This is the mail archive of the
mailing list for the Cygwin project.
Re: Cygwin ssh and Windows authentication
- From: Jarek <yaro_29 at hotmail dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 21 Jul 2015 16:30:26 +0200
- Subject: Re: Cygwin ssh and Windows authentication
- Authentication-results: sourceware.org; auth=none
- References: <BLU436-SMTP39AE7DD48809E802CE4DAE9E860 at phx dot gbl> <1301881165 dot 20150720013859 at yandex dot ru> <BLU436-SMTP217DCBDBFA0EED5BC1ACFFB9E850 at phx dot gbl> <1399485278 dot 20150721032532 at yandex dot ru>
On 2015-07-21 02:25, Andrey Repin wrote:
OK so it addresses DCs to check some settings or priviliges. I don't
suppose it just asks 'hey DS, can contoso\johnd access sshd on server1?'
to which the DC is like 'dude, what the heck is sshd?' :) I now have the
cygwin service running in domain context so now I would somehow need to
let the DC know whe is allowed to ssh to my server1. My domain account,
although in local admins on the server is now failing authentication
when trying to ssh. Which gets us back to the question what do I need
for a DC to authenticate me?
So why are they not needed as your comment doesn't really explain that
Read 1.7.35 changelog.
In short, username resolution was completely reworked, thanks to Corinna, and
Cygwin now directly address domain controllers for it.
and how exactly did I screwed up my setup if I can actually access the
server with a domain user account no problem?
On that, I'm surprized.
Maybe a bug then?
Yeah, sorry for my bad formatting. Working on that. Hope I'm not
Perhaps it's not how it works but it somehow works so again would be good to
know why. It's only domain groups that don't work. Even if I set the service
account to run under a domain account how would this fix my problem with
group access assuming in current setup it works for domain users but not for
Again if not the /etc/passwd or /etc/group files then what controls the
/etc/passwd/group has nothing to do with "access control".
The files were only used to convert Windows to Cygwin names (and supply other
Cygwin-specific information), on the presumption that there will never be too
much of it. This is now done on the fly, allowing to deploy Cygwin in large
I would appreciate, if you don't top-post.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple