) with an entirely different set of groups.  The result is that
a new token is created in Cygwin, which has nothing to do with the 
orinal password token.  Especially the new token is missing the network
credentials and the user is again running in the wrong logon session.
This is all a bit tricky.  Right now, I don't know if it's possible to
create a token with network credentials at all.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]