X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=sD/paV/oGL2V6X9grdoiSN+xKqAqPNJs9Cg2KnliRNWM14F5UEvRB
	EaiQOtmVL95l88Em4kWkaCTzTrLSDCmlh8j2IkxTrN7IieErz8OccchaPVrDS7nE
	9sGYMqOaBbIQXQ/NizZrwPoM/L4qOlVwqkH2dpwBW1pIuS/tX/vj+4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=kSdFWVEOo+JJbIsZruj+9ceakuY=; b=WUfEKXxLlqzyh/A5BFl5buS/dmvI
	F4ITefUhXK1mgNdKSK/wpIslCMpF1kP+oiAIH8OqRAxuVhNHCDZYeC6JyE5Jhj9x
	aeDBDMymrX3A4F2tpxYH7h88XB5Xx77J3vQcc4SKocOijUGvlY7V2s0vPR4LGUwD
	/wAmEFWktv5zZ+g=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-106.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=HX-Languages-Length:1415, AFAIK, afaik, H*F:D*cygwin.com
X-HELO: mout.kundenserver.de
Date: Fri, 29 Mar 2019 10:59:37 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations
Message-ID: <20190329095937.GD4096@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CANV9t=SKR5bnKmKeQHsjK5y956h1gT6sUQ6TiQeXxto1+h63iw AT mail DOT gmail DOT com> <31d69fd2-4906-4e32-29ca-d5bedb31088d AT SystematicSw DOT ab DOT ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="7d9k4kQHj3EPdFyS"
Content-Disposition: inline
In-Reply-To: <31d69fd2-4906-4e32-29ca-d5bedb31088d@SystematicSw.ab.ca>
User-Agent: Mutt/1.11.3 (2019-02-01)

--7d9k4kQHj3EPdFyS
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 28 17:18, Brian Inglis wrote:
> On 2019-03-28 15:36, Bill Stewart wrote:
> > I am trying to understand the limitations when running sshd using the
> > SYSTEM account.
> > Is the following complete and correct?
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > OS_version*  OS_bitness  sshd_bitness  Notes
> > --------------------------------------------------
> > < 6.3        64-bit      32-bit        Note 1
> > < 6.3        64-bit      64-bit        Note 2
> > < 6.3        32-bit      32-bit        Note 2
> >> =3D 6.3       64-bit      64-bit        No problems
> >> =3D 6.3       64-bit      32-bit        No problems
> >> =3D 6.3       32-bit      32-bit        No problems
> > * "< 6.3" =3D "older than Windows 8.1/Server 2012 R2"; ">=3D 6.3" =3D "=
at least
> > Windows 8.1/Server 2012 R2"
> > Note 1: sshd cannot authenticate local accounts, but it can authenticate
> > domain accounts.
> > Note 2: sshd can't authenticate local accounts after a reboot unless
> > another logon happens first.
> > Unfortunate implication of Note 1: 32-bit version of sshd running as SY=
STEM
> > account on OS < 6.3 on non-domain member computer cannot authenticate a=
ny
> > accounts.
>=20
> cygstart /usr/share/doc/Cygwin/html/ntsec.html

Or https://cygwin.com/cygwin-ug-net/ntsec.html

AFAIK, the only problem left are OS versions 6.0 (Vista/2008)
and 6.1 (7/2008R2), and only 32 bit Cygwin running under WOW64,
*not* 32 bit Cygwin running on a 32 bit Windows.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--7d9k4kQHj3EPdFyS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyd7IgACgkQ9TYGna5E
T6DOMg//WV+QEm6FrTydYqoNxXeTRL0MnLJPvOm22dk/kL27F5gbFG5g5Ee22e/0
w5Jy/DCfFycWX+ZNHS+BbVbj5r2emoIizvmxO/Aa9nt/mjzOEf8l59+eB8p3xa7m
llfFjSs8Vcok+XmcF2MZQesBeMJJZ70B0suH1cKuxN+7umyh8NA9Lo0JeWPQkmGH
/3FYAUBAC+UZsJ8Ru0BDZxi+Wb9MPqIENjncY4ltz7KQaudWcW7KbGz4ZuIvdH6y
w1pvffXtr3LMIrXjiaN4fdILvDqIuZ1lkhDoq23pHbcYirD0hZRZLNsaGj4TxIJR
lcIxZM3fqkdbYx5pVsy00B38IiuRft7nuQm/JkJMR5W7gVW8yfkBGxX86ydVq/Bn
uouJuqdedZWas03xiIjY/ihp8m+0VR00spTkUYikNwUxI+zzSmodbDUykThgWZeF
sYAyhRaREwHc4GrgTlL82e2XxdvQvDNKQG0uiZxAUoN0O9cCdul+PEg02sXwJ+KQ
BBVpRa/KbqR+97V9lpG2iDotgDBrcRpnydR/M2UEVkJe0NWIOOubGXvu6CuWSorf
VKg/b/CgpI47cG7iSXFugTgra2UKWmgAzz7wdUgTDNrrwPUmxY7rj3Ohdfd8F6hu
jlFokzHVJ2XhqMg0M6cuDyVVLib+P7HSGWauC2dzA/AeFJLi7Bc=
=CfsX
-----END PGP SIGNATURE-----

--7d9k4kQHj3EPdFyS--