Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <41E443C6.2040307@t-online.de> Date: Tue, 11 Jan 2005 22:23:18 +0100 From: "Harald Dunkel" User-Agent: Mozilla Thunderbird 0.9 (X11/20041130) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: cannot access $HOME (on Samba) via ssh References: <41E42508 DOT 3020400 AT t-online DOT de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ID: bdhU2uZGoeugn1xfeYR6pAY5vPQwgmabope0JXWVaJdbvejnRy5Wwf X-TOI-MSGID: e6e36aee-ac4f-4009-a525-7aeae44f60b6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Igor Pechtchanski wrote: | | I believe you missed the fact that the above link talks about | *passwordless* authentication. The authentication token constructed by | sshd won't contain the password, and therefore cannot be used to access | network shares that require authentication. This is a Windows limitation, | and Cygwin can't do anything about it. | Sorry, but I guess you missed the fact that I did not mention _passwordless_ authentication with any word. sshd _did_ ask me for a password. Nevertheless, after entering the password my usual home dir //bierfass/dunkel was not available. If Windows needs another password to access the network share, too: Fine. I wouldn't like to enter the same password twice, but it is still better than having no access to my data. The link you had sent says Since Cygwin release 1.3.3, applications having the Create a process level token user right can switch user context without giving a password by just calling the usual setuid, seteuid, setgid and setegid functions. This is typically only given to the SYSTEM user. However, this now allows to switch the user context using e. g. rhosts authentication or (when running sshd under SYSTEM account as service) public key authentication. An important restriction of this method is that a process started under SYSTEM account can't access network shares which require authentication. This also applies to the subprocesses which switched the user context without a password. People using network home drives are typically not able to access it when trying to login using ssh or rsh without password. If this method was introduced with Cygwin 1.3.3, how did ssh and rsh work before this release? Regards Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5EPGUTlbRTxpHjcRArunAKCGHRp69gre53o8C51ZNXFHwPyUHwCcC4nr gOK4zzyhWmpuaR2AZFS+u0A= =wikV -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/