| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=wmVJuy7GUp3QBLbVNtnTyN3fpjdEbD/0LVJm79FwqlikXWT2SjqvO | |
| vWcksddoOLJeFO9NFBHMV8fGSBUVT8pfTEh/Wmtd6Dpn+KGhU88kNQYvm9ffjxtE | |
| T+4PzPJMF63oYnHIkPBCxzrdVUNKTLnpQKAH7SmTuI4LSa1CN+SWGE= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=eF4YkeCQ7LpKaFTCod/Woh6VQv4=; b=sZy02AOwuNsHGdI1Rk7H6BpC3kOx | |
| LbWxSXFCoIrJfLiuB7gUbfYdP+RWJdPKwd6wThFzDlkej9BPEjuXVsV2DNL+VV0J | |
| MjdP0bfx3FrQ2yOZsgduIqJj7OTWPjZDix1krIaUC50ne6cxDcV8pLDGIc8R0mVH | |
| iD6rZRIhUpc3tyE= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=techniques, privileges, Hx-languages-length:1445, H*F:D*cygwin.com |
| X-HELO: | mout.kundenserver.de |
| Date: | Wed, 6 Mar 2019 13:28:16 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: can't access remote shares when using ssh with rsa key - passwd -R / set(e)uid / LogonUser is not working as expected |
| Message-ID: | <20190306122816.GP3785@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <878sxt86kp DOT fsf AT Rainer DOT invalid> <AM6PR07MB5334BEC016F182E1F97F817695730 AT AM6PR07MB5334 DOT eurprd07 DOT prod DOT outlook DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <AM6PR07MB5334BEC016F182E1F97F817695730@AM6PR07MB5334.eurprd07.prod.outlook.com> |
| User-Agent: | Mutt/1.11.3 (2019-02-01) |
--0aF+6pWUK5w8WdCh Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mar 6 10:09, Maayan Apelboim wrote: > Well, it doesn't work OK unfortunately, but I'm not sure if I missed some= thing in the process, or is it just not working properly. > I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major ve= rsion and will probably have new bugs that I wouldn't want to find in produ= ction. >=20 > Assuming we will eventually upgrade to latest version -=20 > My sshd service is running with domain user cyg_server and we login with = domains users via ssh - is it still OK to switch the sshd service's user to= local system? > Will we still be able to login with domain users via ssh? Yes, that's the idea. The new method using the official S4U logon technique runs under the SYSTEM account. No need to have a special cyg_server account with potentially dangerous privileges anymore. > Will it help with my network shares problem? No. Just like the old techniques using an LSA authentication module or creating a user token from scratch, S4U login does not create tokens with valid network credentials. For some weird reason only Microsoft knows about, you still need a password login for that. The other method, logging in by stored password, as described in https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still works, though. Corinna --=20 Corinna Vinschen Cygwin Maintainer --0aF+6pWUK5w8WdCh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/vOAACgkQ9TYGna5E T6BbFw//X/ssn7jX1BZPMaGXDh4NqMXaZQ+sTFFqm+i+54NHlv9i07YgQD5+rspG eJ2Yo7kf4QFujKcmV6kFt6dq+ztLiTdJCo9Z+Vf3tT/8bZIJjiU/F0RpzzvXmcte pWt/fiUMwSi28zezT1ucsr2PlLY4JvgEt4fSkMjaBSYXOfrflm3dTIcNEt4KSF4o XzZA3Wa3yvkik6ybZ+MhMGf/ssEuzbg9kXZXtiV1zF7o2iw8LrwVlDEbhzTMrzMh r+7IjHfB1MR+me9Wj8YWa/TdDgnKgtaqOPWpMaxEgAKNGiT0EnlzFiqOUglbQPjB 3ES43qNDBeiVyBYXYP79bnLOMoFF/Z7Ai+s9QtEREEw0eUcxEAR+9v4l+w7/JKtA LTfduubhAN7/IIE9WzEbqmqNSCVBtl8xlBchWpdAJTBp5MBZlbOnqWZlbDNegS0T c9WJgdRxnHrY2iFA+M7cQzIUhqRB//oV/WWkUyOqI3ccAhW+U63cKydHdDCd9BPz S5Bbzv7q7/OkBMPRZvDffGxRreFG0OhpaXXsAsO4UFTELTkKQrI6lxmV07Fo6XuS 2zF/3YpHGDBw3fIhMeuLAqpFeFm0S4LoH487Hq6dnvOSrWXpK0oYgS7ICkkC6DqN XqbM07tWicNZ0GO6tpi+LqT44SNSb676H70/BW1NrmMpCnD8Ar8= =adfJ -----END PGP SIGNATURE----- --0aF+6pWUK5w8WdCh--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |