Mailing-List:	contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT cygwin DOT com>
List-Help:	<mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin-developers AT cygwin DOT com
Date:	Fri, 13 Dec 2002 13:59:06 +0100
From:	Corinna Vinschen <vinschen AT redhat DOT com>
To:	cygwin-developers AT cygwin DOT com
Subject:	Re: Subauthentication
Message-ID:	<20021213135906.R7796@cygbert.vinschen.de>
Reply-To:	cygwin-developers AT cygwin DOT com
Mail-Followup-To:	cygwin-developers AT cygwin DOT com
References:	<20021213125004 DOT O7796 AT cygbert DOT vinschen DOT de> <NFBBLLCAILKHOEOHEFMHMEAICEAA DOT hartmut_honisch AT web DOT de>
Mime-Version:	1.0
In-Reply-To:	<NFBBLLCAILKHOEOHEFMHMEAICEAA.hartmut_honisch@web.de>
User-Agent:	Mutt/1.3.22.1i

On Fri, Dec 13, 2002 at 01:22:38PM +0100, Hartmut Honisch wrote:
> > That sounds really interesting.  If we turn around the order in
> > seteuid again (first call subauth, if that fails create_token) we
> > could use that extra step as explained above to create a correct
> > logon token.  It's just important, that the current NTCreateToken
> > stuff still works as today if subauth is not installed.
> 
> There are scenarios where we would have to call both subauth and
> create_token. Pierre pointed out some problems with setgid / setgroups and
> subauthentication:

Sure.  I was just saying that the create_token magic should still
work as today if subauth fails.  Otherwise I see the advantage of
having a logon session.  It's ok, somebody just has to implement it ;-)

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

- Raw text -