Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Thu, 16 Sep 2004 23:02:47 +0400 From: Konstantin Andreev Organization: TOR Company Message-ID: <168201745184.20040916230247@tortrade.ru> To: cygwin AT cygwin DOT com Subject: OpenSSH public key authentication: suspicios in domain environment. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Suppose, I have Windows XP workstation (TEX), member of domain DOM (Microsoft Windows Networking), and Cygwin/SSH daemon are running on this workstation (TEX). Suppose, on TEX, I set up record in /etc/passwd for domain user DOMUSR. If I logon on TEX as DOMUSR with password authentication, this logon is indistinguishable from regular local logon to TEX: - record in Security Log appeares - command shell is assigned with identical Access Token, and privileges. - command shell is running under DOMUSR account. But, if I try to logon on TEX as DOMUSR with public key authentication, logon succeeds, but strange things appears: - *NO* record appears in Security Log about logon event. - command shell has strange Access Token, in particular, it does not contain these SIDS: - Logon SID (S-1-5-5-0-...) - S-1-5-4 NT AUTHORITY\INTERACTIVE - S-1-2-0 \LOCAL - command shell holds all privileges enabled (like SYSTEM process), whereas some of the privileges should be disabled. - some utilities consider command shell process as running under "NT AUTHORITY\SYSTEM" account, in particular, "whoami.exe" from "Windows Server 2003 Resource Kit Tools". Could anybody comment this ? -- - TOR Trade Company, IT Department, Konstantin Andreev. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/