X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=w5LhcZXW81r8Cays 1vW46BASoESoe98ZO3jxIqQM5EUvu8UXUwuxf7BLTWK4aDGOt9tjxErq3GNbkF4+ ibzLKmo2dsMhu7yEX9hoWJtTJbDzYOGaY4POCfqDUo/v61ptUmD9efJU22on/HX0 aBfmaT3SjXPXV1lUMB0rGl7jaEI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=LaEkbNp1Jwvoy8pHkefWLM ecfX0=; b=OWpfJqOW5r9TyqZBqDZiuQ0zu1TXgDeoQgiGj3tkUEQyL2msAaM/sE RqikjqDN9JBNOtCWUKzgoTcYp2Imvvkd25Zy9azfYocCqw29Um2CDp5eFnHvhPDD gdXeYA62OzgnX3MexqLXBamqkvz5CbuOYWBg35NI+Ue+6oIcAz6ds= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.3 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtpback.ht-systems.ru Date: Mon, 14 Apr 2014 12:57:46 +0400 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <1457066472.20140414125746@yandex.ru> To: Corinna Vinschen Subject: Re: Still testing needed: New passwd/group AD/SAM integration In-Reply-To: <20140414080807.GI3271@calimero.vinschen.de> References: <20140410145323 DOT GB2437 AT calimero DOT vinschen DOT de> <5346B667 DOT 3040704 AT breisch DOT org> <20140410152809 DOT GD2437 AT calimero DOT vinschen DOT de> <5346E55D DOT 6020405 AT etr-usa DOT com> <20140410190424 DOT GK2437 AT calimero DOT vinschen DOT de> <5346FCF9 DOT 5000908 AT redhat DOT com> <20140411121948 DOT GC23281 AT calimero DOT vinschen DOT de> <818978797 DOT 20140413143439 AT yandex DOT ru> <20140414080807 DOT GI3271 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Corinna Vinschen! >> > What bugs me a bit is what this means for applications which expect >> > fixed usernames. Sshd, for instance, expects the fixed username >> > "sshd" right now when using privilege separation. I discussed this >> > with the OpenSSH devs, and they understand the problem, but they think >> > this should be handled by a Cygwin-specific function. So there's some >> > extra work in it for me to get OpenSSH up to speed with this change, >> > but I fear I'm not the only one. The more configurable stuff like this >> > is, the more complicated it gets maintaining some packages. >> >> I really don't see a problem. Is this implementation-dependent issue? >> 99% you are operating within "current domain" and do not need to specify >> domain prefix at all. > Uh, but you're missing the situation where the machine is a domain > machine but the privilege separation account "sshd" is created in > the local SAM. That's what the ssh-host-config script might do. > Sshd will have to use MACHINEsshd as username for privsep > in this case. Never been in such situation, thanks for clarification. -- WBR, Andrey Repin (anrdaemon AT yandex DOT ru) 14.04.2014, <12:57> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple