From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 73064 invoked by alias); 6 Mar 2019 12:35:14 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 73046 invoked by uid 89); 6 Mar 2019 12:35:13 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=SSHD, H*F:D*cygwin.com, password, services X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (217.72.192.73) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 06 Mar 2019 12:35:12 +0000 Received: from calimero.vinschen.de ([217.91.18.234]) by mrelayeu.kundenserver.de (mreue106 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MplsZ-1hJjbU3hoD-00q89B for ; Wed, 06 Mar 2019 13:35:09 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 13EA7A80425; Wed, 6 Mar 2019 13:35:09 +0100 (CET) Date: Wed, 06 Mar 2019 12:35:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: can't access remote shares when using ssh with rsa key - passwd -R / set(e)uid / LogonUser is not working as expected Message-ID: <20190306123509.GQ3785@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <878sxt86kp.fsf@Rainer.invalid> <20190306122816.GP3785@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8N0TQpGUCeEQshoq" Content-Disposition: inline In-Reply-To: <20190306122816.GP3785@calimero.vinschen.de> User-Agent: Mutt/1.11.3 (2019-02-01) X-SW-Source: 2019-03/txt/msg00100.txt.bz2 --8N0TQpGUCeEQshoq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1570 On Mar 6 13:28, Corinna Vinschen wrote: > On Mar 6 10:09, Maayan Apelboim wrote: > > Well, it doesn't work OK unfortunately, but I'm not sure if I missed so= mething in the process, or is it just not working properly. > > I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major = version and will probably have new bugs that I wouldn't want to find in pro= duction. > >=20 > > Assuming we will eventually upgrade to latest version -=20 > > My sshd service is running with domain user cyg_server and we login wit= h domains users via ssh - is it still OK to switch the sshd service's user = to local system? > > Will we still be able to login with domain users via ssh? >=20 > Yes, that's the idea. The new method using the official S4U logon > technique runs under the SYSTEM account. No need to have a special > cyg_server account with potentially dangerous privileges anymore. >=20 > > Will it help with my network shares problem? >=20 > No. Just like the old techniques using an LSA authentication module > or creating a user token from scratch, S4U login does not create > tokens with valid network credentials. For some weird reason only > Microsoft knows about, you still need a password login for that. Btw., that's in no way different when using Microsoft's own SSHD. They use S4U login as well. That's where I got the idea, in fact. > The other method, logging in by stored password, as described in > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still > works, though. Corinna --=20 Corinna Vinschen Cygwin Maintainer --8N0TQpGUCeEQshoq Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/vnwACgkQ9TYGna5E T6DZsg/8CEoAHFxIRWO5M+PQY7PYj7k8Eeo5e0h7qHtvF9gDtriOGqdM3d8SjuvG Vs0V/gHpbqPWxGQaUhCldT2XIWK1N1c07vdF8oibr1rvHmoxedOPAGisjC9ZleYb ttXXOBOyS/xHvf7EJV43RrhPwyk1h7ZrvxOkBc5DC+Etm6RoUXXi+DTKcsn4/4Ys 6dHKka6lGeZwgtrAjzORWrE2A44PKRfGh8yEOdBYXQnRtDVGONaC81sUBif1Gf/g quuTGZQrReGVF9BIEl7SH3XDQNdlTWRtGVRj2UND+9GofLvBjqVLiMzmhX5ydcbn LbD1FNvuWP9dGxWe7tuUZZFjBdmEC3APszeSXbxXOeM2RNPMJsmv84V1pf49OwDF U1EVDSb8mkv5zUlxE637TCvdKB0NvMsy4R7RZAGE06alC/FudC/ZGQUhrJB9CTYC X3GedE4H8w6J9yr9VvJ9yzz82R1vUBhRRXi6N9eUXFNmQ0GnIUsD0SrqrZ8FY5qj F1ZNZPQdRBzP6ruIiKcmXy9SLyWDFGYhCxhuEW/2skocpPTpaDBN8cROonKDHwLe VgzC7TKy5LQ+9g3Qk9YMeJ0rmwKhWY3pc2iegW9VR/d++YTz5iMCJjR9rfm8Adg0 sg/GxGsQq3D+rWOeHeYMnji3lwv/lzTVfngHTJMi9K7CQrcN780= =TjKF -----END PGP SIGNATURE----- --8N0TQpGUCeEQshoq--