Message-ID: <4A075F01.2080103@gmail.com>
Date: Mon, 11 May 2009 00:10:57 +0100
From: Dave Korn <dave.korn.cygwin@googlemail.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: ssh, smbntsec, mounted home directory - is it possible
References: <gu0hcm$dc4$1@ger.gmane.org> <gu6scm$o1f$1@ger.gmane.org>
In-Reply-To: <gu6scm$o1f$1@ger.gmane.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

Andrew DeFaria wrote:

>> So to recap: I'd like to provide pre-shared key ssh access to a
>> particular username. I cannot, however, use an SMB shared home directory
>> for that user without encountering problems with ssh and permissions.
>>
>> If the above statement is not true and you have any ideas on how to
>> achieve these objectives then let me know.
>>   
> Anybody care to comment or at least acknowledge this issue?

  The above statement is, unfortunately, true.  IIUC, until you can use 1.7
with the lsa auth plugin (or perhaps this password caching feature, I'm not
familiar with it), any user logging in by ssh key does not really log in as
the actual windows user they are trying to be, but impersonates (after some
fashion - it might not actually be token impersonation in the win32 api sense
of the word) that user, while actually really being the ssh user underneath.

  I could be wrong.  I hope someone will jump in if I've seriously mis-spoke,
but I think at least I'm pointing you in the right ball-park.

    cheers,
      DaveK


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/