Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Fri, 4 Jul 2003 10:09:16 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: pmarek AT users DOT sourceforge DOT net
cc: cygwin AT cygwin DOT com
Subject: Re: Difference between login and runas?
In-Reply-To: <200307040852.27317.pmarek@users.sourceforge.net>
Message-ID: <Pine.GSO.4.44.0307041005250.17919-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 4 Jul 2003 pmarek AT users DOT sourceforge DOT net wrote:

> Hello everybody,
>
> I'm using cygwin 1.3.22 and need some help.
>
> I'm trying to change the user (coming from the localsystem account) and tried
> several ways.
>
> - the "runas" utility (windows xp) does prompt me for a password. redirection
> via eg. "echo password| runas /user:guest cmd.exe" shows that runas gets the
> password, but tells always that it is wrong. (yes I know, that echo sends the
> spaces between the last character and | - that's why I have none). I even
> tried using a 'perl -e "print 'password'" | runas ...' - but that didn't work
> either.
>
> - su (cygwin version) doesn't work - has not been rewritten for windows
> authentication.
>
> - su (utility from microsoft, IIRC resourcekit or similar) works, but needs
> the password.
>
> - login works beautifully, I do not even need the password. But: there seems
> to be a difference between login and su(ms-version) or runas.
> Trying to run the microsoft office setup program shows problems with login,
> which are not there with runas or su.
>
> I checked that
> - the correct registry hive was available as HKEY_CURRENT_USER,
> - the user and group memberships were correctly set,
> - I even purged the environment and "imported" (via a set > file.bat,
> text-editing, and "call"ing this file.bat) an "original" from this user.
>
> But there is still some difference, which I don't find.
>
> Can somebody help me please?? Any ideas welcome.

IIRC, there is a difference between the token created by passwordless
authentication, and the one created when a password is supplied.  The
passwordless token is not "fully trusted" by some other Windows services,
especially remote network shares.

If you really want to dig deep, Corinna Vinschen and Pierre Humblet have
both mentioned the existence of a program that prints full authentication
tokens, so that you can compare them.  Perhaps they could send you a
pointer (or the source).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/