Mail Archives: cygwin/2004/09/16/15:03:07
Suppose, I have Windows XP workstation (TEX), member of domain DOM
(Microsoft Windows Networking), and Cygwin/SSH daemon are running
on this workstation (TEX).
Suppose, on TEX, I set up record in /etc/passwd for domain user DOMUSR.
If I logon on TEX as DOMUSR with password authentication, this logon
is indistinguishable from regular local logon to TEX:
- record in Security Log appeares
- command shell is assigned with identical Access Token, and
privileges.
- command shell is running under DOMUSR account.
But, if I try to logon on TEX as DOMUSR with public key authentication,
logon succeeds, but strange things appears:
- *NO* record appears in Security Log about logon event.
- command shell has strange Access Token, in particular, it does
not contain these SIDS:
- Logon SID (S-1-5-5-0-...)
- S-1-5-4 NT AUTHORITY\INTERACTIVE
- S-1-2-0 \LOCAL
- command shell holds all privileges enabled (like SYSTEM process),
whereas some of the privileges should be disabled.
- some utilities consider command shell process as running under
"NT AUTHORITY\SYSTEM" account, in particular, "whoami.exe" from
"Windows Server 2003 Resource Kit Tools".
Could anybody comment this ?
-- -
TOR Trade Company, IT Department,
Konstantin Andreev.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -