Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Message-ID: <3DF50D30.AE8FA801@ieee.org> Date: Mon, 09 Dec 2002 16:37:52 -0500 From: "Pierre A. Humblet" X-Accept-Language: en,pdf MIME-Version: 1.0 To: Hartmut Honisch CC: cygwin-developers AT cygwin DOT com Subject: Re: Subauthentication References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hartmut Honisch wrote: > I've mainly been testing with ssh and public key authentication. The sshd is > installed as Windows service, running under the LocalSystem account. When I > use an ssh client (and public key authentication) to connect to the sshd as > "MyUser", the session should run in the security context "MyUser". Howerver, > all calls to Windows' GetUserName() or similar functions always return the > LocalSystem account. Correct, Windows has this very annoying feature where you can't find your own name when you are impersonated. However Cygwin goes to great lengths to set USERNAME correctly. > Therefore, I effectively have the permissons of > LocalSystem when accessing secured objects on the target system. This is no > good. Don't worry, the access token only has your groups and privileges. Besides the incorrect name, is there any indication that you have gained any unusual powers? Pierre