Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Date: Sun, 18 Apr 2004 12:18:15 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: rsync  question
Message-ID: <20040418101815.GB1307@cygbert.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <E1BEZFt-0001Y4-2L@host4-server.com> <E1BEZFt-0001Y4-2L@host4-server.com> <3.0.5.32.20040416194934.007fe530@incoming.verizon.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3.0.5.32.20040416194934.007fe530@incoming.verizon.net>
User-Agent: Mutt/1.4.2i

On Apr 16 19:49, Pierre A. Humblet wrote:
> At 12:08 AM 4/17/2004 +0200, Corinna Vinschen wrote:
> >On Apr 16 15:44, Peter Kok wrote:
> 
> >> Q2: Could nontsec work with public key authentication?  I have granted 
> >> the account with several local user rights, "create token object, 
> >> logon 
> >> as a service' and 'replace a process level token'
> >
> >Did you give the SYSTEM account the right to read your ~/.ssh directory
> >and the files in it?  Does the service know about nontsec (set CYGWIN
> >in global windows environment or through cygrunsrv)?  Is StrictModes set
> >to no in /etc/sshd_config?
> 
> >From Peter's question it's not clear if his sshd is running as SYSTEM.
> If it is, then granting the privileges to the user should not be
> necessary, but that doesn't explain the problem.
> 
> I can reproduce on an NT system, with sshd running as SYSTEM,
> but I can't explain it. Part of the debug output of ssh is given
> below, with and without ntsec. The difference is in the last few
> lines.

It's a problem with the ntsec specific test in OpenSSH itself.  The
test requires ntsec to be turned on for switching user context w/o
password.  This isn't required anymore for a while but the test in
OpenSSH still insists on ntsec for pubkey auth.

I've send a patch to the portable OpenSSH developers list which hopefully
makes it into 3.8.1p1, which is due RSN.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Co-Project Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/