This is the mail archive of the
mailing list for the Cygwin project.
Re: Antwort: Re: Cygwin/OpenSSH authentication without applying group policies...
On Oct 26 16:01, Carsten.Porzler@spb.de wrote:
> > With password
> > authentication it's entirely up to the Win32 call LogonUser() to create
> > that token and to manage that connection. Using pubkey authentication
> > you have three choices described in the user's guide. Maybe one of them
> > helps, see
> > http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
> My decripted problem occurs with password and public key (without saved
> password) authentication.
> I just asked the question because we see during network tracing that the
> group policies are transferred to the client.
> Other logon processes (e.g. mounting a network drive with another user
> than the logged on one) do not transfer the group policies. Is the call
I assume they don't have to since they only need the network credentials
and policies are perhaps checked on the server. It looks like the
underlying code uses something along the lines of
LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser.
But that's just a guess. I don't know what's exactly going on under the
> LogonUser() really the right one, we use for the login procedure?
When using password authentication or pubkey with saved password, yes.
It's the one supported Win32 call to create a user token from user name
and password. In contrast to a network share access, we need to create
an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple