| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:subject:to:references:from:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=dw2fXzKBPxENtCUk | |
| yQPM8NQn8yoBHPCn3PzoTGzgBu3I0SObv+oYLs3MrQKb9Tp8DSLFb/tXkDas3HY+ | |
| NAwo6NaSruG92gLxiHwHr7ymQ+5JISTUlosh5uZKogL8kDCiRHcpNv8sX4wPmQNa | |
| eteCKa6DvHLE5P3QL/vkTAekmSg= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:subject:to:references:from:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=O7S4OlFG23tC6QaYmF28uN | |
| IiHQA=; b=jN5exdiciqJld72i6FNcajjA0uCxw6Bze7IZ7nkO5MLuVU6EJ66i57 | |
| NZOWQhgkmf1SOzR49nUj/sP8TPDwafV/ctLK3vtbJwoJUHw0BkP6kkkQw8LnG5Qd | |
| hZ1PuwJ/Ir33ezGt9cmppzgwbbOuyHwiaAijQP/K1vsMFiMy6rh9s= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-2.2 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 |
| X-HELO: | BLU004-OMC1S28.hotmail.com |
| X-TMN: | [eGtJElVQXXhoNb+OGWYr8BC2PxZ3DZ2L] |
| Message-ID: | <BLU436-SMTP238C37DE9A243EA7E7F794F9E840@phx.gbl> |
| Subject: | Re: Cygwin ssh and Windows authentication |
| To: | cygwin AT cygwin DOT com |
| References: | <BLU436-SMTP39AE7DD48809E802CE4DAE9E860 AT phx DOT gbl> <1301881165 DOT 20150720013859 AT yandex DOT ru> <BLU436-SMTP217DCBDBFA0EED5BC1ACFFB9E850 AT phx DOT gbl> <1399485278 DOT 20150721032532 AT yandex DOT ru> |
| From: | Jarek <yaro_29 AT hotmail DOT com> |
| Date: | Tue, 21 Jul 2015 16:30:26 +0200 |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <1399485278.20150721032532@yandex.ru> |
On 2015-07-21 02:25, Andrey Repin wrote: > Greetings, Jarek! Hey Andrey. >> So why are they not needed as your comment doesn't really explain that > Read 1.7.35 changelog. > In short, username resolution was completely reworked, thanks to Corinna, and > Cygwin now directly address domain controllers for it. OK so it addresses DCs to check some settings or priviliges. I don't suppose it just asks 'hey DS, can contoso\johnd access sshd on server1?' to which the DC is like 'dude, what the heck is sshd?' :) I now have the cygwin service running in domain context so now I would somehow need to let the DC know whe is allowed to ssh to my server1. My domain account, although in local admins on the server is now failing authentication when trying to ssh. Which gets us back to the question what do I need for a DC to authenticate me? > >> and how exactly did I screwed up my setup if I can actually access the >> server with a domain user account no problem? > On that, I'm surprized. Maybe a bug then? > >> Perhaps it's not how it works but it somehow works so again would be good to >> know why. It's only domain groups that don't work. Even if I set the service >> account to run under a domain account how would this fix my problem with >> group access assuming in current setup it works for domain users but not for >> groups? >> Again if not the /etc/passwd or /etc/group files then what controls the >> access? > /etc/passwd/group has nothing to do with "access control". > The files were only used to convert Windows to Cygwin names (and supply other > Cygwin-specific information), on the presumption that there will never be too > much of it. This is now done on the fly, allowing to deploy Cygwin in large > domains. > > P.S. > I would appreciate, if you don't top-post. > Yeah, sorry for my bad formatting. Working on that. Hope I'm not top-posting again. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |