X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0 	tests=BAYES_00,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Andrew DeFaria <Andrew AT DeFaria DOT com>
Subject: Re: ssh problem using publickey in domain environment
Date: Wed, 24 Feb 2010 08:56:44 -0800
Lines: 42
Message-ID: <hm3loc$t1f$1@dough.gmane.org>
References: <096385baeda76b4b83f591937a5e50b1f5f81434 AT localhost>  <4B8411E4 DOT 6040400 AT cygwin DOT com>  <20100224101355 DOT GA29779 AT calimero DOT vinschen DOT de>  <hm3hgp$b0v$1 AT dough DOT gmane DOT org> <20100224164815 DOT GD5683 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0pre Shredder/3.0.3pre
In-Reply-To: <20100224164815.GD5683@calimero.vinschen.de>
X-Stationery: 0.5.1
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


On 02/24/2010 08:48 AM, Corinna Vinschen wrote:
> On Feb 24 07:44, Andrew DeFaria wrote:
>    
>> On 02/24/2010 02:13 AM, Corinna Vinschen wrote:
>>      
>>> On Feb 23 12:35, Larry Hall (Cygwin) wrote:
>>>        
>>>> On 02/23/2010 12:01 PM, Jukka Inkeri wrote:
>>>>          
>>>>> If your server is member of domain, howto make users, sshd, (which
>>>>> order) ... without setuid problem when using publickey auth ? cyg_server
>>>>> and sshd - domain user or local or both, ???
>>>>>            
>>>> In order for the SSH server to switch user context to a domain user,
>>>> the service's user (cyg_server) must be a domain user with the rights
>>>> outlined in 'ssh-host-config'. I'm not sure if it's a requirement that
>>>> the 'sshd' user also be a domain user. I've never played with that.
>>>>          
>>> I added a FAQ entry lately:
>>>
>>> http://cygwin.com/faq/faq-nochunks.html#faq.using.sshd-in-domain
>>>        
>> You might want to change that to:
>>
>> $ mkpasswd -l -d your_domain>>   /etc/passwd
>> $ mkgroup -l -d your_domain>>   /etc/group
>>
>> so as not to destroy whatever the user had in /etc/{passwd,group}.
>>      
> IMHO that's not a good idea.  The passwd and group files should be
> regenerated at this point to get a stable, well-defined state, and then
> you can re-add any local changes at your heart's content.  YMMV, of
> course.
>    
I mistyped. If all that was really required was getting cyg_server in 
there then perhaps -u cyg_server should have been used. In any event I 
think you should point out that this will replace the current 
/etc/{passwd,group}
-- 
Andrew DeFaria <http://defaria.com>
What was the best thing before sliced bread?


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple