From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 34997 invoked by alias); 29 Mar 2019 09:59:42 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 34989 invoked by uid 89); 29 Mar 2019 09:59:42 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-106.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=HX-Languages-Length:1415, AFAIK, afaik, H*F:D*cygwin.com X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.134) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 29 Mar 2019 09:59:40 +0000 Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MOQyE-1hKCJQ11ME-00Pvmu for ; Fri, 29 Mar 2019 10:59:38 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 266E3A8057D; Fri, 29 Mar 2019 10:59:37 +0100 (CET) Date: Fri, 29 Mar 2019 09:59:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations Message-ID: <20190329095937.GD4096@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <31d69fd2-4906-4e32-29ca-d5bedb31088d@SystematicSw.ab.ca> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7d9k4kQHj3EPdFyS" Content-Disposition: inline In-Reply-To: <31d69fd2-4906-4e32-29ca-d5bedb31088d@SystematicSw.ab.ca> User-Agent: Mutt/1.11.3 (2019-02-01) X-SW-Source: 2019-03/txt/msg00649.txt.bz2 --7d9k4kQHj3EPdFyS Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1505 On Mar 28 17:18, Brian Inglis wrote: > On 2019-03-28 15:36, Bill Stewart wrote: > > I am trying to understand the limitations when running sshd using the > > SYSTEM account. > > Is the following complete and correct? > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > OS_version* OS_bitness sshd_bitness Notes > > -------------------------------------------------- > > < 6.3 64-bit 32-bit Note 1 > > < 6.3 64-bit 64-bit Note 2 > > < 6.3 32-bit 32-bit Note 2 > >> =3D 6.3 64-bit 64-bit No problems > >> =3D 6.3 64-bit 32-bit No problems > >> =3D 6.3 32-bit 32-bit No problems > > * "< 6.3" =3D "older than Windows 8.1/Server 2012 R2"; ">=3D 6.3" =3D "= at least > > Windows 8.1/Server 2012 R2" > > Note 1: sshd cannot authenticate local accounts, but it can authenticate > > domain accounts. > > Note 2: sshd can't authenticate local accounts after a reboot unless > > another logon happens first. > > Unfortunate implication of Note 1: 32-bit version of sshd running as SY= STEM > > account on OS < 6.3 on non-domain member computer cannot authenticate a= ny > > accounts. >=20 > cygstart /usr/share/doc/Cygwin/html/ntsec.html Or https://cygwin.com/cygwin-ug-net/ntsec.html AFAIK, the only problem left are OS versions 6.0 (Vista/2008) and 6.1 (7/2008R2), and only 32 bit Cygwin running under WOW64, *not* 32 bit Cygwin running on a 32 bit Windows. Corinna --=20 Corinna Vinschen Cygwin Maintainer --7d9k4kQHj3EPdFyS Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyd7IgACgkQ9TYGna5E T6DOMg//WV+QEm6FrTydYqoNxXeTRL0MnLJPvOm22dk/kL27F5gbFG5g5Ee22e/0 w5Jy/DCfFycWX+ZNHS+BbVbj5r2emoIizvmxO/Aa9nt/mjzOEf8l59+eB8p3xa7m llfFjSs8Vcok+XmcF2MZQesBeMJJZ70B0suH1cKuxN+7umyh8NA9Lo0JeWPQkmGH /3FYAUBAC+UZsJ8Ru0BDZxi+Wb9MPqIENjncY4ltz7KQaudWcW7KbGz4ZuIvdH6y w1pvffXtr3LMIrXjiaN4fdILvDqIuZ1lkhDoq23pHbcYirD0hZRZLNsaGj4TxIJR lcIxZM3fqkdbYx5pVsy00B38IiuRft7nuQm/JkJMR5W7gVW8yfkBGxX86ydVq/Bn uouJuqdedZWas03xiIjY/ihp8m+0VR00spTkUYikNwUxI+zzSmodbDUykThgWZeF sYAyhRaREwHc4GrgTlL82e2XxdvQvDNKQG0uiZxAUoN0O9cCdul+PEg02sXwJ+KQ BBVpRa/KbqR+97V9lpG2iDotgDBrcRpnydR/M2UEVkJe0NWIOOubGXvu6CuWSorf VKg/b/CgpI47cG7iSXFugTgra2UKWmgAzz7wdUgTDNrrwPUmxY7rj3Ohdfd8F6hu jlFokzHVJ2XhqMg0M6cuDyVVLib+P7HSGWauC2dzA/AeFJLi7Bc= =CfsX -----END PGP SIGNATURE----- --7d9k4kQHj3EPdFyS--