This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Still testing needed: New passwd/group AD/SAM integration

Hi Ken,

On Apr 16 10:04, Corinna Vinschen wrote:
> On Apr 15 14:14, Ken Brown wrote:
> > I've come across a glitch involving sshd and cygserver.  I normally
> > have both running, but I've discovered that I have to start sshd
> > before I start cygserver, or else I have problems (can't ssh from a
> > non-administrator account to an administrator account).  Here are
> > the details on 64 bit Cygwin; I haven't tested 32 bit:
> > 
> > I've installed the full 2014-04-12 snapshot and removed /etc/passwd
> > and /etc/group.  I have an ordinary user kbrown and an administrator
> > user kbrown-admin.  I now do the following:
> > 
> > 1. Start sshd.
> > 2. Start cygserver.
> > 3. Start a Cygwin Terminal as user kbrown.
> > 4. ssh into the kbrown-admin account (with publickey authentication
> > used by default).
> > 
> > $ ssh kbrown-admin@localhost
> > Enter passphrase for key '/home/kbrown/.ssh/id_rsa':
> > setsockopt IPV6_TCLASS 16: Protocol not available:
> > Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11
> > 
> > Everything is fine.
> > 
> > Now I close the Cygwin Terminal, stop both services, and restart
> > them in the other order (cygserver first, then sshd).  Repeating
> > steps 3 and 4, I can't login:
> > 
> > $ ssh kbrown-admin@localhost
> > kbrown-admin@localhost's password:
> > Permission denied, please try again.
> > kbrown-admin@localhost's password:
> > 
> > Notice that (a) I didn't get a prompt for the passphrase for my ssh
> > key, and (b) my password wasn't accepted.
> Thanks for the report, Ken.  I'll have a look.

To clarify:  This is a non-domain machine, right?  And sshd is running
under the cyg_server account while cygserver is running under the
LocalSystem account?

I'm just testing this, only with a domain machine and domain accounts,
and I can't reproduce this.  I have a bit of a problem to test this on a
non-domain machine because my network is set up for domain machines...

However, I found that I made a blatant mistake in cygserver.  The
message length was computed one byte too short, so the trailing \0 in
the passwd/group string wasn't transmitted.  This *might* be the cause
for your problem.

I just built a new snapshot.  Can you please try if this fixes it for
you?  Make sure to use the new cygserver!

While I was at it, I also added a patch to get rid of the "setsockopt
IPV6_TCLASS 16: Protocol not available" message.  I just *love* it if
Microsoft defines socket options in their headers, but then simply
returns WSAENOPROTOOPT when the appliction dares to use them...


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpYAYnughIZI.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]