Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Tue, 3 Jun 2003 08:56:46 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Banville, Stephen" <Stephen DOT Banville AT sycamorenet DOT com>
cc: cygwin AT cygwin DOT com
Subject: RE: NTsec permissions issue over inet
In-Reply-To: <1037EB10994D094790FC003F87DCC0BCE9ABC1@pine>
Message-ID: <Pine.GSO.4.44.0306030849470.21496-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Steve,

Windows "security" is built in such a way that it won't trust
authentication tokens from remote machines that don't contain a password.
Thus, if you use passwordless ssh or rexec, the token created will be
enough for the local machine, but won't be accepted by a remote share.

Password-authenticated ssh *will* let you access network shares (you may
have to re-authenticate for the share itself by providing a user and
password to "net use".  An alternative is to run sshd from a shell owned
by the user you'll be logging in as, and then you should be able to use
passwordless authentication and access network shares too, at the price of
not being able to log in as other users.  You might be able to pull the
same trick with inetd as well (i.e., don't "--install-as-service")...  In
this case, they will reuse the token created when you logged in, IIUC.
	Igor

On Tue, 3 Jun 2003, Banville, Stephen wrote:

> Igor,
>
> Sorry about that. Here si the body of the message that I am replying
> too. I am basically looking for a work-around regarding this issue with
> not being able too access network driver during remote acess. There has
> been some insight on what the problem seems to be in regards to the
> version of Cygwin. My question is regards to a immediate work-around
> this permissions issue with inetd/xinetd ?
>
> Thanks everyone for taking the time in looking into this issue.
>
> Steve
>
> Fwd: Re: NTsec permissions issue over inet]
> From: Larry Hall <cygwin-lh at cygwin dot com>
> To: Cygwin <cygwin at cygwin dot com>
> Date: Mon, 02 Jun 2003 23:33:51 -0400
> Subject: [Fwd: Re: NTsec permissions issue over inet]
> Reply-to: cygwin at cygwin dot com
>
> ----------------------------------------------------------------------------
>
> -------- Original Message --------
>
> Bruce Dobrin wrote:
> > YIKES!!!!! There it is, and right there in the users guide no less....
> > not only that, but in a section I've actually read a number of
> > times!!!!!..... Well, that does explain almost everything that is going on
> > ( though, it seems to have gotten even tighter since the 1.3.12 release
> > that allows me to access net drives if I specify a passwd during rlogin( as
> > mentioned below)). The perl script is actually running as a service; as a
> > user with net access rights.
> > I hate to ask this without looking at the inetd/xinetd code first: But is
> > there any chance that context switching will be "fixed" to allow net access
> > too someday?
>
> Not without some mechanism to provide the password to Windows, no.  If
> someone would like to take this statement as a challenge and provide an
> alternate solution, please do. :-)
>
> -----Original Message-----
> From: Igor Pechtchanski [mailto:pechtcha AT cs DOT nyu DOT edu]
> Sent: Tuesday, June 03, 2003 8:35 AM
> To: Banville, Stephen
> Cc: cygwin AT cygwin DOT com
> Subject: Re: NTsec permissions issue over inet
>
> On Tue, 3 Jun 2003, Banville, Stephen wrote:
>
> > Bruce,
> >         This is starting to become clear o what is actually going on.
> > How do you currently get around this issue ?
> >
> > Steve
>
> Steve,
>
> Please either quote the message you're replying to, or make sure your
> mailer contains threading information (the In-Reply-To and/or References
> headers).  Personally, I have no idea which message you replied to.
>         Igor

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/