Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Reply-To:	Cygwin List <cygwin AT cygwin DOT com>
Message-Id:	<6.1.0.6.0.20040916151323.03bab3e0@pop.prospeed.net>
X-Sender:
Date:	Thu, 16 Sep 2004 15:20:11 -0400
To:	Konstantin Andreev <pkl AT datatech DOT ru>, cygwin AT cygwin DOT com
From:	Larry Hall <lh-no-personal-replies-please AT cygwin DOT com>
Subject:	Re: OpenSSH public key authentication: suspicios in domain environment.
In-Reply-To:	<168201745184.20040916230247@tortrade.ru>
References:	<168201745184 DOT 20040916230247 AT tortrade DOT ru>
Mime-Version:	1.0

At 03:02 PM 9/16/2004, you wrote:

>Suppose, I have Windows XP workstation (TEX), member of domain DOM
>(Microsoft Windows Networking), and Cygwin/SSH daemon are running
>on this workstation (TEX).
>
>Suppose, on TEX, I set up record in /etc/passwd for domain user DOMUSR.
>
>If I logon on TEX as DOMUSR with password authentication, this logon
>is indistinguishable from regular local logon to TEX:
>
>   - record in Security Log appeares
>   - command shell is assigned with identical Access Token, and
>     privileges.
>   - command shell is running under DOMUSR account.
>
>But, if I try to logon on TEX as DOMUSR with public key authentication,
>logon succeeds, but strange things appears:
>
>   - *NO* record appears in Security Log about logon event.
>   - command shell has strange Access Token, in particular, it does
>     not contain these SIDS:
>         - Logon SID  (S-1-5-5-0-...)
>         - S-1-5-4  NT AUTHORITY\INTERACTIVE
>         - S-1-2-0  \LOCAL
>   - command shell holds all privileges enabled (like SYSTEM process),
>     whereas some of the privileges should be disabled.
>   - some utilities consider command shell process as running under
>     "NT AUTHORITY\SYSTEM" account, in particular, "whoami.exe" from
>     "Windows Server 2003 Resource Kit Tools".
>
>Could anybody comment this ?


Sure.  This isn't strange.  Just think about it.  You haven't authenticated
with Windows so it certainly doesn't know you as an authenticated user.  If
you want/need to be authenticated as this user in the domain, use password
authentication.  There's plenty of discussion about this across many 
resources, including this mailing lists' archives, the readme for openssh,
and the User's Guide 
(<http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SWITCH>), if you're 
looking for more insight.



--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -