X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=Dg4
	R7YzS40IKpShD5Xrlrax+VV7ECrK+Ub9zmXAiblOUR+BMLzj7lCsKvHvQPCli0YV
	IhWUgjExeHE337hC04xPeFNo6W5j0vSwpvgdyrMlbfPlshXEg3elKiEx9sDkoMVp
	PCqSRQnp+x4FiLudeTKU0DsqRJTc1sXRGC+kSavw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; s=default; bh=jHv2vGb9T
	B+7JG9CILsEwZeYCpg=; b=MRF5jmGzQHhKwLH4O6s+BkSd250H5OY3+Eckvmmdm
	/JvDo2CJjWZWYxYEbJUI6ZLQRRJZvKWXurkKQZ4uKGC85SBQiDo/Qkp3FggSCWLg
	yOMUCK35FjJZWG7QJADdax2AW/4i0w9p9oCAJHIfZTDd9NcIknd8NOwM7+L1PdQg
	U0=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.7 required=5.0 tests=AWL,BAYES_05,RCVD_IN_DNSWL_NONE,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO: plane.gmane.org
To: cygwin@cygwin.com
From: Achim Gratz <Stromeko@NexGo.DE>
Subject: LDAP integration and sshd
Date: Wed, 25 Jun 2014 12:34:14 +0000 (UTC)
Lines: 22
Message-ID: <loom.20140625T141552-513@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes

I've just managed to set up a working sshd on a Cygwin snapshot with LDAP
integration.  The setup scripts required quite a few modifications to deal
properly with the way local accounts and groups are now named.  I've had to
reinstate files for passwd to record an "sshd" there as otherwise the
service wouldn't start ("Privilege separation user sshd does not exist").

The remaining problem is that all users that will log in have their home
drives mounted from network shares.  I was hoping to use /etc/fstab.d/user
files to mount these only when necessary, but apparently they are not yet
available when sshd tries to check the pubkey credentials and thus falls
back to password login (which I'd like to switch off completely).  What's
the best option here?  Kerberos Authentication looks appealing, but doesn't
seem to work with LDAP.  Putting the public keys elsewhere would also work,
but it isn't clear to me how to configure that.

I've currently made a copy of the .ssh directory under /home/user that later
gets shadowed by the mount point.  While that works to get pubkey logins
working, it is not very appealing as it requires a delicate dance with the
mounts done by the user at the first login.  Any better ideas?

Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple