| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-3.4 required=5.0 tests=BAYES_00,KHOP_THREADED,SPF_HELO_PASS,T_RP_MATCHES_RCVD |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | David Koppenhofer <david AT coffeefish DOT org> |
| Subject: | Re: Seteuid "operation not permitted" error when using LSA for sshd |
| Date: | Thu, 2 Aug 2012 18:39:40 +0000 (UTC) |
| Lines: | 25 |
| Message-ID: | <loom.20120802T203152-34@post.gmane.org> |
| References: | <CAKXb5pJZX7kaz12C1E-GEk7ws7oc2xAxQmr8EaND3KZ3_GzCmg AT mail DOT gmail DOT com> <CAKXb5pJjCBvbj1ZfU8WiEohz2QqW+edUi1Dz6anhELTk2wuZ_g AT mail DOT gmail DOT com> <CAKXb5p+ETsym1MtM3Ev964XN3aTLNMabSfPkSj0KEHE53GGZeg AT mail DOT gmail DOT com> <20120529125057 DOT GD12040 AT calimero DOT vinschen DOT de> <loom DOT 20120801T202919-35 AT post DOT gmane DOT org> <20120802091119 DOT GA12772 AT calimero DOT vinschen DOT de> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
> Why did you install cyglsa64 from the old snapshot? The changes to > cyglsa are supposed to be in the Cygwin 1.7.16 package anyway. Because I was grasping for straws, and didn't know the fix was in the current package. > > I rebooted the server, made sure the sshd service was running, but I still > > receive the "sshd: PID 3064: fatal: seteuid 1000: Operation not permitted" error. > > Does the service account have TCB privileges? That's a hard requirement > for the user switch. Ah ha! The service account does not have the "Act as part of the operating system" permission. However, I ended up asking the network admin to give "Create a token object" to the service account. Since key authentication started working after that, I'll just leave things as they are. Thanks for your help. David -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |