X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
From:	"Ken Turner" <kjt AT cs DOT stir DOT ac DOT uk>
To:	<cygwin AT cygwin DOT com>
References:
Subject:	RE: Mapping of Windows Domains?
Date:	Wed, 23 Jul 2008 21:10:28 +0100
Message-ID:	<A55B11829BE84959AB8FF78BDB82B4B4@Wampum>
MIME-Version:	1.0
X-Mailer:	Microsoft Office Outlook 11
In-Reply-To:
X-stir.ac.uk-MailScanner:	Found to be clean
X-stir.ac.uk-MailScanner-From:	kjt AT cs DOT stir DOT ac DOT uk
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

| > It turns out that these files are being served up with a fake domain name
| > "D1" (because our Unix server isn't part of a Windows domain). When I log
| > in I am authenticated against a real domain "D2". As a result, "D2\kjt"
| > cannot access files whose permissions are set for "D1\kjt". There doesn't
| > seem to be any way of influencing the choice of fake domain name "D1", so
| > I need a client-side solution.
| > 
| > Is there any way to get CygWin or Windows to map domains (e.g. to treat
| > "D1" as equivalent to "D2")? Thanks!
| 
|   Think about what you're asking for.
| 
|   You want to change something at the client end, so that, without doing
| anything at the server end, somebody who isn't a member of a domain could
| get access to files as if they were a domain member.
| 
|   If you could pretend to be a user in a domain you're not a member of, why
| not go the whole hippo and ask to be root in the domain you're not a member
| of (by making yourself root of your own domain that you can control)?
| 
|   If anything remotely like that was even possible, security would simply
| not exist, wouldn't it?  You'd basically be letting anyone anywhere on the
| internet have full and free access to any file on any server anywhere in the
| worlds without having permissions or passwords.
| 
|   So, no, you can't do it.  And if you could, you'd be horrified to realise
| that everyone else in the world (D4\kjt, D5\kjt, .... Danything\kjt) could
| get their hands on your files just by changing their username to kjt.

Many thanks for the clarification. If that's the consequence of what I asked,
then I agree it's not viable.

The fact remains that I'm stuck with a 2.5 year old version of CygWin. I've
described the problem in two posts, but haven't managed to find a solution.
Since the above is evidently a non-starter, have you any idea how to get round
this problem? Alternatively, what changed in this area with CygWin 1.5.18-2?
Thanks for your time.


-- 
Academic Excellence at the Heart of Scotland.
The University of Stirling is a charity registered in Scotland, 
 number SC 011159.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -