On Mar  6 10:09, Maayan Apelboim wrote:
> Well, it doesn't work OK unfortunately, but I'm not sure if I missed something in the process, or is it just not working properly.
> I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major version and will probably have new bugs that I wouldn't want to find in production.
> 
> Assuming we will eventually upgrade to latest version - 
> My sshd service is running with domain user cyg_server and we login with domains users via ssh - is it still OK to switch the sshd service's user to local system?
> Will we still be able to login with domain users via ssh?

Yes, that's the idea.  The new method using the official S4U logon
technique runs under the SYSTEM account.  No need to have a special
cyg_server account with potentially dangerous privileges anymore.

> Will it help with my network shares problem?

No.  Just like the old techniques using an LSA authentication module
or creating a user token from scratch, S4U login does not create
tokens with valid network credentials.  For some weird reason only
Microsoft knows about, you still need a password login for that.

The other method, logging in by stored password, as described in
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still
works, though.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer