This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Still testing needed: New passwd/group AD/SAM integration

Hi Ken,

On Apr 16 10:04, Corinna Vinschen wrote:
> On Apr 15 14:14, Ken Brown wrote:
> > I've come across a glitch involving sshd and cygserver.  I normally
> > have both running, but I've discovered that I have to start sshd
> > before I start cygserver, or else I have problems (can't ssh from a
> > non-administrator account to an administrator account).  Here are
> > the details on 64 bit Cygwin; I haven't tested 32 bit:
> > 
> > I've installed the full 2014-04-12 snapshot and removed /etc/passwd
> > and /etc/group.  I have an ordinary user kbrown and an administrator
> > user kbrown-admin.  I now do the following:
> > 
> > 1. Start sshd.
> > 2. Start cygserver.
> > 3. Start a Cygwin Terminal as user kbrown.
> > 4. ssh into the kbrown-admin account (with publickey authentication
> > used by default).
> > 
> > $ ssh kbrown-admin@localhost
> > Enter passphrase for key '/home/kbrown/.ssh/id_rsa':
> > setsockopt IPV6_TCLASS 16: Protocol not available:
> > Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11
> > 
> > Everything is fine.
> > 
> > Now I close the Cygwin Terminal, stop both services, and restart
> > them in the other order (cygserver first, then sshd).  Repeating
> > steps 3 and 4, I can't login:
> > 
> > $ ssh kbrown-admin@localhost
> > kbrown-admin@localhost's password:
> > Permission denied, please try again.
> > kbrown-admin@localhost's password:
> > 
> > Notice that (a) I didn't get a prompt for the passphrase for my ssh
> > key, and (b) my password wasn't accepted.
> 
> Thanks for the report, Ken.  I'll have a look.

To clarify:  This is a non-domain machine, right?  And sshd is running
under the cyg_server account while cygserver is running under the
LocalSystem account?

I'm just testing this, only with a domain machine and domain accounts,
and I can't reproduce this.  I have a bit of a problem to test this on a
non-domain machine because my network is set up for domain machines...

However, I found that I made a blatant mistake in cygserver.  The
message length was computed one byte too short, so the trailing \0 in
the passwd/group string wasn't transmitted.  This *might* be the cause
for your problem.

I just built a new snapshot.  Can you please try if this fixes it for
you?  Make sure to use the new cygserver!

While I was at it, I also added a patch to get rid of the "setsockopt
IPV6_TCLASS 16: Protocol not available" message.  I just *love* it if
Microsoft defines socket options in their headers, but then simply
returns WSAENOPROTOOPT when the appliction dares to use them...


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpYAYnughIZI.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]