| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| Date: | Mon, 26 Oct 2009 17:05:42 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Antwort: Re: Cygwin/OpenSSH authentication without applying group policies... |
| Message-ID: | <20091026160542.GO16678@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <412_1256107169_4ADEACA1_412_53_1_OFEB933357 DOT 245BF60B-ONC1257656 DOT 002475C7-C1257656 DOT 00249143 AT nbg DOT sdv DOT spb DOT de> <20091021085420 DOT GF16678 AT calimero DOT vinschen DOT de> <27419_1256569266_4AE5B9B2_27419_1466_1_OFB18C8273 DOT 80CC183C-ONC125765B DOT 0051BE9F-C125765B DOT 00527DBB AT nbg DOT sdv DOT spb DOT de> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <27419_1256569266_4AE5B9B2_27419_1466_1_OFB18C8273.80CC183C-ONC125765B.0051BE9F-C125765B.00527DBB@nbg.sdv.spb.de> |
| User-Agent: | Mutt/1.5.17 (2007-11-01) |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Oct 26 16:01, Carsten DOT Porzler AT spb DOT de wrote: > Hello, > > > With password > > authentication it's entirely up to the Win32 call LogonUser() to create > > that token and to manage that connection. Using pubkey authentication > > you have three choices described in the user's guide. Maybe one of them > > helps, see > > http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > > > > > My decripted problem occurs with password and public key (without saved > password) authentication. > > I just asked the question because we see during network tracing that the > group policies are transferred to the client. > > Other logon processes (e.g. mounting a network drive with another user > than the logged on one) do not transfer the group policies. Is the call I assume they don't have to since they only need the network credentials and policies are perhaps checked on the server. It looks like the underlying code uses something along the lines of LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser. But that's just a guess. I don't know what's exactly going on under the hood. > LogonUser() really the right one, we use for the login procedure? When using password authentication or pubkey with saved password, yes. It's the one supported Win32 call to create a user token from user name and password. In contrast to a network share access, we need to create an interactive token using the LOGON32_LOGON_INTERACTIVE logon type. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |