This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin/OpenSSH authentication without applying group policies...


On Oct 27 10:11, Carsten.Porzler@spb.de wrote:
> > > LogonUser() really the right one, we use for the login procedure?
> > 
> > When using password authentication or pubkey with saved password, yes.
> > It's the one supported Win32 call to create a user token from user name
> > and password.  In contrast to a network share access, we need to create
> > an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.
> > 
> But what's about the public key authentication without(!) a password? We 
> recognized, that there ist exactly the same amount of network traffic over 
> the ip-port 26

I guess you mean port 1026.  But, anyway, I'm glad to read that.  It
means that Cygwin does not create more traffic than the OS itself, when
it has to collect the information necessary to create a user token.

Apart from a lot of other, minor stuff, a user token consists of a list
of group SIDs and a list of user privileges.  Without this information
the token is useless.  Cygwin calls the appropriate functions to collect
this information (NetUserGetGroups, NetUserGetLocalGroups,
LsaEnumerateAccountRights).  The traffic created by these functions is
not under Cygwin's control.

> which means there is something going on with the group 
> policies, too. Although publickey authentication without a password is not 
> a real network logon.

It has to create a user token.  The job is practically the same as
what LogonUser has to do under the hood.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]