From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.pdinc.us (mail2.pdinc.us [67.90.184.28]) by sourceware.org (Postfix) with ESMTPS id 9F5F63858400 for ; Wed, 10 Nov 2021 18:25:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9F5F63858400 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=pdinc.us Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=pdinc.us Received: from blackfat (nsa1.pdinc.us [67.90.184.2]) (authenticated bits=0) by mail2.pdinc.us (8.14.4/8.14.4) with ESMTP id 1AAIPeUO011719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 10 Nov 2021 13:25:41 -0500 DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.pdinc.us 1AAIPeUO011719 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default; t=1636568741; bh=gGIwTT3ueJvG9eFF83DEWx1+cP1EULqSW/20yewBwL0=; h=From:To:References:In-Reply-To:Subject:Date:From; b=p5jtBOlDNa3QuT1E7okuKY04ySy1sc3knh39Kf6TG7o2IGzAYQYmdVYaZSK++2ZHj fn4EtzvNJxnseSzKFFZe0UmR9IeQrsS5qSQN7/NkuFjcRw3lB+sb+vAHVvN2ecKO1T WV4PbJswuDeZgPcOvm55vfQOLKyVHCRQ49FieGKwIWCB/KxK3bmjHfhcpZ6/ZvoSSA d/7lvX7vwz3wmKBAKRTKAj46R6gWJ9Bfb4Da2oM1X/VkyLPQxlca7krU52QGOyefQa 6u+omLW2va9w93ZV9TCU1LcPfjMBUGeds2Cr50dR95rlm8XOyV90PP6N768hWchsUw xqmvhTUwgp+cA== From: "Jason Pyeron" To: References: <2dfb0a68-b9e3-f9fb-817b-651fec02adf5@onespin.com> <97042d57-fa36-da97-9c05-493a2c645991@onespin.com> In-Reply-To: Subject: RE: [cygwin] Re: Problem with ssh(d) Date: Wed, 10 Nov 2021 13:25:36 -0500 Organization: PD Inc Message-ID: <037a01d7d660$5b9c8db0$12d5a910$@pdinc.us> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGbz+MuxzBhnOpDKxzOIY5pgXX0PwFJPPmWAfCFdlUCyTmqeaxFCGGQ Content-Language: en-us X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2021 18:25:42 -0000 > -----Original Message----- > From: Bill Stewart > Sent: Wednesday, November 10, 2021 10:44 AM >=20 > On Wed, Nov 10, 2021 at 8:28 AM Strasser, Dominik (DI SW ICS ICV) = wrote: >=20 > I know that this is the standard installation. But we absolutely need > > passwordless login. So this was the workaround we found. > > The number of groups differs when sshd is run as local system, and = when > > authorized_keys exist or not. Groups are OK, when it is run under = the one > > user we absolutely need the passwordless login. > > >=20 > Password-less logon is supported when running as local system. I do = this > all the time, so there must be something that is not correct about = your > configuration. >=20 > Sorry, don't know what that might be. I slightly misread the email. To be clear password less login works - BUT as I said MS design choices = result in a different security token being issues without password vs = with password. As such your ability to access certain resources are limited. Enumerate the groups you have as PKI authentication then bless those = groups to perform the action needed. -Jason -- Jason Pyeron | Architect PD Inc | Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 =20 .mil: jason.j.pyeron.ctr@mail.mil .com: jpyeron@pdinc.us tel : 202-741-9397