Cygwin/OpenSSH authentication without applying group policies...
Carsten.Porzler@spb.de
Carsten.Porzler@spb.de
Tue Oct 27 09:11:00 GMT 2009
> On Oct 26 16:01, Carsten.Porzler@spb.de wrote:
> > Hello,
> >
> > > With password
> > > authentication it's entirely up to the Win32 call LogonUser() to
create
> > > that token and to manage that connection. Using pubkey
authentication
> > > you have three choices described in the user's guide. Maybe one of
them
> > > helps, see
> > > http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
> > >
> > >
> > My decripted problem occurs with password and public key (without
saved
> > password) authentication.
> >
> > I just asked the question because we see during network tracing that
the
> > group policies are transferred to the client.
> >
> > Other logon processes (e.g. mounting a network drive with another user
> > than the logged on one) do not transfer the group policies. Is the
call
>
> I assume they don't have to since they only need the network credentials
> and policies are perhaps checked on the server. It looks like the
> underlying code uses something along the lines of
> LOGON32_LOGON_NEW_CREDENTIALS in a call to LoginUser.
>
> But that's just a guess. I don't know what's exactly going on under the
> hood.
>
> > LogonUser() really the right one, we use for the login procedure?
>
> When using password authentication or pubkey with saved password, yes.
> It's the one supported Win32 call to create a user token from user name
> and password. In contrast to a network share access, we need to create
> an interactive token using the LOGON32_LOGON_INTERACTIVE logon type.
>
But what's about the public key authentication without(!) a password? We
recognized, that there ist exactly the same amount of network traffic over
the ip-port 26, which means there is something going on with the group
policies, too. Although publickey authentication without a password is not
a real network logon.
Thanks for further informations or some ideas how to handle that.
Best regards
Carsten Porzler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list