From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13785 invoked by alias); 6 Mar 2019 12:28:23 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 13755 invoked by uid 89); 6 Mar 2019 12:28:22 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=techniques, privileges, Hx-languages-length:1445, H*F:D*cygwin.com X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.133) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 06 Mar 2019 12:28:20 +0000 Received: from calimero.vinschen.de ([217.91.18.234]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MdvVu-1hYuvv3Xs6-00b2X7 for ; Wed, 06 Mar 2019 13:28:17 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id E9927A80422; Wed, 6 Mar 2019 13:28:16 +0100 (CET) Date: Wed, 06 Mar 2019 12:28:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: can't access remote shares when using ssh with rsa key - passwd -R / set(e)uid / LogonUser is not working as expected Message-ID: <20190306122816.GP3785@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <878sxt86kp.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0aF+6pWUK5w8WdCh" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.3 (2019-02-01) X-SW-Source: 2019-03/txt/msg00099.txt.bz2 --0aF+6pWUK5w8WdCh Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1347 On Mar 6 10:09, Maayan Apelboim wrote: > Well, it doesn't work OK unfortunately, but I'm not sure if I missed some= thing in the process, or is it just not working properly. > I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major ve= rsion and will probably have new bugs that I wouldn't want to find in produ= ction. >=20 > Assuming we will eventually upgrade to latest version -=20 > My sshd service is running with domain user cyg_server and we login with = domains users via ssh - is it still OK to switch the sshd service's user to= local system? > Will we still be able to login with domain users via ssh? Yes, that's the idea. The new method using the official S4U logon technique runs under the SYSTEM account. No need to have a special cyg_server account with potentially dangerous privileges anymore. > Will it help with my network shares problem? No. Just like the old techniques using an LSA authentication module or creating a user token from scratch, S4U login does not create tokens with valid network credentials. For some weird reason only Microsoft knows about, you still need a password login for that. The other method, logging in by stored password, as described in https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still works, though. Corinna --=20 Corinna Vinschen Cygwin Maintainer --0aF+6pWUK5w8WdCh Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/vOAACgkQ9TYGna5E T6BbFw//X/ssn7jX1BZPMaGXDh4NqMXaZQ+sTFFqm+i+54NHlv9i07YgQD5+rspG eJ2Yo7kf4QFujKcmV6kFt6dq+ztLiTdJCo9Z+Vf3tT/8bZIJjiU/F0RpzzvXmcte pWt/fiUMwSi28zezT1ucsr2PlLY4JvgEt4fSkMjaBSYXOfrflm3dTIcNEt4KSF4o XzZA3Wa3yvkik6ybZ+MhMGf/ssEuzbg9kXZXtiV1zF7o2iw8LrwVlDEbhzTMrzMh r+7IjHfB1MR+me9Wj8YWa/TdDgnKgtaqOPWpMaxEgAKNGiT0EnlzFiqOUglbQPjB 3ES43qNDBeiVyBYXYP79bnLOMoFF/Z7Ai+s9QtEREEw0eUcxEAR+9v4l+w7/JKtA LTfduubhAN7/IIE9WzEbqmqNSCVBtl8xlBchWpdAJTBp5MBZlbOnqWZlbDNegS0T c9WJgdRxnHrY2iFA+M7cQzIUhqRB//oV/WWkUyOqI3ccAhW+U63cKydHdDCd9BPz S5Bbzv7q7/OkBMPRZvDffGxRreFG0OhpaXXsAsO4UFTELTkKQrI6lxmV07Fo6XuS 2zF/3YpHGDBw3fIhMeuLAqpFeFm0S4LoH487Hq6dnvOSrWXpK0oYgS7ICkkC6DqN XqbM07tWicNZ0GO6tpi+LqT44SNSb676H70/BW1NrmMpCnD8Ar8= =adfJ -----END PGP SIGNATURE----- --0aF+6pWUK5w8WdCh--