X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=cDqknarVYwGgpuJ1
	q0QTC3BUjAqhS6vgElS5RlkilFy9fDGx6q8MHdEPqdP4szcyrUQrzfrI+I0hWqun
	DrxIyAFzsDWXDS+cBMRzIIDlkvilmD06g89Y904bNDcrKlujIfESLJ0gcylHm3dw
	9NKiwXxgPLuYV5CGFFFMmpYXmso=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=XX9+yty78ClAKx6lANl9Nb
	8yj00=; b=u3dPDBJ4SZAYlatXUaD4XvbUbpbPfpUoqZUr9b2bcoJfrymK+Td8CB
	AB/GT7K/4DROkCl+8SNunMb9CEFQwckmZt8m8gXBzXldr+VnVhbIbhFt5b8tiPTG
	8h2zi/o5Op2/kUieAEPDfw9+Jd1/DKiVLwSXgc760q33ShMENzAe8=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO: vms173023pub.verizon.net
Message-id: <53FB5B01.60203@cygwin.com>
Date: Mon, 25 Aug 2014 11:49:21 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh@cygwin.com>
Reply-to: cygwin@cygwin.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-version: 1.0
To: cygwin@cygwin.com
Subject: Re: Windows 7 sshd can only login as cyg_server
References: <53F6459F.5060203@prager.ws> <20140822130626.GK32314@calimero.vinschen.de> <53F77CAB.4000800@cygwin.com> <20140822201933.GN32314@calimero.vinschen.de> <53F7A865.6030801@cygwin.com> <20140822204402.GP32314@calimero.vinschen.de> <53F7B515.8020704@cygwin.com> <20140825105139.GE11052@calimero.vinschen.de> <20140825110043.GF11052@calimero.vinschen.de>
In-reply-to: <20140825110043.GF11052@calimero.vinschen.de>
Content-type: text/plain; charset=UTF-8; format=flowed
Content-transfer-encoding: 7bit

On 08/25/2014 07:00 AM, Corinna Vinschen wrote:
> On Aug 25 12:51, Corinna Vinschen wrote:
>> On Aug 22 17:24, Larry Hall (Cygwin) wrote:
>>> On 08/22/2014 04:44 PM, Corinna Vinschen wrote:
>>>
>>> <snip>
>>>
>>>> That's what I meant.  Do you have a non-admin account for testing
>>>> a login?
>>>
>>> I can only make a local non-admin user.  If I use that, it is just
>>> returning "Permission denied" after I enter the password.  I guess I'll
>>> have to fiddle with it a little more to see if I can figure out why that
>>> is.  But that seems tangential to the issue reported.
>>
>> But your effect doesn't sound good either.
>
> Did you create a passwd entry?  I just set up a machine for testing
> with a local cyg_server account, and I can login with local accounts
> just fine.  It's the domain accounts which fail.  In my case bash simply
> hangs for some reason I have yet to figure out.

Well I'm not sure I would expect a hang necessarily, unless it was trying
to interact with the PDC in some degenerate way.  But refusing connections
from domain user accounts in this configuration makes sense to me.
Obviously, there are more alternatives than I'm aware of here though...

Ugh!  I thought I had created a password entry for my local non-admin user
but I didn't.  Once I did that, I was able to ssh in using that user (and
password) just fine with the local cyg_server account.  So I think we
can chalk this failure up to user-error. ;-)

> If I use the domain cyg_server account, I can login with domain accounts
> as well as local accounts, independent of their admin-ness.

Yeah, I wish I could created domain accounts of either or both types to try.
But I suppose in the end, I may just be confirming that the domain I'm
working in is..."odd".  The behaviour you describe is exactly what I would
expect.  The behaviour I'm seeing with my domain (as well as local admin)
user being able to connect with only a local cyg_server seems a bit odd to
me.  But I suppose even if it is a generic "loophole", one could consider
it a feature. ;-)

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple