Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<3F68ECC8.1010205@speeq.com>
Date:	Thu, 18 Sep 2003 01:22:48 +0200
From:	Olivier ALLART <olivier DOT allart AT speeq DOT com>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624
X-Accept-Language:	en-us, en
MIME-Version:	1.0
To:	Cygwin List <cygwin AT cygwin DOT com>
Subject:	Re: SSHD, Cygwin and Windows 2003 : continued with user rights
References:	<5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030917142253 DOT 02624cb8 AT 127 DOT 0 DOT 0 DOT 1> <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030917142253 DOT 02624cb8 AT 127 DOT 0 DOT 0 DOT 1> <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030917151801 DOT 02883678 AT 127 DOT 0 DOT 0 DOT 1>
In-Reply-To:	<5.1.0.14.0.20030917151801.02883678@127.0.0.1>

Larry Hall wrote:

>Hm, I thought I was clear.  Let me try again addressing iisreset
>specifically.
>
>iisreset doesn't work in the scenario you described because it's a Microsoft tool which knows nothing of the Cygwin environment.  Cygwin's ssh using 
>pubkey authentication doesn't authenticate the user with Windows.  So if
>you need certain credentials to perform some operation in Windows, pubkey
>authentication won't provide them.  
>
Ok. I tought ssh offered some mechanism trough cygwin to authenticate as 
if under windows ..
That means the 'administrator' account via ssh pubkey is not 
'administrator' then ..

>If you need to run iisreset through ssh,
>you will need to use password authentication, which takes the password for 
>the user 'administrator' and authenticates for Windows with it.  You should
>then be able to use iisreset (if authentication is really the only thing
>getting in the way with pubkey).
>
yes it is, since it is working with ssh connection (using password on 
login) when sshd runs under 'local system'

>I don't know what are the "*some commands*" you're speaking of, but if they 
>are Cygwin utilities, then I think the answer is obvious.  If they are not 
>Cygwin utilities, then I would have to say that they don't require special 
>privileges to run.  This is actually true for most utilities.  But if this 
>is still confusing for you, you'll have to provide specifics.  However, I 
>think you'll find that it's likely that anything that works for you in ssh 
>using pubkey authentication falls into one of the two groups of utilities I 
>mentioned.
>
and you are probably right.
other commands are for example 'wlbs' (or nlb).
My problem is : I want to execute some remote (but encrypted) commands 
using both wlbs and iisreset.
wlbs works fine from remote, but so is not for IISreset.
I thought authentication using ssh and public key would allow me to 
perform the iisreset command..
But from what you explained; it is clear that whatever user logs in with 
pubkey, it won't be considered as 'administrator'
It looks like iisreset can only be performed *locally* by *local 
administrator*, which is dumb in the situation where you are from 
remote. Only other remote control would be 'telnet' but hey, ms telnet 
can't pertform remote commands.

Last question; if I provided a pubkey in the 'administrator' (cygwin) 
environment, who am I for windows ?

Thank you very much.
Next I guess I'll go look for some tip on how to unlock iisreset so it 
can be used by whatever admin and not just local ..

>
>HTH,
>
>Larry
>
>
>At 02:56 PM 9/17/2003, Olivier ALLART you wrote:
>
>  
>
>>Thank you for the details, but then, why *some commands* work and not others ?
>>And more specifically, how can I make *this command* work ?
>>
>>
>>Larry Hall wrote:
>>
>>    
>>
>>>I think you missed the fact that pubkey authentication does impersonation,
>>>not Windows-style authentication.  So Windows apps won't recognize the pubkey
>>>authentication as providing permissions to run restricted programs.  You'll
>>>have to use password authentication if you want Windows to recognize the
>>>user you've become via ssh.  You can find all sorts of discussion on the difference between pubkey and password authentication for ssh in the email archives if you're interested.
>>>
>>>      
>>>
>>At 12:40 PM 9/17/2003, Olivier ALLART you wrote:
>>
>>    
>>
>>>Following Mark J de Jong 's step by step howto (see end of mail for some add-ons), I can now effectively log in with pkey method (that is, no password) using the 'administrator' user name.
>>>'whoami' returns 'administrator', however asking for a command such as IISRESET returns the error 'you are not a local administrator of this machine...', which means the rights management has failed somewhere.
>>>
>>>      
>>>
>>
>>
>>    
>>
>>>--
>>>Larry Hall                              http://www.rfk.com
>>>RFK Partners, Inc.                      (508) 893-9779 - RFK Office
>>>838 Washington Street                   (508) 893-9889 - FAX
>>>Holliston, MA 01746                     
>>>
>>>
>>>.
>>>
>>>
>>>      
>>>
>>
>>--
>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>Problem reports:       http://cygwin.com/problems.html
>>Documentation:         http://cygwin.com/docs.html
>>FAQ:                   http://cygwin.com/faq/
>>    
>>
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/
>
>
>.
>
>  
>



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -