This is the mail archive of the
cygwin
mailing list for the Cygwin project.
OpenSSH public key authentication: suspicios in domain environment.
- From: Konstantin Andreev <pkl at datatech dot ru>
- To: cygwin at cygwin dot com
- Date: Thu, 16 Sep 2004 23:02:47 +0400
- Subject: OpenSSH public key authentication: suspicios in domain environment.
- Organization: TOR Company
Suppose, I have Windows XP workstation (TEX), member of domain DOM
(Microsoft Windows Networking), and Cygwin/SSH daemon are running
on this workstation (TEX).
Suppose, on TEX, I set up record in /etc/passwd for domain user DOMUSR.
If I logon on TEX as DOMUSR with password authentication, this logon
is indistinguishable from regular local logon to TEX:
- record in Security Log appeares
- command shell is assigned with identical Access Token, and
privileges.
- command shell is running under DOMUSR account.
But, if I try to logon on TEX as DOMUSR with public key authentication,
logon succeeds, but strange things appears:
- *NO* record appears in Security Log about logon event.
- command shell has strange Access Token, in particular, it does
not contain these SIDS:
- Logon SID (S-1-5-5-0-...)
- S-1-5-4 NT AUTHORITY\INTERACTIVE
- S-1-2-0 \LOCAL
- command shell holds all privileges enabled (like SYSTEM process),
whereas some of the privileges should be disabled.
- some utilities consider command shell process as running under
"NT AUTHORITY\SYSTEM" account, in particular, "whoami.exe" from
"Windows Server 2003 Resource Kit Tools".
Could anybody comment this ?
-- -
TOR Trade Company, IT Department,
Konstantin Andreev.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/