This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Antwort: Re: Cygwin/OpenSSH authentication without applying group policies...

On Oct 26 16:01, wrote:
> Hello,
> >   With password
> > authentication it's entirely up to the Win32 call LogonUser() to create
> > that token and to manage that connection.  Using pubkey authentication
> > you have three choices described in the user's guide.  Maybe one of them
> > helps, see
> >
> > 
> > 
> My decripted problem occurs with password and public key (without saved 
> password) authentication.
> I just asked the question because we see during network tracing that the 
> group policies are transferred to the client.
> Other logon processes (e.g. mounting a network drive with another user 
> than the logged on one) do not transfer the group policies. Is the call 

I assume they don't have to since they only need the network credentials
and policies are perhaps checked on the server.  It looks like the
underlying code uses something along the lines of
LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser.

But that's just a guess.  I don't know what's exactly going on under the

> LogonUser() really the right one, we use for the login procedure?

When using password authentication or pubkey with saved password, yes.
It's the one supported Win32 call to create a user token from user name
and password.  In contrast to a network share access, we need to create
an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]