1.5.21: Win 2003 R2 domain user ssh shows whoami sshd_server (password auth)
Larry Hall (Cygwin)
reply-to-list-only-lh@cygwin.com
Thu Aug 31 17:21:00 GMT 2006
Corinna Vinschen wrote:
> On Aug 30 14:05, Serban Simu wrote:
>> So my questions would be:
>>
>> (1) I did find a work around, but what is the explanation of this
>> problem and what is a good, solid work around?
>
> After some debugging I found that the explanation is that sshd drops
> all supplementary groups from the otherwise privileged user token.
> This results in a minimized user token when calling initgroups, which
> in turn calls NetUserGetGroups, which in turn returns "Access denied".
> The solution is to drop back to the original process token before
> calling NetUserGetGroups from initgroups. I've checked in a patch
> which should be available in the next developers snapshot from
> http://cygwin.com/snapshots/
>
> A solid workaround if you're trying to get the same with the current
> Cygwin: Add all users which want to log in this way to the gr_mem
> field of the approrpiate groups in /etc/group. In your example case,
> it would look like this:
>
> Test Users:S-1-5-21-4293257363-1756470469-1603820055-1123:11123:test1
Nice work! I recommend a new gold star! :-)
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list