This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin/OpenSSH authentication without applying group policies...

> On Oct 26 16:01, wrote:
> > Hello,
> > 
> > >   With password
> > > authentication it's entirely up to the Win32 call LogonUser() to 
> > > that token and to manage that connection.  Using pubkey 
> > > you have three choices described in the user's guide.  Maybe one of 
> > > helps, see
> > >
> > > 
> > > 
> > My decripted problem occurs with password and public key (without 
> > password) authentication.
> > 
> > I just asked the question because we see during network tracing that 
> > group policies are transferred to the client.
> > 
> > Other logon processes (e.g. mounting a network drive with another user 

> > than the logged on one) do not transfer the group policies. Is the 
> I assume they don't have to since they only need the network credentials
> and policies are perhaps checked on the server.  It looks like the
> underlying code uses something along the lines of
> LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser.
> But that's just a guess.  I don't know what's exactly going on under the
> hood.
> > LogonUser() really the right one, we use for the login procedure?
> When using password authentication or pubkey with saved password, yes.
> It's the one supported Win32 call to create a user token from user name
> and password.  In contrast to a network share access, we need to create
> an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.
But what's about the public key authentication without(!) a password? We 
recognized, that there ist exactly the same amount of network traffic over 
the ip-port 26, which means there is something going on with the group 
policies, too. Although publickey authentication without a password is not 
a real network logon.

Thanks for further informations or some ideas how to handle that.

Best regards

Carsten Porzler

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]