Mail Archives: cygwin/2004/09/24/12:56:44
On 24.09.2004 at 09:39 Gabe Rosenhouse wrote:
>Thanks.
>Is there something I can read that contrasts the functionality
>implications of ntsec vs nontsec?
>http://cygwin.com/cygwin-ug-net/ntsec.html doesn't go into details on
>the differences between the two settings.
>One question specifically is, under nontsec, will domain users will
>still be able to login via SSH and be recognized as members of their
>domain groups?
>
I am no expert on cygwin internal details so I won't guess on
the functionality implications.
But I have a system with NT4Server, the sshd daemon running with the
environment variable set to CYGWIN=nontsec binmode tty, and it works.
Clients can log in via ssh and are correctly recognized in the domain.
and because the sshd daemon has CYGWIN=nontsec, all bash logon shells
started via ssh also inherit the environment setting 'nontsec' and
everything works fine.
(mind, I just see that it works, I cannot give the exact reasons, it
just works)
If you do not want your sshd daemon running with 'nontsec', but with
'ntsec' but still require all login shells to have the environment
variable set to 'nontsec' it gets a bit tricky.
I experimented a bit, but take everything with the usual grain of salt.
There is a setting in sshd_daemon called 'PermitUserEnvironment' which
is set to 'no' per default. check out the man pages on this.
You can also edit one of the startup scripts which are read by bash at
program start (I suppose other shells have something equivalent).
see man bash for a list of those files. one of them is /etc/profile IIRC.
HTH
benjamin
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -