X-Recipient: archive-cygwin@delorie.com
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9F5F63858400
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=pdinc.us
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=pdinc.us
DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.pdinc.us 1AAIPeUO011719
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default;
 t=1636568741; bh=gGIwTT3ueJvG9eFF83DEWx1+cP1EULqSW/20yewBwL0=;
 h=From:To:References:In-Reply-To:Subject:Date:From;
 b=p5jtBOlDNa3QuT1E7okuKY04ySy1sc3knh39Kf6TG7o2IGzAYQYmdVYaZSK++2ZHj
 fn4EtzvNJxnseSzKFFZe0UmR9IeQrsS5qSQN7/NkuFjcRw3lB+sb+vAHVvN2ecKO1T
 WV4PbJswuDeZgPcOvm55vfQOLKyVHCRQ49FieGKwIWCB/KxK3bmjHfhcpZ6/ZvoSSA
 d/7lvX7vwz3wmKBAKRTKAj46R6gWJ9Bfb4Da2oM1X/VkyLPQxlca7krU52QGOyefQa
 6u+omLW2va9w93ZV9TCU1LcPfjMBUGeds2Cr50dR95rlm8XOyV90PP6N768hWchsUw
 xqmvhTUwgp+cA==
From: "Jason Pyeron" <jpyeron@pdinc.us>
To: <cygwin@cygwin.com>
References: <2dfb0a68-b9e3-f9fb-817b-651fec02adf5@onespin.com>
 <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q@mail.gmail.com>
 <97042d57-fa36-da97-9c05-493a2c645991@onespin.com>
 <CANV9t=QDuhHQSq7kruiTo0CfBnTJCtKVLSj88aFqGZZdBaKA=Q@mail.gmail.com>
In-Reply-To: <CANV9t=QDuhHQSq7kruiTo0CfBnTJCtKVLSj88aFqGZZdBaKA=Q@mail.gmail.com>
Subject: RE: [cygwin] Re: Problem with ssh(d)
Date: Wed, 10 Nov 2021 13:25:36 -0500
Organization: PD Inc
Message-ID: <037a01d7d660$5b9c8db0$12d5a910$@pdinc.us>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGbz+MuxzBhnOpDKxzOIY5pgXX0PwFJPPmWAfCFdlUCyTmqeaxFCGGQ
Content-Language: en-us
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS,
 SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie.com@cygwin.com>

> -----Original Message-----
> From: Bill Stewart
> Sent: Wednesday, November 10, 2021 10:44 AM
> 
> On Wed, Nov 10, 2021 at 8:28 AM Strasser, Dominik (DI SW ICS ICV) wrote:
> 
> I know that this is the standard installation. But we absolutely need
> > passwordless login. So this was the workaround we found.
> > The number of groups differs when sshd is run as local system, and when
> > authorized_keys exist or not. Groups are OK, when it is run under the one
> > user we absolutely need the passwordless login.
> >
> 
> Password-less logon is supported when running as local system. I do this
> all the time, so there must be something that is not correct about your
> configuration.
> 
> Sorry, don't know what that might be.

I slightly misread the email.

To be clear password less login works - BUT as I said MS design choices result in a different security token being issues without password vs with password.

As such your ability to access certain resources are limited.

Enumerate the groups you have as PKI authentication then bless those groups to perform the action needed.

-Jason

--
Jason Pyeron  | Architect
PD Inc        | Certified SBA 8(a)
10 w 24th St  | Certified SBA HUBZone
Baltimore, MD | CAGE Code: 1WVR6
 
.mil: jason.j.pyeron.ctr@mail.mil
.com: jpyeron@pdinc.us
tel : 202-741-9397



-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple