This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Still testing needed: New passwd/group AD/SAM integration
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Corinna Vinschen <cygwin at cygwin dot com>
- Date: Mon, 14 Apr 2014 12:57:46 +0400
- Subject: Re: Still testing needed: New passwd/group AD/SAM integration
- Authentication-results: sourceware.org; auth=none
- References: <20140410145323 dot GB2437 at calimero dot vinschen dot de> <5346B667 dot 3040704 at breisch dot org> <20140410152809 dot GD2437 at calimero dot vinschen dot de> <5346E55D dot 6020405 at etr-usa dot com> <20140410190424 dot GK2437 at calimero dot vinschen dot de> <5346FCF9 dot 5000908 at redhat dot com> <20140411121948 dot GC23281 at calimero dot vinschen dot de> <818978797 dot 20140413143439 at yandex dot ru> <20140414080807 dot GI3271 at calimero dot vinschen dot de>
- Reply-to: cygwin at cygwin dot com
Greetings, Corinna Vinschen!
>> > What bugs me a bit is what this means for applications which expect
>> > fixed usernames. Sshd, for instance, expects the fixed username
>> > "sshd" right now when using privilege separation. I discussed this
>> > with the OpenSSH devs, and they understand the problem, but they think
>> > this should be handled by a Cygwin-specific function. So there's some
>> > extra work in it for me to get OpenSSH up to speed with this change,
>> > but I fear I'm not the only one. The more configurable stuff like this
>> > is, the more complicated it gets maintaining some packages.
>>
>> I really don't see a problem. Is this implementation-dependent issue?
>> 99% you are operating within "current domain" and do not need to specify
>> domain prefix at all.
> Uh, but you're missing the situation where the machine is a domain
> machine but the privilege separation account "sshd" is created in
> the local SAM. That's what the ssh-host-config script might do.
> Sshd will have to use MACHINE<separator>sshd as username for privsep
> in this case.
Never been in such situation, thanks for clarification.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 14.04.2014, <12:57>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple