Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <3D7E319B.296C74E0@verizon.net>
Date: Tue, 10 Sep 2002 10:53:31 -0700
From: David Rothenberger <d.roth@verizon.net>
X-Accept-Language: en
MIME-Version: 1.0
To: Scott Evans <gse@antisleep.com>
CC: cygwin@cygwin.com
Subject: Re: accessing shared drives when logged in via ssh
References: <Pine.LNX.4.44.0209101040370.980-100000@oontz.dissonant.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH PLAIN at pop017.verizon.net from [216.34.91.132] using ID <res00a7j@verizon.net> at Tue, 10 Sep 2002 12:53:32 -0500

> > This is expected behavior if sshd is running as LocalSystem and you used
> > publickey authentication when you logged in.  On my Win2k box, I can
> > access shares if I use password authentication.
> 
> No way -- really?  I'll have to try it.
> 
> That behavior seems pretty surprising to me; why should the type of
> authentication end you up with any more or less priveleges?  And for that
> matter, why would *password* auth be treated as "more secure" than
> publickey?

This is really a good thing.  Basically, the sshd daemon can not switch
user contexts within the domain without a password.  If that weren't the
case, a user with only local Admin rights could use ssh to become _any
user_ in the domain without ever providing a password for that user!

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/