Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hmmm, Heated discussion... I think the important thing to observe here is that people are still learning from both sides about what the issues are. People who don't know or misunderstand will occasionally spout crap. C'est la vie. I learned something from reading this post, so I thank you both for sharing. Keep up the good work, there are people who do appreciate everybody's efforts even if they never really realize it!-) $0.02 Peter -----Original Message----- From: Corinna Vinschen [mailto:vinschen at redhat.com] Sent: Saturday, December 15, 2001 10:46 AM To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Subject: [Cvsnt] Re: [jakomail at emss.co.za: Re: User context switch in sshd using RSAAuthentication] terris at terris.com wrote: > Hi, > > I just wanted everyone here to know that Corinna and > I discussed this offline. Corinna brings up some > issues that I obviously was not aware of. It seems that > CVSNT is working around a real problem in the NT > kernel in which all attempts to get the effective user > name or SID returns 'SYSTEM', which sucks hard. Yes, definitely. Up to this point, thanks for bring that into public. > I had discussed this before on a previous list > (ssh-d) and this is the first time I've heard the facts > and I appreciate Corinna for taking the time to > educate me. > > At any rate, VanDyke's vshell works, so I wonder > what they do. Unless Tony and Corinna can find They are using a so called `LSA authentication module'. This is what I'd like to do by myself and which I actually tried to get more information about in the past months. Unfortunately the Microsoft documentation on that issue is more or less non-existant and there's no sample code available. Besides that, VShell is >= 249 USD and apparently not open source. > a solution, I don't think cygwin's openssh implementation > is very usable unless you use password > authentication, which I think is fine for the majority > of CVS users. But that's actually not true. The pubkey authentication is very usable. You're just thinking `cvsnt', not a full Cygwin environment. Don't forget that Cygwin has it's own cvs port. This cvs port has obviously no problem with the above NT problems in the GetUserName() and LookupAccountSid() functions since it's using the POSIX functions provided by the Cygwin DLL, not the native WIn32 calls. > Perhaps openssh should not even > claim to support public key authentication? It That's a joke, hopefully. I'm under the impression you still didn't get that the user context switch is not in OpenSSH but in the Cygwin DLL itself. Each process with appropriate user rights can use the Cygwin internal `setuid()' call which in turn uses NtCreateToken(). > just generates email traffic like this. There should > at least be some sort of disclaimer. I > warn the readers of devguy.com at > http://devguy.com/fp/cfgmgmt/cvs/cvs_ssh.htm, > but that page reaches a small minority of the NT > SSH population. What's that crap? The user context switch in Cygwin WORKS! Take a look into the Task Manager. It shows that these switched processes are running under the correct user account. The problem ONLY arises inside the switched processes and it is ONLY the user name which is incorrectly returned by the above mentioned Win32 calls. The SIDs of user and groups inside of the process token are correct! Please, don't discredit another open source project when you didn't actually understand the internals. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs