This is the mail archive of the
mailing list for the Cygwin project.
Re: Cygwin/OpenSSH authentication without applying group policies...
On Oct 27 10:11, Carsten.Porzler@spb.de wrote:
> > > LogonUser() really the right one, we use for the login procedure?
> > When using password authentication or pubkey with saved password, yes.
> > It's the one supported Win32 call to create a user token from user name
> > and password. In contrast to a network share access, we need to create
> > an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.
> But what's about the public key authentication without(!) a password? We
> recognized, that there ist exactly the same amount of network traffic over
> the ip-port 26
I guess you mean port 1026. But, anyway, I'm glad to read that. It
means that Cygwin does not create more traffic than the OS itself, when
it has to collect the information necessary to create a user token.
Apart from a lot of other, minor stuff, a user token consists of a list
of group SIDs and a list of user privileges. Without this information
the token is useless. Cygwin calls the appropriate functions to collect
this information (NetUserGetGroups, NetUserGetLocalGroups,
LsaEnumerateAccountRights). The traffic created by these functions is
not under Cygwin's control.
> which means there is something going on with the group
> policies, too. Although publickey authentication without a password is not
> a real network logon.
It has to create a user token. The job is practically the same as
what LogonUser has to do under the hood.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple