Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com X-Originating-IP: [24.0.161.175] From: "Karl M" To: cygwin AT cygwin DOT com Cc: openssh-unix-dev AT mindrot DOT org Subject: Re: Initial patch to implement partial auth with SSH2 Date: Fri, 20 Apr 2001 01:29:42 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 20 Apr 2001 08:29:43.0044 (UTC) FILETIME=[0C8EAC40:01C0C974] Hi All... I've been experimenting with the partial authorization patch for OpenSSH-2.5.2. I'm using CygWin on a Windows 2000 (SP1) box. I noticed a bug in the patch that shows up for CygWin users. The problem is that publickey authentication only works if sshd is running with the same user-id as the ssh client. When I run sshd as a service with a user-id of LocalSystem publickey authentication fails. This is because the check_nt_auth call in userauth-pubkey fails if the ssh user-id is different from the sshd user-id. It looks to me like userauth_pubkey needs to "suspend disbelief" (and not call check_nt_auth and auth_password) for partial authentication, in the hope that a password may come later. Then somewhere check_nt_auth auth_password need to be called to make sure that we don't forget to set the sshd user-id to the ssh user-id. Thanks, ...Karl _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple