ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Shaddy Baddah]

[-- Attachment #1: Type: text/plain, Size: 4102 bytes --]

Hi,

First please find attached a simple patch that fixes a problem I
encountered running ssh-host-config with the --debug option.

Pretty simple. Without redirecting the output of csih_stacktrace() to
stderr, then (3.5.4) Command Substitution of functions that call it will
run into problems. And the one that I encountered was this one:

cygwin-service-installation-helper.sh:1147:csih_mktemp ()
cygwin-service-installation-helper.sh:1148:{
cygwin-service-installation-helper.sh:1149:  csih_stacktrace "${@}"
cygwin-service-installation-helper.sh:1150:  $_csih_trace
cygwin-service-installation-helper.sh:1152:  local __umask=$(umask)
cygwin-service-installation-helper.sh:1153:  local rval
cygwin-service-installation-helper.sh:1154:  local tmpdir
cygwin-service-installation-helper.sh:1156: 
tmpdir=$(csih_writable_tmpdir) || return 1
cygwin-service-installation-helper.sh:1158:  umask 0077
cygwin-service-installation-helper.sh:1159:  /usr/bin/mktemp 
--tmpdir="${tmpdir}" "$@"

tmpdir will be filled with stacktrace output from the
csih_writable_tmpdir() call, and mktemp will fail.

Further, there is definitely a bug, at least for me, with running
ssh-host-config on Vista (32 bit, but that shouldn't matter) in a
non-domain environment.

The script obviously confuses the form of username construct to use at
various points. I encounter the following error:

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
no
*** Query: Create new privileged user account 'LIBRA-VW\cyg_server' 
(Cygwin name: 'libra-vw+cyg_server')? (yes/no) yes
*** Info: Please enter a password for new user libra-vw+cyg_server. 
Please be sure
*** Info: that this password matches the password rules given on your 
system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:

*** Info: User 'libra-vw+cyg_server' has been created with password 
'melum0m0'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'libra-vw+cyg_server' account.

passwd: unknown user libra-vw+cyg_server
*** Warning: Setting password expiry for user 'libra-vw+cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
No user or group 'libra-vw+cyg_server' known.
*** Warning: Assigning the appropriate privileges to user 
'libra-vw+cyg_server' failed!
*** ERROR: There was a serious problem creating a privileged user.
yes
*** Warning: Expected privileged user 'libra-vw+cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

*** Warning: Host configuration exited with 1 errors or warnings!
*** Warning: Make sure that all problems reported are fixed,
*** Warning: then re-run ssh-host-config.


And I'm sure the problem is that this well-intended change to the script
fails on the assumption that LOGONSERVER is always populated. It isn't
for me on Vista.

cygwin-service-installation-helper.sh:2884:      # This test succeeds on 
domain member machines only, not on DCs.
cygwin-service-installation-helper.sh:2885:      if [ 
"\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
cygwin-service-installation-helper.sh:2886:        -a "${LOGONSERVER}" 
!= "\\\\MicrosoftAccount" ]
cygwin-service-installation-helper.sh:2887:      then
cygwin-service-installation-helper.sh:2888:     # Lowercase of USERDOMAIN
cygwin-service-installation-helper.sh:2889: 
csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
cygwin-service-installation-helper.sh:2890:      fi
cygwin-service-installation-helper.sh:2891:    fi

I fixed this by modifying the test to check LOGONSERVER is not empty:

if [ -n "${LOGONSERVER}" -a "\\\\...

Can this be fixed in the next release?

-- 
Regards,
Shaddy



[-- Attachment #2: fix-ssh-host-config-debug.diff --]
[-- Type: text/x-patch, Size: 401 bytes --]

--- cygwin-service-installation-helper.sh.orig	2015-10-28 20:23:49.000000000 +1100
+++ cygwin-service-installation-helper.sh	2017-01-18 14:04:40.856126700 +1100
@@ -384,7 +384,7 @@
       fi
     n=$(($n-1))
     done
-    echo -e "${_csih_STACKTRACE_STR} ${val} ${@}"
+    echo -e "${_csih_STACKTRACE_STR} ${val} ${@}" 1>&2
   fi
 } # === End of csih_stacktrace() === #
 readonly -f csih_stacktrace


[-- Attachment #3: Type: text/plain, Size: 219 bytes --]


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Shaddy Baddah]

Hi,

On 18/01/17 14:34, Shaddy Baddah wrote:
> First please find attached a simple patch that fixes a problem I
> encountered running ssh-host-config with the --debug option.
>

Also, it'd be nice if an enhancement was made to protect the privacy of
silly people.

-- 
Regards,
Silly person



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1485 bytes --]

On Jan 18 14:34, Shaddy Baddah wrote:
> Hi,
> 
> First please find attached a simple patch that fixes a problem I
> encountered running ssh-host-config with the --debug option.

Thanks, applied.

> And I'm sure the problem is that this well-intended change to the script
> fails on the assumption that LOGONSERVER is always populated. It isn't
> for me on Vista.
> 
> cygwin-service-installation-helper.sh:2884:      # This test succeeds on
> domain member machines only, not on DCs.
> cygwin-service-installation-helper.sh:2885:      if [
> "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
> cygwin-service-installation-helper.sh:2886:        -a "${LOGONSERVER}" !=
> "\\\\MicrosoftAccount" ]
> cygwin-service-installation-helper.sh:2887:      then
> cygwin-service-installation-helper.sh:2888:     # Lowercase of USERDOMAIN
> cygwin-service-installation-helper.sh:2889:
> csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
> cygwin-service-installation-helper.sh:2890:      fi
> cygwin-service-installation-helper.sh:2891:    fi
> 
> I fixed this by modifying the test to check LOGONSERVER is not empty:
> 
> if [ -n "${LOGONSERVER}" -a "\\\\...
> 
> Can this be fixed in the next release?

Sure, please provide a patch, I'll check it in and release a new csih
soonish.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Shaddy Baddah]

Hi,

On 19/01/17 21:38, Corinna Vinschen wrote:
> On Jan 18 14:34, Shaddy Baddah wrote:
...

>> And I'm sure the problem is that this well-intended change to the script
>> fails on the assumption that LOGONSERVER is always populated. It isn't
>> for me on Vista.
>>
>> cygwin-service-installation-helper.sh:2884:      # This test succeeds on
>> domain member machines only, not on DCs.
>> cygwin-service-installation-helper.sh:2885:      if [
>> "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
>> cygwin-service-installation-helper.sh:2886:        -a "${LOGONSERVER}" !=
>> "\\\\MicrosoftAccount" ]
>> cygwin-service-installation-helper.sh:2887:      then
>> cygwin-service-installation-helper.sh:2888:     # Lowercase of USERDOMAIN
>> cygwin-service-installation-helper.sh:2889:
>> csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
>> cygwin-service-installation-helper.sh:2890:      fi
>> cygwin-service-installation-helper.sh:2891:    fi
>>
>> I fixed this by modifying the test to check LOGONSERVER is not empty:
>>
>> if [ -n "${LOGONSERVER}" -a "\\\\...
>>
>> Can this be fixed in the next release?
>
> Sure, please provide a patch, I'll check it in and release a new csih
> soonish.

I would, but there's a couple of hitches. Without understanding the
syntax (and I should bring up the bash man page here, I will do after
this), I can't be sure that the following test:

"\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}"

wasn't designed to handled an empty LOGONSERVER variable. Though it
looks to me that it is a binary test (i.e. handling both variables being
empty).

And secondly, I am not sure that chucking in the -n "${LOGONSERVER}"
test is safe in a Vista domain environment. From the comment about the
line, it seems like the original author of those lines, whomever that
may be, might have a strong understanding to make the modification.

But that's not constructive on my part. I'll come up with a patch in the
next 24 hours (it is late where I am now).

-- 
Regards,
Shaddy


>
>
> Thanks,
> Corinna
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2162 bytes --]

On Jan 19 22:26, Shaddy Baddah wrote:
> 
> Hi,
> 
> On 19/01/17 21:38, Corinna Vinschen wrote:
> > On Jan 18 14:34, Shaddy Baddah wrote:
> ...
> 
> > > And I'm sure the problem is that this well-intended change to the script
> > > fails on the assumption that LOGONSERVER is always populated. It isn't
> > > for me on Vista.
> > > 
> > > cygwin-service-installation-helper.sh:2884:      # This test succeeds on
> > > domain member machines only, not on DCs.
> > > cygwin-service-installation-helper.sh:2885:      if [
> > > "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
> > > cygwin-service-installation-helper.sh:2886:        -a "${LOGONSERVER}" !=
> > > "\\\\MicrosoftAccount" ]
> > > cygwin-service-installation-helper.sh:2887:      then
> > > cygwin-service-installation-helper.sh:2888:     # Lowercase of USERDOMAIN
> > > cygwin-service-installation-helper.sh:2889:
> > > csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
> > > cygwin-service-installation-helper.sh:2890:      fi
> > > cygwin-service-installation-helper.sh:2891:    fi
> > > 
> > > I fixed this by modifying the test to check LOGONSERVER is not empty:
> > > 
> > > if [ -n "${LOGONSERVER}" -a "\\\\...
> > > 
> > > Can this be fixed in the next release?
> > 
> > Sure, please provide a patch, I'll check it in and release a new csih
> > soonish.
> 
> I would, but there's a couple of hitches. Without understanding the
> syntax (and I should bring up the bash man page here, I will do after
> this), I can't be sure that the following test:
> 
> "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}"
> 
> wasn't designed to handled an empty LOGONSERVER variable.

No, it wasn't.  The idea is that if LOGONSERVER == COMPUTERNAME your
machine is not in a domain.  Actually, I *never* encountered an environment
in which LOGONSERVER isn't set.  Are you sure this isn't just some kind
of misconfiguration?  I don't think Cygwin is the only application
checking for LOGONSERVER.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[szgyg]

On 1/19/2017 7:16 PM, Corinna Vinschen wrote:
> The idea is that if LOGONSERVER == COMPUTERNAME your
> machine is not in a domain.  Actually, I *never* encountered an environment
> in which LOGONSERVER isn't set.

It's empty if you're using RunAs.

szgyg


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Shaddy Baddah]

[-- Attachment #1: Type: text/plain, Size: 4274 bytes --]

Hi,


On 20/01/17 05:16, Corinna Vinschen wrote:
> On Jan 19 22:26, Shaddy Baddah wrote:
>>
>> Hi,
>>
>> On 19/01/17 21:38, Corinna Vinschen wrote:
>>> On Jan 18 14:34, Shaddy Baddah wrote:
>> ...
>>
>>>> And I'm sure the problem is that this well-intended change to the script
>>>> fails on the assumption that LOGONSERVER is always populated. It isn't
>>>> for me on Vista.
>>>>
>>>> cygwin-service-installation-helper.sh:2884:      # This test succeeds on
>>>> domain member machines only, not on DCs.
>>>> cygwin-service-installation-helper.sh:2885:      if [
>>>> "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
>>>> cygwin-service-installation-helper.sh:2886:        -a "${LOGONSERVER}" !=
>>>> "\\\\MicrosoftAccount" ]
>>>> cygwin-service-installation-helper.sh:2887:      then
>>>> cygwin-service-installation-helper.sh:2888:     # Lowercase of USERDOMAIN
>>>> cygwin-service-installation-helper.sh:2889:
>>>> csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
>>>> cygwin-service-installation-helper.sh:2890:      fi
>>>> cygwin-service-installation-helper.sh:2891:    fi
>>>>
>>>> I fixed this by modifying the test to check LOGONSERVER is not empty:
>>>>
>>>> if [ -n "${LOGONSERVER}" -a "\\\\...
>>>>
>>>> Can this be fixed in the next release?
>>>
>>> Sure, please provide a patch, I'll check it in and release a new csih
>>> soonish.
>>
>> I would, but there's a couple of hitches. Without understanding the
>> syntax (and I should bring up the bash man page here, I will do after
>> this), I can't be sure that the following test:
>>
>> "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}"
>>
>> wasn't designed to handled an empty LOGONSERVER variable.
>
> No, it wasn't.  The idea is that if LOGONSERVER == COMPUTERNAME your
> machine is not in a domain.  Actually, I *never* encountered an environment
> in which LOGONSERVER isn't set.  Are you sure this isn't just some kind
> of misconfiguration?  I don't think Cygwin is the only application
> checking for LOGONSERVER.

Sorry, yep, it's to check that it is not in a domain. The ',,' is just a
bonus case conversion to guarantee that case doesn't thrown the
comparison (I wasn't familiar with it).

On 21/01/17 09:40, szgyg wrote:
 > On 1/19/2017 7:16 PM, Corinna Vinschen wrote:
 >> The idea is that if LOGONSERVER == COMPUTERNAME your
 >> machine is not in a domain.  Actually, I *never* encountered an
 >> environment
 >> in which LOGONSERVER isn't set.
 >
 > It's empty if you're using RunAs.

Thank you szgyg. This is on the right track. There is a variation. I
didn't use the RunAs command.

Instead I did what I think is the almost 100% use case for running
ssh-host-config. Which is to launch mintty by select "Run as
administrator", elevate privilege to allow the script to add users and
services, etc.

The difference is as follows. And I test for this. I login to the
desktop as a non-administrator. When I select "Run as administrator" I
am prompted to enter a password for (one of) the administrator users.

That mintty (and cmd prompt too obviously) do not have LOGONSERVER set.

If I login to the desktop as administrator user, and "Run as
administrator", LOGONSERVER is set.

Also, there is another use case which I haven't tried, but I would feel
would result in no LOGONSERVER as well... not sure. I can try it as I
complete this email...

That is logging in to an administrator user via ssh itself. OK, it
doesn't make sense for the purpose of runnng ssh-host-config (you've
obviously already got ssh server running), but just to cover bases...
I've tried it, and LOGONSERVER is set.

So it seems LOGONSERVER isn't set if you RunAs, from the desktop, as a
different user.

As an aside... doesn't seem like the administrator user has the elevated
privileges anymore. It was the case in the past. I never picked up on
that change.

To that end, please find attached the patch to fix the LOGONSERVER
problem. I think it should be fine for a domain environment. Because if
you run as a domain assigned local administrator, LOGONSERVER will be
set, even on a "Run as administrator".

If you just run as a local computer administrator (whatever the
accurate terminology is here), then you will have an empty LOGONSERVER
and the script will run for the local user.

-- 
Regards,
Shaddy


[-- Attachment #2: fix-ssh-host-config-LOGONSERVER.diff --]
[-- Type: text/x-patch, Size: 550 bytes --]

--- cygwin-service-installation-helper.sh.orig	2015-10-28 20:23:49.000000000 +1100
+++ cygwin-service-installation-helper.sh	2017-01-23 13:54:19.334891100 +1100
@@ -2882,7 +2882,8 @@
     if ! csih_use_file_etc "passwd"
     then
       # This test succeeds on domain member machines only, not on DCs.
-      if [ "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
+      if [ -n "${LOGONSERVER}" \
+	   -a "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" \
 	   -a "${LOGONSERVER}" != "\\\\MicrosoftAccount" ]
       then
 	# Lowercase of USERDOMAIN


[-- Attachment #3: Type: text/plain, Size: 219 bytes --]


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 4131 bytes --]

On Jan 23 14:12, Shaddy Baddah wrote:
> On 21/01/17 09:40, szgyg wrote:
> > On 1/19/2017 7:16 PM, Corinna Vinschen wrote:
> >> The idea is that if LOGONSERVER == COMPUTERNAME your
> >> machine is not in a domain.  Actually, I *never* encountered an
> >> environment
> >> in which LOGONSERVER isn't set.
> >
> > It's empty if you're using RunAs.
> 
> Thank you szgyg. This is on the right track. There is a variation. I
> didn't use the RunAs command.
> 
> Instead I did what I think is the almost 100% use case for running
> ssh-host-config. Which is to launch mintty by select "Run as
> administrator", elevate privilege to allow the script to add users and
> services, etc.
> 
> The difference is as follows. And I test for this. I login to the
> desktop as a non-administrator. When I select "Run as administrator" I
> am prompted to enter a password for (one of) the administrator users.
> 
> That mintty (and cmd prompt too obviously) do not have LOGONSERVER set.

Yes, you're both right, but it's even more weird.  If I use "RunAs" from
an unprivileged user account, and the Admin account I "RunAs" as is
logged on in another terminal session at the same time, the "RunAs"
session has LOGONSERVER set.  Something isn't quite right in the
backgrounds...

> Also, there is another use case which I haven't tried, but I would feel
> would result in no LOGONSERVER as well... not sure. I can try it as I
> complete this email...
> 
> That is logging in to an administrator user via ssh itself.

No, that works as desired with LOGONSERVER set.

> As an aside... doesn't seem like the administrator user has the elevated
> privileges anymore. It was the case in the past. I never picked up on
> that change.

I don't understand what you mean here.  The privileges are not in the
user token of the non-privileged processes in a non-elevated session,
but as soon as you use "runas", the privileges are in the user token.

> To that end, please find attached the patch to fix the LOGONSERVER
> problem. I think it should be fine for a domain environment. Because if
> you run as a domain assigned local administrator, LOGONSERVER will be
> set, even on a "Run as administrator".
> 
> If you just run as a local computer administrator (whatever the
> accurate terminology is here), then you will have an empty LOGONSERVER
> and the script will run for the local user.

No, that's not right.  If you run a logon session as a local admin (in
contrast to running a process via "RunAs"), LOGONSERVER will be set
to \\$COMPUTERNAME.

I'm also not quite sure if the patch is right.  The comment preceeding
the check explains what we want.  The idea is this (omitting the
extra test for "MicrosoftAccount"):

   # This test succeeds on domain member machines only, not on DCs.
    if [ "\\\\${COMPUTERNAME,,*}" != "${LOGONSERVER,,*}" ]
    then
      # Lowercase of USERDOMAIN
      csih_PRIVILEGED_USERNAME="${COMPUTERNAME,,*}+${username}"
    fi

COMPUTERNAME is the same as LOGONSERVER on non-domain machines as well
as on domain controllers.  So this `if' test if the machine is a domain
member machine.

If it is, local accounts will have the Cygwin username
"$COMPUTERNAME+$username", while on non-domain machines and DCs the
Cygwin username of a local user will be "$username" only,

This is according to the rules of automatic username generation per
https://cygwin.com/cygwin-ug-net/ntsec.html,

What your patch does is to handle an empty LOGONSERVER as an indicator
that we're on a domain member machine.  This doesn't look right to me.

So the basic question is this:  Assuming I'm running a simple bash
script, and assuming I can't rely on the value of LOGONSERVER for the
test on being a domain member machine, how *can* I check for that?
nltest, somehow?  But as far as I can see, nltest was only bundeled
with Windows 7 and later...  Do we have to write another helper tool?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Achim Gratz]

Corinna Vinschen writes:
> COMPUTERNAME is the same as LOGONSERVER on non-domain machines as well
> as on domain controllers.  So this `if' test if the machine is a domain
> member machine.

I can supply another cornercase where LOGONSERVER is not set: if you run
an sshd under the (only) user that can log in, that ssh session has no
LOGONSERVER set.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh-host-config: patch fix debug option + broken for me on Vista (non-domain)

[Wells, Roger K.]

On 01/23/2017 02:50 PM, Achim Gratz wrote:
> Corinna Vinschen writes:
>> COMPUTERNAME is the same as LOGONSERVER on non-domain machines as well
>> as on domain controllers.  So this `if' test if the machine is a domain
>> member machine.
> I can supply another cornercase where LOGONSERVER is not set: if you run
> an sshd under the (only) user that can log in, that ssh session has no
> LOGONSERVER set.
>
>
> Regards,
> Achim.

FWIW

On my W10 machine  (CYGWIN_NT-10.0 rwells-x220 2.6.0(0.304/5/3) 
2016-08-31 14:32 x86_64 Cygwin)

they are both defined and different.

AFAICS I am the only configured user.


-- 
Roger Wells, P.E.
leidos
221 Third St
Newport, RI 02840
401-847-4210 (voice)
401-849-1585 (fax)
roger.k.wells@leidos.com


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple