This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: ntsec Question

This summary sounds good to me and should go a long way towards
helping Elaine sort out the issues here.  I would like to point 
out as well that it seems the system in question is apparently 
not current in terms of Cygwin software as well (or at least the 
password file is not).  I'd recommend rerunning setup and updating
the system in question.  Before doing so, remove /etc/passwd and 
/etc/group to make sure these files get regenerated and with the 
correct (i.e. current) format.


Original Message:
From: Vince Hoffman
Date: Mon, 16 Dec 2002 16:03:41 -0000
Subject: RE: ntsec Question

I think your confusion here comes from thinking that Cygwin controls the
user login. Windows handles the login process. To change which user is
logged in you will need to either log off windows then log the new user on,
or use ssh 
 Running cygwin.bat does not do anything than start an interactive bash
shell in the logged on users home directory, it does not call login or
perform any checking of the user beyond looking at the output of `id -un`
and changing your working directory to your home directory (well actualy
/etc/profile does that but lets not confuse things ;) 
All security is handled by windows. If you set a mode of say 700 froma
bash/tcsh/ksh prompt, its no different than going into windows security
settings for that file from explorer and telling it to only allow your (or a
selected user) access.

In summary you effectively "log on" to cygwin, when you "log on" to windows.
Loging in by cygwin  ssh/rsh/telnet is equivalent to "logging on" to
windows. starting a shell via cygwin.bat or any variation (shortcut to bash
--login -i, rxvt -e bash --login -i, etc etc) is not "loging in" to cygwin. 

blimey thats the longest email i've written in weeks. :) 

> -----Original Message-----
> From: 
> []
> Sent: 16 December 2002 15:31
> To:
> Subject: ntsec Question
> I have a user who wants to be able to use ssh without 
> inputted a password. I have installed and got this running 
> successfully. However, now there is a problem with security 
> as anybody who logs into his laptop/desktop would be able to 
> login to numerous UNIX servers without inputting a password. 
> I have started to look at ntsec and have configured this to a 
> semi-working state. My question to you is when they login to 
> cygwin I want to be able to get them to input their NT 
> username and password to allow them in. Looking at the 
> shortcut it runs D:\Cygwin\cygwin.bat and lets them straight 
> into the users home directory. When running login it's asks 
> for a username and then lets them in straight away.
> i.e. login: elandrew
> Fanfare!!!
> You are successfully logged in to this server !!!
> elandrew@IM LOAN PC01 ~
> My /etc/passwd is as follows
> elandrew@IM LOAN PC01 ~
> $ cat /etc/passwd
> Administrator::500:513:U-IM LOAN 
> PC01\Administrator,S-1-5-21-1472800135-602877700-1070557309-50
> 0:/home/Administrator:/bin/bash
> elandrew::48906:10513:Andrews 
> Elaine,U-NMP\elandrew,S-1-5-21-2120241691-1808037704-154278981
> 8-38906:/home/elandrew:/bin/bash
> elandrew@IM LOAN PC01 ~
> 2 questions
> 1. How can I force a password when running the login script.
> 2. How can I always force a username and password when 
> logging into the cygwin window.
> I hope these questions are not too obvious - any help would 
> be greatly appreciated.
> Regards
> Elaine Andrews
> --
> Unsubscribe info:
> Bug reporting:
> Documentation:
> FAQ:         

Unsubscribe info:
Bug reporting:

mail2web - Check your email from the web at .

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]