Mail Archives: cygwin/2001/04/20/07:16:38

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2001/04/20/07:16:38

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin AT sources DOT redhat DOT com

Date: Fri, 20 Apr 2001 13:13:54 +0200

From: Corinna Vinschen <vinschen AT redhat DOT com>

To: cygwin AT cygwin DOT com, openssh-unix-dev AT mindrot DOT org

Subject: Re: Initial patch to implement partial auth with SSH2

Message-ID: <20010420131354.Y12557@cygbert.vinschen.de>

Mail-Followup-To: cygwin AT cygwin DOT com, openssh-unix-dev AT mindrot DOT org

References: <F235aZ1i6bdVJWrGW6E000032aa AT hotmail DOT com>

Mime-Version: 1.0

User-Agent: Mutt/1.2.5i

In-Reply-To: <F235aZ1i6bdVJWrGW6E000032aa@hotmail.com>; from karlm30@hotmail.com on Fri, Apr 20, 2001 at 01:29:42AM -0700

On Fri, Apr 20, 2001 at 01:29:42AM -0700, Karl M wrote:
> Hi All...
> 
> I've been experimenting with the partial authorization patch for 
> OpenSSH-2.5.2. I'm using CygWin on a Windows 2000 (SP1) box.
> 
> I noticed a bug in the patch that shows up for CygWin users. The problem is 
> that publickey authentication only works if sshd is running with the same 
> user-id as the ssh client. When I run sshd as a service with a user-id of 
> LocalSystem publickey authentication fails.
> 
> This is because the check_nt_auth call in userauth-pubkey fails if the ssh 
> user-id is different from the sshd user-id.
> 
> It looks to me like userauth_pubkey needs to "suspend disbelief" (and not 
> call check_nt_auth and auth_password) for partial authentication, in the 
> hope that a password may come later. Then somewhere check_nt_auth 
> auth_password need to be called to make sure that we don't forget to set the 
> sshd user-id to the ssh user-id.

Since the original partial authorization patch isn't applied yet,
you're somwhat on your own. Why don't you simply override the
check in `check_ntsec' for now?

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen AT redhat DOT com

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Date:	Fri, 20 Apr 2001 13:13:54 +0200
From:	Corinna Vinschen <vinschen AT redhat DOT com>
To:	cygwin AT cygwin DOT com, openssh-unix-dev AT mindrot DOT org
Subject:	Re: Initial patch to implement partial auth with SSH2
Message-ID:	<20010420131354.Y12557@cygbert.vinschen.de>
Mail-Followup-To:	cygwin AT cygwin DOT com, openssh-unix-dev AT mindrot DOT org
References:	<F235aZ1i6bdVJWrGW6E000032aa AT hotmail DOT com>
Mime-Version:	1.0
User-Agent:	Mutt/1.2.5i
In-Reply-To:	<F235aZ1i6bdVJWrGW6E000032aa@hotmail.com>; from karlm30@hotmail.com on Fri, Apr 20, 2001 at 01:29:42AM -0700