This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.5.21: Win 2003 R2 domain user ssh shows whoami sshd_server (password auth)


////
Yes, you are right: adding the users to the member list of the group in /etc/group fixes the problem.//
//Thank you for the patch - I will try it out when it becomes available (I'm assuming will be the next snapshot after //*2006-08-30)*
//
Serban
//
//
/From/: Corinna Vinschen <corinna-cygwin at cygwin dot com>//
///To/: cygwin at cygwin dot com/
Date/: Thu, 31 Aug 2006 18:13:55 +0200/
Subject/: Re: 1.5.21: Win 2003 R2 domain user ssh shows whoami sshd_server (password auth)/
References/: <44F5FD93.1020503@asperasoft.com <http://cygwin.com/ml/cygwin/2006-08/msg01056.html>>/
Reply-to/: cygwin at cygwin dot com


On Aug 30 14:05, Serban Simu wrote:
So my questions would be:

(1) I did find a work around, but what is the explanation of this problem and what is a good, solid work around?

After some debugging I found that the explanation is that sshd drops
all supplementary groups from the otherwise privileged user token. This results in a minimized user token when calling initgroups, which
in turn calls NetUserGetGroups, which in turn returns "Access denied".
The solution is to drop back to the original process token before
calling NetUserGetGroups from initgroups. I've checked in a patch
which should be available in the next developers snapshot from
http://cygwin.com/snapshots/


A solid workaround if you're trying to get the same with the current
Cygwin:  Add all users which want to log in this way to the gr_mem
field of the approrpiate groups in /etc/group.  In your example case,
it would look like this:

Test Users:S-1-5-21-4293257363-1756470469-1603820055-1123:11123:test1


Corinna


--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]