Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<410-2200212116163557938@M2W085.mail2web.com>
X-Priority:	3
Reply-To:	lhall AT rfk DOT com
X-Originating-IP:	209.113.174.244
From:	"lhall AT pop DOT ma DOT ultranet DOT com" <lhall AT pop DOT ma DOT ultranet DOT com>
To:	vince DOT hoffman AT uk DOT circle DOT com, cygwin AT cygwin DOT com
Subject:	RE: ntsec Question
Date:	Mon, 16 Dec 2002 11:35:57 -0500
MIME-Version:	1.0
X-OriginalArrivalTime:	16 Dec 2002 16:35:57.0587 (UTC) FILETIME=[35DB6630:01C2A521]
Note-from-DJ:	This may be spam
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id gBGGaNL25526

This summary sounds good to me and should go a long way towards
helping Elaine sort out the issues here.  I would like to point 
out as well that it seems the system in question is apparently 
not current in terms of Cygwin software as well (or at least the 
password file is not).  I'd recommend rerunning setup and updating
the system in question.  Before doing so, remove /etc/passwd and 
/etc/group to make sure these files get regenerated and with the 
correct (i.e. current) format.

Larry

Original Message:
-----------------
From: Vince Hoffman Vince DOT Hoffman AT uk DOT circle DOT com
Date: Mon, 16 Dec 2002 16:03:41 -0000
To: cygwin AT cygwin DOT com
Subject: RE: ntsec Question


I think your confusion here comes from thinking that Cygwin controls the
user login. Windows handles the login process. To change which user is
logged in you will need to either log off windows then log the new user on,
or use ssh 
 Running cygwin.bat does not do anything than start an interactive bash
shell in the logged on users home directory, it does not call login or
perform any checking of the user beyond looking at the output of `id -un`
and changing your working directory to your home directory (well actualy
/etc/profile does that but lets not confuse things ;) 
All security is handled by windows. If you set a mode of say 700 froma
bash/tcsh/ksh prompt, its no different than going into windows security
settings for that file from explorer and telling it to only allow your (or a
selected user) access.

In summary you effectively "log on" to cygwin, when you "log on" to windows.
Loging in by cygwin  ssh/rsh/telnet is equivalent to "logging on" to
windows. starting a shell via cygwin.bat or any variation (shortcut to bash
--login -i, rxvt -e bash --login -i, etc etc) is not "loging in" to cygwin. 

blimey thats the longest email i've written in weeks. :) 


> -----Original Message-----
> From: ext-Elaine DOT Andrews AT nokia DOT com 
> [mailto:ext-Elaine DOT Andrews AT nokia DOT com]
> Sent: 16 December 2002 15:31
> To: cygwin AT cygwin DOT com
> Subject: ntsec Question
> 
> 
> I have a user who wants to be able to use ssh without 
> inputted a password. I have installed and got this running 
> successfully. However, now there is a problem with security 
> as anybody who logs into his laptop/desktop would be able to 
> login to numerous UNIX servers without inputting a password. 
> I have started to look at ntsec and have configured this to a 
> semi-working state. My question to you is when they login to 
> cygwin I want to be able to get them to input their NT 
> username and password to allow them in. Looking at the 
> shortcut it runs D:\Cygwin\cygwin.bat and lets them straight 
> into the users home directory. When running login it's asks 
> for a username and then lets them in straight away.
> 
> i.e. login: elandrew
> Fanfare!!!
> You are successfully logged in to this server !!!
> 
> elandrew AT IM LOAN PC01 ~
> 
> My /etc/passwd is as follows
> 
> elandrew AT IM LOAN PC01 ~
> $ cat /etc/passwd
> Administrator::500:513:U-IM LOAN 
> PC01\Administrator,S-1-5-21-1472800135-602877700-1070557309-50
> 0:/home/Administrator:/bin/bash
> elandrew::48906:10513:Andrews 
> Elaine,U-NMP\elandrew,S-1-5-21-2120241691-1808037704-154278981
> 8-38906:/home/elandrew:/bin/bash
> 
> elandrew AT IM LOAN PC01 ~
> 
> 2 questions
> 
> 1. How can I force a password when running the login script.
> 2. How can I always force a username and password when 
> logging into the cygwin window.
> 
> I hope these questions are not too obvious - any help would 
> be greatly appreciated.
> 
> Regards
> Elaine Andrews
> 
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -