X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=jRXDp9l6PefX+0h3
	qhgh/WFOpUYpos9+CBBlBg6kgR1h+nKR6DYAcU10YqxQQOMgmJqTmJcjlUnrdPhP
	i455cHJHHrFNGJU2HrSQGh6uK0WW/KqdTGh5FPzbBrntZcmhCmOA8lwS6gQjGMn/
	WpVBcsU10O3nVZ8Ey7JD2X22oZU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=T1FTums3c7Mclyt4UvCW1V
	C5djc=; b=C0wM/9d6CRhxvpMGzKrC5Jq8IODigYsPhPd0oCQh5vexxVcmJrD9Yl
	zsiTgWCmKQyoVBAwLJmK8wXKDV02cEgXojiR2VzfbfqJynivINGF19I9CkJplTNv
	Lo1RkGArBSMbTHqeDHkR1yECrxgmHi++kj5tgqXIOfElmSOujgHXo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-6.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=
X-HELO: smtp-out-so.shaw.ca
Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject: Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations
To: cygwin AT cygwin DOT com
References: <CANV9t=SKR5bnKmKeQHsjK5y956h1gT6sUQ6TiQeXxto1+h63iw AT mail DOT gmail DOT com>
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp: preference=signencrypt
Message-ID: <31d69fd2-4906-4e32-29ca-d5bedb31088d@SystematicSw.ab.ca>
Date: Thu, 28 Mar 2019 17:18:48 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CANV9t=SKR5bnKmKeQHsjK5y956h1gT6sUQ6TiQeXxto1+h63iw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2019-03-28 15:36, Bill Stewart wrote:
> I am trying to understand the limitations when running sshd using the
> SYSTEM account.
> Is the following complete and correct?
> ==========
> OS_version*  OS_bitness  sshd_bitness  Notes
> --------------------------------------------------
> < 6.3        64-bit      32-bit        Note 1
> < 6.3        64-bit      64-bit        Note 2
> < 6.3        32-bit      32-bit        Note 2
>> = 6.3       64-bit      64-bit        No problems
>> = 6.3       64-bit      32-bit        No problems
>> = 6.3       32-bit      32-bit        No problems
> * "< 6.3" = "older than Windows 8.1/Server 2012 R2"; ">= 6.3" = "at least
> Windows 8.1/Server 2012 R2"
> Note 1: sshd cannot authenticate local accounts, but it can authenticate
> domain accounts.
> Note 2: sshd can't authenticate local accounts after a reboot unless
> another logon happens first.
> Unfortunate implication of Note 1: 32-bit version of sshd running as SYSTEM
> account on OS < 6.3 on non-domain member computer cannot authenticate any
> accounts.

cygstart /usr/share/doc/Cygwin/html/ntsec.html

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple