Still testing needed: New passwd/group AD/SAM integration
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Apr 14 08:08:00 GMT 2014
On Apr 13 14:34, Andrey Repin wrote:
> Greetings, Corinna Vinschen!
>
> > What bugs me a bit is what this means for applications which expect
> > fixed usernames. Sshd, for instance, expects the fixed username
> > "sshd" right now when using privilege separation. I discussed this
> > with the OpenSSH devs, and they understand the problem, but they think
> > this should be handled by a Cygwin-specific function. So there's some
> > extra work in it for me to get OpenSSH up to speed with this change,
> > but I fear I'm not the only one. The more configurable stuff like this
> > is, the more complicated it gets maintaining some packages.
>
> I really don't see a problem. Is this implementation-dependent issue?
> 99% you are operating within "current domain" and do not need to specify
> domain prefix at all.
Uh, but you're missing the situation where the machine is a domain
machine but the privilege separation account "sshd" is created in
the local SAM. That's what the ssh-host-config script might do.
Sshd will have to use MACHINE<separator>sshd as username for privsep
in this case.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140414/caa5a681/attachment.sig>
More information about the Cygwin
mailing list