This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: SSHD key based authentication hangs cscript


Thanks for the prompt response Corinna. 

At least I now know. 

Can anybody suggest a way of doing this? Can the runas service be used to
gain a new token or will it suffer the same problem? I have attempted to use
it, but the results were unusual. It prompted me for a password and just
drops me back to the shell without the opportunity to even enter one.  

On a similar note, can anyone who may have had this issue suggest any
alternative way to run remote commands on a windows box from linux with some
form of transparent authentication, or am I dreaming? :) 

As for the second question, it was a quote from another list and problem 2
was totally unrelated. 

Thanks again,
Stuart 

-----Original Message-----
From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf Of
Corinna Vinschen
Sent: Wednesday, 4 May 2005 7:03 PM
To: cygwin@cygwin.com
Subject: Re: SSHD key based authentication hangs cscript

On May  4 11:15, Stuart Westbury wrote:
> "There are actually two problems here: 1) a problem with CygWin/OpenSSH
> (after  public  key  authentication  GetUserName()  returns  incorrect
> value)..........."
> 
> Is this my problem?

No, that's our problem.  There's nothing we can do about it, I'm sorry.

What happens is this:  When sshd calls seteuid(), the Cygwin DLL creates
a new user token based on the information in the SAM and Cygwin's
/etc/passwd
and /etc/group files.  Nothing wrong with that, but since this happens
in user land and not within a registered Windows authentication package,
there's a problem here.  The new sub process still runs in the authenticated
session for the SYSTEM resp. the sshd_server user.  Even though the new
user token contains all the correct information otherwise, it doesn't
contain a new session identifier since as a non-authentication package,
it can't create its own session identifier.  This has the unfortunate
result, that Windows functions still return the name resp. SID of the user
who started the original process (SYSTEM/sshd_server).  From my point of
view this is a bug in Windows, but who am I to be asked?

This doesn't happen when using password authentication because in this
case the authentication is done by the standard authentication package
and a new, shiny session identifier is added to the new user token.


And the second question is what?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]