X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <47129F6B.7020305@cygwin.com>
Date: Sun, 14 Oct 2007 18:59:55 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070505 Remi/2.0.0.0-3.fc4.remi Thunderbird/2.0.0.0 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: session user ID error when ssh in terms of public-key exchange
References: <4711aed5 DOT 1498600a DOT 3683 DOT ffffe154 AT mx DOT google DOT com>
In-Reply-To: <4711aed5.1498600a.3683.ffffe154@mx.google.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Chen Yue wrote:
> Greetings
> 
> I am a new bee in cygwin. Now I am about to setup an sshd environment on a
> windows2003 server in a project. But there is a weird phenomenon blocking my
> task.
> 
> I setup a local account named sshd_server in administrators group, grant
> “Create a token object”, “Log on as a service” and “replace a process level
> token” to sshd_server in Local Security Settings. The service sshd is
> started by ID of sshd_server.
> Two users: userA and userB are domain users who are supposed to be able to
> log on the server in terms of ssh. I have set up their profiles in
> /etc/passwd and /etc/group. In the purpose of convenience, they copy their
> public-key to their home dir so that they need not to input passwd when
> logon.
> 
> All above work OK for me.
> 
> My issue is when the two users log on in term of inputting passwd, they can
> create files in a shared dir and the file owner is correct. ‘net session’
> command shows the correct user ID of the session. However, when they log on
> in terms of public-key exchanging, the files they created in shared dir are
> owned by “sshd_server”!!  (The files created locally are correct though).
> And the “net session” command shows it is sshd_server but not userA or userB
> that have logged on the server.
> 
> I am so puzzled what’s the difference between the two ways to log on. Did
> anyone encounter this ever before?


This is a known issue that has been talked about at great length in the
email archives.  It is a limitation of Windows and won't be remedied in
the Cygwin 1.5.x series.  The difference is that when you log in with your
password, you are authenticated through Windows.  So Windows knows who you
are.  With pubkey authentication, you're not.  So Windows thinks you're
the user that runs the 'sshd' service.


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/