X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org MIME-Version: 1.0 Date: Fri, 25 May 2012 10:15:54 +1000 Message-ID: Subject: Seteuid "operation not permitted" error when using LSA for sshd From: Mark Pattie To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=ISO-8859-1 Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Hi all, I have installed Cygwin and am running sshd successfully. The permission required for the sshd service account "create a token object" is not permitted to be granted to any accounts in my organization. As such I have decided to use LSA based on Method 2 on the following page: http://cygwin.com/cygwin-ug-net/ntsec.html. I had succesfully tested ssh authentication with a public/private certificate pair prior to running /usr/bin/cyglsa-config to install LSA. I ran the script, removed the "create a token object" permission and rebooted the server. Now I cannot authenticate using the public/private keys. I receive the following error in the Windows event log: sshd: PID 2780: fatal: seteuid 1003: Operation not permitted When I add the permission back to the service account and restart sshd the public/private key authentication works again Any help would be great Thanks, Mark -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple