X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=R5IIAU6oH0XfxH2HYq660hGCO5s5pZC2kvPjI3H7e8p/uYuiUl2e+
	TwKKBt50to9FBXwhQt9PWdqsjl6c7hz1I2MiZNvPohPi+c9jPsI+1KMiYkYot2ZY
	ToRyWzduapEGqotY/rgUGm803e3IuYq/qcv30luXsgFRMxSgtxGEaU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	 bh=GAOi/FItcgW5JlY94Y0iG6GdMjo=; b=mNxCnrvPJb9x7+qIuhurz4L1/fnx
	I82kw7GgTzjfdIqCIbe1eju2xJO3sLt5EUhIgcjP00NT0QhroTftIwK4tj6VoqOK
	vqJfE3T6gnJmFSNimF71zFq4GBzQseEJ3IGatSUs38RQ/p/3L7rYAezw+8AV2WEn
	cLXRY0TTELMgJ44=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO: plane.gmane.org
To: cygwin AT cygwin DOT com
From: Achim Gratz <Stromeko AT NexGo DOT DE>
Subject: Re: LDAP integration and sshd
Date: Thu, 26 Jun 2014 09:37:23 +0000 (UTC)
Lines: 15
Message-ID: <loom.20140626T112515-399@post.gmane.org>
References: <loom DOT 20140625T141552-513 AT post DOT gmane DOT org> <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <loom DOT 20140626T093103-970 AT post DOT gmane DOT org> <20140626083253 DOT GA25654 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> In theory, no.  AllowGroups is admin-settable in the config file while
> the "sshd" user request is built into the code.  Just use the names as
> you get them:
> 
>   AllowGroups bla MACHINE+blub DOMAIN+blubber ...

Hmm.  Doesn't appear to be working in any combination I tried, I'm always
getting an "invalid user" when I'm trying to do that.  Is it possible that
the AD lookup doesn't work when using privilege separation?


Regards,
Achim.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple