X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=Dg4
	R7YzS40IKpShD5Xrlrax+VV7ECrK+Ub9zmXAiblOUR+BMLzj7lCsKvHvQPCli0YV
	IhWUgjExeHE337hC04xPeFNo6W5j0vSwpvgdyrMlbfPlshXEg3elKiEx9sDkoMVp
	PCqSRQnp+x4FiLudeTKU0DsqRJTc1sXRGC+kSavw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; s=default; bh=jHv2vGb9T
	B+7JG9CILsEwZeYCpg=; b=MRF5jmGzQHhKwLH4O6s+BkSd250H5OY3+Eckvmmdm
	/JvDo2CJjWZWYxYEbJUI6ZLQRRJZvKWXurkKQZ4uKGC85SBQiDo/Qkp3FggSCWLg
	yOMUCK35FjJZWG7QJADdax2AW/4i0w9p9oCAJHIfZTDd9NcIknd8NOwM7+L1PdQg
	U0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.7 required=5.0 tests=AWL,BAYES_05,RCVD_IN_DNSWL_NONE,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO: plane.gmane.org
To: cygwin AT cygwin DOT com
From: Achim Gratz <Stromeko AT NexGo DOT DE>
Subject: LDAP integration and sshd
Date: Wed, 25 Jun 2014 12:34:14 +0000 (UTC)
Lines: 22
Message-ID: <loom.20140625T141552-513@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes

I've just managed to set up a working sshd on a Cygwin snapshot with LDAP
integration.  The setup scripts required quite a few modifications to deal
properly with the way local accounts and groups are now named.  I've had to
reinstate files for passwd to record an "sshd" there as otherwise the
service wouldn't start ("Privilege separation user sshd does not exist").

The remaining problem is that all users that will log in have their home
drives mounted from network shares.  I was hoping to use /etc/fstab.d/user
files to mount these only when necessary, but apparently they are not yet
available when sshd tries to check the pubkey credentials and thus falls
back to password login (which I'd like to switch off completely).  What's
the best option here?  Kerberos Authentication looks appealing, but doesn't
seem to work with LDAP.  Putting the public keys elsewhere would also work,
but it isn't clear to me how to configure that.

I've currently made a copy of the .ssh directory under /home/user that later
gets shadowed by the mount point.  While that works to get pubkey logins
working, it is not very appealing as it requires a delicate dance with the
mounts done by the user at the first login.  Any better ideas?

Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple