Mail Archives: cygwin/2002/12/16/11:36:24
This summary sounds good to me and should go a long way towards
helping Elaine sort out the issues here. I would like to point
out as well that it seems the system in question is apparently
not current in terms of Cygwin software as well (or at least the
password file is not). I'd recommend rerunning setup and updating
the system in question. Before doing so, remove /etc/passwd and
/etc/group to make sure these files get regenerated and with the
correct (i.e. current) format.
Larry
Original Message:
-----------------
From: Vince Hoffman Vince DOT Hoffman AT uk DOT circle DOT com
Date: Mon, 16 Dec 2002 16:03:41 -0000
To: cygwin AT cygwin DOT com
Subject: RE: ntsec Question
I think your confusion here comes from thinking that Cygwin controls the
user login. Windows handles the login process. To change which user is
logged in you will need to either log off windows then log the new user on,
or use ssh
Running cygwin.bat does not do anything than start an interactive bash
shell in the logged on users home directory, it does not call login or
perform any checking of the user beyond looking at the output of `id -un`
and changing your working directory to your home directory (well actualy
/etc/profile does that but lets not confuse things ;)
All security is handled by windows. If you set a mode of say 700 froma
bash/tcsh/ksh prompt, its no different than going into windows security
settings for that file from explorer and telling it to only allow your (or a
selected user) access.
In summary you effectively "log on" to cygwin, when you "log on" to windows.
Loging in by cygwin ssh/rsh/telnet is equivalent to "logging on" to
windows. starting a shell via cygwin.bat or any variation (shortcut to bash
--login -i, rxvt -e bash --login -i, etc etc) is not "loging in" to cygwin.
blimey thats the longest email i've written in weeks. :)
> -----Original Message-----
> From: ext-Elaine DOT Andrews AT nokia DOT com
> [mailto:ext-Elaine DOT Andrews AT nokia DOT com]
> Sent: 16 December 2002 15:31
> To: cygwin AT cygwin DOT com
> Subject: ntsec Question
>
>
> I have a user who wants to be able to use ssh without
> inputted a password. I have installed and got this running
> successfully. However, now there is a problem with security
> as anybody who logs into his laptop/desktop would be able to
> login to numerous UNIX servers without inputting a password.
> I have started to look at ntsec and have configured this to a
> semi-working state. My question to you is when they login to
> cygwin I want to be able to get them to input their NT
> username and password to allow them in. Looking at the
> shortcut it runs D:\Cygwin\cygwin.bat and lets them straight
> into the users home directory. When running login it's asks
> for a username and then lets them in straight away.
>
> i.e. login: elandrew
> Fanfare!!!
> You are successfully logged in to this server !!!
>
> elandrew AT IM LOAN PC01 ~
>
> My /etc/passwd is as follows
>
> elandrew AT IM LOAN PC01 ~
> $ cat /etc/passwd
> Administrator::500:513:U-IM LOAN
> PC01\Administrator,S-1-5-21-1472800135-602877700-1070557309-50
> 0:/home/Administrator:/bin/bash
> elandrew::48906:10513:Andrews
> Elaine,U-NMP\elandrew,S-1-5-21-2120241691-1808037704-154278981
> 8-38906:/home/elandrew:/bin/bash
>
> elandrew AT IM LOAN PC01 ~
>
> 2 questions
>
> 1. How can I force a password when running the login script.
> 2. How can I always force a username and password when
> logging into the cygwin window.
>
> I hope these questions are not too obvious - any help would
> be greatly appreciated.
>
> Regards
> Elaine Andrews
>
>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -