Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<3D7E319B.296C74E0@verizon.net>
Date:	Tue, 10 Sep 2002 10:53:31 -0700
From:	David Rothenberger <d DOT roth AT verizon DOT net>
X-Accept-Language:	en
MIME-Version:	1.0
To:	Scott Evans <gse AT antisleep DOT com>
CC:	cygwin AT cygwin DOT com
Subject:	Re: accessing shared drives when logged in via ssh
References:	<Pine DOT LNX DOT 4 DOT 44 DOT 0209101040370 DOT 980-100000 AT oontz DOT dissonant DOT org>
X-Authentication-Info:	Submitted using SMTP AUTH PLAIN at pop017.verizon.net from [216.34.91.132] using ID <res00a7j AT verizon DOT net> at Tue, 10 Sep 2002 12:53:32 -0500

> > This is expected behavior if sshd is running as LocalSystem and you used
> > publickey authentication when you logged in.  On my Win2k box, I can
> > access shares if I use password authentication.
> 
> No way -- really?  I'll have to try it.
> 
> That behavior seems pretty surprising to me; why should the type of
> authentication end you up with any more or less priveleges?  And for that
> matter, why would *password* auth be treated as "more secure" than
> publickey?

This is really a good thing.  Basically, the sshd daemon can not switch
user contexts within the domain without a password.  If that weren't the
case, a user with only local Admin rights could use ssh to become _any
user_ in the domain without ever providing a password for that user!

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -