X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 5 Nov 2007 11:32:31 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: ssh/pubkey authentication and use of subst
Message-ID: <20071105103231.GJ31224@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <lq1wbc6fw1 DOT fsf AT kalahari DOT s2 DOT org> <20071030113403 DOT GM20400 AT calimero DOT vinschen DOT de> <13582151 DOT post AT talk DOT nabble DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <13582151.post@talk.nabble.com>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Nov  4 23:12, Greg M wrote:
> I'm running into this, too - albeit with a System error 59. I need to
> "interact with the desktop" too, which won't happen unless I run the sshd as
> System (although I couldn't find anything documenting this limitation beyond
> the cygrunsrv error message).

It's a windows restriction.  In Vista, you can forget the "interact with
desktop" mechanism entirely.  It has been dropped for security reasons.
You need to workaround it in your application.

>  Seems I can have any two of authorized_keys,
> desktop interaction and network file-systems, but unfortunately I need all
> three. :(

If you want your application to run with desktop interaction under Vista
as well, you will have to find another solution anyway.  There's nothing
Cygwin can do for you in this matter.

> So I'm wondering if this is just an accepted problem or something that could
> potentially be worked around in Cygwin. Or am I better off building a local
> workaround? (triggering commands via a polled database instead of ssh) It

In Cygwin's CVS is a new mechanism for getting passwordless logins(*),
but I don't know how far that helps for the network shares.  It certainly
doesn't help for desktop interaction.

What you could do is to run sshd under the user's account, so you get
pubkey auth + network share access.  For the desktop interaction you
should definitely think about another approach.  This has been discussed
a lot in relation to Vista, for instance on newsgroups and forums
related to Windows development.  The suggested approach is to start
a GUI process in the desktop session of the user and to use IPC to
communicate between the service and the GUI app.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/