| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-1.4 required=5.0 tests=AWL,BAYES_00 |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| MIME-Version: | 1.0 |
| Subject: | Re: Cygwin/OpenSSH authentication without applying group policies... |
| X-KeepSent: | DA1DA6AB:02EA5716-C125765C:00325A60; type=4; name=$KeepSent |
| Message-ID: | <4147_1256634669_4AE6B92C_4147_496753_1_OFDA1DA6AB.02EA5716-ONC125765C.00325A60-C125765C.003273B0@nbg.sdv.spb.de> |
| From: | Carsten DOT Porzler AT spb DOT de |
| Date: | Tue, 27 Oct 2009 10:11:06 +0100 |
| X-SafeGuard_MailGateway: | Version: 5.60.3.9732 SGMG Date: 20091027091108Z |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
> On Oct 26 16:01, Carsten DOT Porzler AT spb DOT de wrote: > > Hello, > > > > > With password > > > authentication it's entirely up to the Win32 call LogonUser() to create > > > that token and to manage that connection. Using pubkey authentication > > > you have three choices described in the user's guide. Maybe one of them > > > helps, see > > > http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > > > > > > > > My decripted problem occurs with password and public key (without saved > > password) authentication. > > > > I just asked the question because we see during network tracing that the > > group policies are transferred to the client. > > > > Other logon processes (e.g. mounting a network drive with another user > > than the logged on one) do not transfer the group policies. Is the call > > I assume they don't have to since they only need the network credentials > and policies are perhaps checked on the server. It looks like the > underlying code uses something along the lines of > LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser. > > But that's just a guess. I don't know what's exactly going on under the > hood. > > > LogonUser() really the right one, we use for the login procedure? > > When using password authentication or pubkey with saved password, yes. > It's the one supported Win32 call to create a user token from user name > and password. In contrast to a network share access, we need to create > an interactive token using the LOGON32_LOGON_INTERACTIVE logon type. > But what's about the public key authentication without(!) a password? We recognized, that there ist exactly the same amount of network traffic over the ip-port 26, which means there is something going on with the group policies, too. Although publickey authentication without a password is not a real network logon. Thanks for further informations or some ideas how to handle that. Best regards Carsten Porzler -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |