X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9F5F63858400 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=pdinc.us Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=pdinc.us DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.pdinc.us 1AAIPeUO011719 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default; t=1636568741; bh=gGIwTT3ueJvG9eFF83DEWx1+cP1EULqSW/20yewBwL0=; h=From:To:References:In-Reply-To:Subject:Date:From; b=p5jtBOlDNa3QuT1E7okuKY04ySy1sc3knh39Kf6TG7o2IGzAYQYmdVYaZSK++2ZHj fn4EtzvNJxnseSzKFFZe0UmR9IeQrsS5qSQN7/NkuFjcRw3lB+sb+vAHVvN2ecKO1T WV4PbJswuDeZgPcOvm55vfQOLKyVHCRQ49FieGKwIWCB/KxK3bmjHfhcpZ6/ZvoSSA d/7lvX7vwz3wmKBAKRTKAj46R6gWJ9Bfb4Da2oM1X/VkyLPQxlca7krU52QGOyefQa 6u+omLW2va9w93ZV9TCU1LcPfjMBUGeds2Cr50dR95rlm8XOyV90PP6N768hWchsUw xqmvhTUwgp+cA== From: "Jason Pyeron" To: References: <2dfb0a68-b9e3-f9fb-817b-651fec02adf5 AT onespin DOT com> <97042d57-fa36-da97-9c05-493a2c645991 AT onespin DOT com> In-Reply-To: Subject: RE: [cygwin] Re: Problem with ssh(d) Date: Wed, 10 Nov 2021 13:25:36 -0500 Organization: PD Inc Message-ID: <037a01d7d660$5b9c8db0$12d5a910$@pdinc.us> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGbz+MuxzBhnOpDKxzOIY5pgXX0PwFJPPmWAfCFdlUCyTmqeaxFCGGQ Content-Language: en-us X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" > -----Original Message----- > From: Bill Stewart > Sent: Wednesday, November 10, 2021 10:44 AM > > On Wed, Nov 10, 2021 at 8:28 AM Strasser, Dominik (DI SW ICS ICV) wrote: > > I know that this is the standard installation. But we absolutely need > > passwordless login. So this was the workaround we found. > > The number of groups differs when sshd is run as local system, and when > > authorized_keys exist or not. Groups are OK, when it is run under the one > > user we absolutely need the passwordless login. > > > > Password-less logon is supported when running as local system. I do this > all the time, so there must be something that is not correct about your > configuration. > > Sorry, don't know what that might be. I slightly misread the email. To be clear password less login works - BUT as I said MS design choices result in a different security token being issues without password vs with password. As such your ability to access certain resources are limited. Enumerate the groups you have as PKI authentication then bless those groups to perform the action needed. -Jason -- Jason Pyeron | Architect PD Inc | Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 .mil: jason DOT j DOT pyeron DOT ctr AT mail DOT mil .com: jpyeron AT pdinc DOT us tel : 202-741-9397 -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple