X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 9F5F63858400
Authentication-Results:	sourceware.org;
	dmarc=none (p=none dis=none) header.from=pdinc.us
Authentication-Results:	sourceware.org; spf=pass smtp.mailfrom=pdinc.us
DKIM-Filter:	OpenDKIM Filter v2.11.0 mail2.pdinc.us 1AAIPeUO011719
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default;
	t=1636568741; bh=gGIwTT3ueJvG9eFF83DEWx1+cP1EULqSW/20yewBwL0=;
	h=From:To:References:In-Reply-To:Subject:Date:From;
	b=p5jtBOlDNa3QuT1E7okuKY04ySy1sc3knh39Kf6TG7o2IGzAYQYmdVYaZSK++2ZHj
	fn4EtzvNJxnseSzKFFZe0UmR9IeQrsS5qSQN7/NkuFjcRw3lB+sb+vAHVvN2ecKO1T
	WV4PbJswuDeZgPcOvm55vfQOLKyVHCRQ49FieGKwIWCB/KxK3bmjHfhcpZ6/ZvoSSA
	d/7lvX7vwz3wmKBAKRTKAj46R6gWJ9Bfb4Da2oM1X/VkyLPQxlca7krU52QGOyefQa
	6u+omLW2va9w93ZV9TCU1LcPfjMBUGeds2Cr50dR95rlm8XOyV90PP6N768hWchsUw
	xqmvhTUwgp+cA==
From:	"Jason Pyeron" <jpyeron AT pdinc DOT us>
To:	<cygwin AT cygwin DOT com>
References:	<2dfb0a68-b9e3-f9fb-817b-651fec02adf5 AT onespin DOT com>
	<CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q AT mail DOT gmail DOT com>
	<97042d57-fa36-da97-9c05-493a2c645991 AT onespin DOT com>
	<CANV9t=QDuhHQSq7kruiTo0CfBnTJCtKVLSj88aFqGZZdBaKA=Q AT mail DOT gmail DOT com>
In-Reply-To:	<CANV9t=QDuhHQSq7kruiTo0CfBnTJCtKVLSj88aFqGZZdBaKA=Q@mail.gmail.com>
Subject:	RE: [cygwin] Re: Problem with ssh(d)
Date:	Wed, 10 Nov 2021 13:25:36 -0500
Organization:	PD Inc
Message-ID:	<037a01d7d660$5b9c8db0$12d5a910$@pdinc.us>
MIME-Version:	1.0
X-Mailer:	Microsoft Outlook 16.0
Thread-Index:	AQGbz+MuxzBhnOpDKxzOIY5pgXX0PwFJPPmWAfCFdlUCyTmqeaxFCGGQ
X-Spam-Status:	No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS,
	SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

> -----Original Message-----
> From: Bill Stewart
> Sent: Wednesday, November 10, 2021 10:44 AM
> 
> On Wed, Nov 10, 2021 at 8:28 AM Strasser, Dominik (DI SW ICS ICV) wrote:
> 
> I know that this is the standard installation. But we absolutely need
> > passwordless login. So this was the workaround we found.
> > The number of groups differs when sshd is run as local system, and when
> > authorized_keys exist or not. Groups are OK, when it is run under the one
> > user we absolutely need the passwordless login.
> >
> 
> Password-less logon is supported when running as local system. I do this
> all the time, so there must be something that is not correct about your
> configuration.
> 
> Sorry, don't know what that might be.

I slightly misread the email.

To be clear password less login works - BUT as I said MS design choices result in a different security token being issues without password vs with password.

As such your ability to access certain resources are limited.

Enumerate the groups you have as PKI authentication then bless those groups to perform the action needed.

-Jason

--
Jason Pyeron  | Architect
PD Inc        | Certified SBA 8(a)
10 w 24th St  | Certified SBA HUBZone
Baltimore, MD | CAGE Code: 1WVR6
 
.mil: jason DOT j DOT pyeron DOT ctr AT mail DOT mil
.com: jpyeron AT pdinc DOT us
tel : 202-741-9397



-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -