This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Subauthentication


Corinna Vinschen wrote:
> 
> 
> ...that sounds like the best approach to begin with.  For gods sake
> we have create_token which works on NT4.  The additional advantage
> of getting a fine logon session id would then require 2K or XP...
> which isn't too bad.
> 
> If we require that stuff to work on NT4 from the beginning I fear we
> will get stuck in all the workaround and licensing hogwash.
> 
> Other opinion anyone?
> 
Nice work, Hartmut.
I fully agree with Corinna's approach. Let's keep it simple.

I have one concern: does subauthentication require access
to the PDC for domain users?
Using NtCreateToken doesn't *when* setgroups has been called.

I would prefer keeping it that way, thus possibly skipping the
call to subauth when setgroups has been called (ftpd, telnetd, 
sshd do not call setgroups, AFAIK). It is also unlikely that
the token created by subauth would match the groups specified
by setgroups.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]