Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<41E443C6.2040307@t-online.de>
Date:	Tue, 11 Jan 2005 22:23:18 +0100
From:	"Harald Dunkel" <harald DOT dunkel AT t-online DOT de>
User-Agent:	Mozilla Thunderbird 0.9 (X11/20041130)
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: cannot access $HOME (on Samba) via ssh
References:	<41E42508 DOT 3020400 AT t-online DOT de> <Pine DOT GSO DOT 4 DOT 61 DOT 0501111507530 DOT 15512 AT slinky DOT cs DOT nyu DOT edu>
In-Reply-To:	<Pine.GSO.4.61.0501111507530.15512@slinky.cs.nyu.edu>
X-ID:	bdhU2uZGoeugn1xfeYR6pAY5vPQwgmabope0JXWVaJdbvejnRy5Wwf
X-TOI-MSGID:	e6e36aee-ac4f-4009-a525-7aeae44f60b6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Igor Pechtchanski wrote:
|
| I believe you missed the fact that the above link talks about
| *passwordless* authentication.  The authentication token constructed by
| sshd won't contain the password, and therefore cannot be used to access
| network shares that require authentication.  This is a Windows limitation,
| and Cygwin can't do anything about it.
|

Sorry, but I guess you missed the fact that I did not mention
_passwordless_ authentication with any word.

sshd _did_ ask me for a password. Nevertheless, after entering
the password my usual home dir //bierfass/dunkel was not available.
If Windows needs another password to access the network share,
too: Fine. I wouldn't like to enter the same password twice,
but it is still better than having no access to my data.


The link you had sent says

<quote>
Since Cygwin release 1.3.3, applications having the Create a
process level token user right can switch user context without
giving a password by just calling the usual setuid, seteuid,
setgid and setegid functions. This is typically only given
to the SYSTEM user. However, this now allows to switch the
user context using e. g. rhosts authentication or (when
running sshd under SYSTEM account as service) public key
authentication.

An important restriction of this method is that a process
started under SYSTEM account can't access network shares
which require authentication. This also applies to the
subprocesses which switched the user context without a
password. People using network home drives are typically not
able to access it when trying to login using ssh or rsh
without password.
</quote>


If this method was introduced with Cygwin 1.3.3, how did ssh
and rsh work before this release?


Regards

Harri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5EPGUTlbRTxpHjcRArunAKCGHRp69gre53o8C51ZNXFHwPyUHwCcC4nr
gOK4zzyhWmpuaR2AZFS+u0A=
=wikV
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -