Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <403A7E23.A7BAC210@ieee.org>
Date: Mon, 23 Feb 2004 17:26:43 -0500
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Reply-To: Pierre DOT Humblet AT ieee DOT org
MIME-Version: 1.0
To: Richard Duran <rduran AT dallasairmotive DOT com>
CC: cygwin AT cygwin DOT com
Subject: Re: ssh issue
References: <1077564064 DOT 11778 DOT 72 DOT camel AT gv-rduran DOT dalair DOT com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



Richard Duran wrote:
> 
> We are running an "automounter" service as a DomainAdmin (because
> LocalSystem doesn't have access to networked items). When we ssh into
> the box we can see all the network drives under "/cygdrive". However,
> when we set up ssh-passthru to that root AT linuxserver can connect to
> DomainAdminUser AT cygwinserver without need to authenticate. Then upon
> logging in, only the local drives are visible to the user. Removing the
> entry in $HOME/.ssh/authorized_keys fixes the issue, but we need to be
> able to have passthru access. We tried having sshd run as the same
> DomainUser, but then only passthru works. When a password is requested,
> a permission denied error is returned even though the correct password
> is entered.
> 
> Any suggestions?

With respect to your last issue, i.e. sshd runs as the same DomainUser,
there is no passthru, and the correct password is not accepted:
- this problem should not happen on recent versions of Windows (not sure
  exactly since when).
- to fix it on any version of Windows, you can easily patch sshd as below
  (I just tried it) and edit /etc/passwd to replace the entry 
  "unused_by_nt/2000/xp" by the output of the command "crypt your_passwd"   
  your_passwd can be anything, not necessarily your Windows password.

Pierre



/usr/src/openssh-3.7.1p2-2> diff -up auth-passwd.c~ auth-passwd.c
--- auth-passwd.c~      2003-09-18 04:26:48.001000000 -0400
+++ auth-passwd.c       2004-02-23 17:15:48.871792000 -0500
@@ -82,7 +82,7 @@ auth_password(Authctxt *authctxt, const 
        }
 # endif
 # ifdef HAVE_CYGWIN
-       if (is_winnt) {
+       if (is_winnt && pw->pw_uid != geteuid()) {
                HANDLE hToken = cygwin_logon_user(pw, password);
 
                if (hToken == INVALID_HANDLE_VALUE)

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/