X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.3 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com MIME-Version: 1.0 Subject: Cygwin/OpenSSH authentication without applying group policies... X-KeepSent: EB933357:245BF60B-C1257656:002475C7; type=4; name=$KeepSent Message-ID: <412_1256107169_4ADEACA1_412_53_1_OFEB933357.245BF60B-ONC1257656.002475C7-C1257656.00249143@nbg.sdv.spb.de> From: Carsten DOT Porzler AT spb DOT de Date: Wed, 21 Oct 2009 08:39:40 +0200 X-SafeGuard_MailGateway: Version: 5.60.3.9732 SGMG Date: 20091021063929Z Content-Type: text/plain; charset="US-ASCII" X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Dear Cygwin community, we are just having problems with some locations connect over WAN lines with only little bandwith. The logon process against a Win2003 AD domain controller takes much time (>50s). After some analysis we found out that there is much traffic between the SSH server and the domain controller over ip port 1026 (CAP, used for applying/downloading the Win2003 group policies). During a SSH logon it is not necessary to apply all group policies. Instead it would be OK, if the user would just be authenticated and get his group memberships. Is it possible to deactivate applying the group policies during the SSH logon process or to reconfigure the SSH service so that we can use LDAP authentication instead of standard Win2003 authentication. Thanks in advance for some hints and best regards Carsten Porzler -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple