Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: Cygwin List Message-Id: <5.1.0.14.0.20030917151801.02883678@127.0.0.1> X-Sender: Date: Wed, 17 Sep 2003 15:33:54 -0400 To: Olivier ALLART , Cygwin List From: Larry Hall Subject: Re: SSHD, Cygwin and Windows 2003 : continued with user rights In-Reply-To: <3F68AE54.3060006@speeq.com> References: <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030917142253 DOT 02624cb8 AT 127 DOT 0 DOT 0 DOT 1> <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030917142253 DOT 02624cb8 AT 127 DOT 0 DOT 0 DOT 1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Hm, I thought I was clear. Let me try again addressing iisreset specifically. iisreset doesn't work in the scenario you described because it's a Microsoft tool which knows nothing of the Cygwin environment. Cygwin's ssh using pubkey authentication doesn't authenticate the user with Windows. So if you need certain credentials to perform some operation in Windows, pubkey authentication won't provide them. If you need to run iisreset through ssh, you will need to use password authentication, which takes the password for the user 'administrator' and authenticates for Windows with it. You should then be able to use iisreset (if authentication is really the only thing getting in the way with pubkey). I don't know what are the "*some commands*" you're speaking of, but if they are Cygwin utilities, then I think the answer is obvious. If they are not Cygwin utilities, then I would have to say that they don't require special privileges to run. This is actually true for most utilities. But if this is still confusing for you, you'll have to provide specifics. However, I think you'll find that it's likely that anything that works for you in ssh using pubkey authentication falls into one of the two groups of utilities I mentioned. HTH, Larry At 02:56 PM 9/17/2003, Olivier ALLART you wrote: >Thank you for the details, but then, why *some commands* work and not others ? >And more specifically, how can I make *this command* work ? > > >Larry Hall wrote: > >>I think you missed the fact that pubkey authentication does impersonation, >>not Windows-style authentication. So Windows apps won't recognize the pubkey >>authentication as providing permissions to run restricted programs. You'll >>have to use password authentication if you want Windows to recognize the >>user you've become via ssh. You can find all sorts of discussion on the difference between pubkey and password authentication for ssh in the email archives if you're interested. >> >At 12:40 PM 9/17/2003, Olivier ALLART you wrote: > >>Following Mark J de Jong 's step by step howto (see end of mail for some add-ons), I can now effectively log in with pkey method (that is, no password) using the 'administrator' user name. >>'whoami' returns 'administrator', however asking for a command such as IISRESET returns the error 'you are not a local administrator of this machine...', which means the rights management has failed somewhere. >> > > > > >> >> >>-- >>Larry Hall http://www.rfk.com >>RFK Partners, Inc. (508) 893-9779 - RFK Office >>838 Washington Street (508) 893-9889 - FAX >>Holliston, MA 01746 >> >> >>. >> >> > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/