This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [openssh] service with domain user

From: Julio Costa <costaju at gmail dot com>
To: cygwin at cygwin dot com
Date: Tue, 21 Apr 2009 17:43:04 +0100
Subject: Re: [openssh] service with domain user
References: <af075b00904210656p2e8005b6geaad28206f89c121@mail.gmail.com> <20090421153141.GI8722@calimero.vinschen.de>

On Tue, Apr 21, 2009 at 16:31, Corinna Vinschen wrote:
> On Apr 21 14:56, Julio Costa wrote:
>>
>> I thought that the correct permissions/privileges were assigned in the
>> ssh-host-config... isn't that so? How do I find what is missing?
>
> No, ssh-host-config can only set the user rights for the local account,
> and it only does so if it has been asked to create the account. ÂIf you
> pre-create the account (as you have to do if you use a domain account),
> you're responsible to give it the necessary rights yourself.

You mean, like in "shame on you domain user! take this broken wings
and fly way!"?

Now seriously, I understand perfectly why it does not do that right
now, taking the historical absence (as long as I can see) of
domain-user-type users of Cygwin... but what if I asked "Shouldn't
that kind of setup be done in the script?" (PTC is a logical answer,
but still... I like to see it)

Actually I'm a bit surprised with the amount of (small, tiny,
amounting to a huge pile) problems that I've bumped into which are
most of the time related to the fact I'm using a domain user...
I'm working for a big corporation, and like such, every server is in
some domain, and we all use our domain users to work in any server.
As I'm not in THE systems or network admin's team, but in a "server
client" or applicational admin team, I have the typical profile of
"Local Admin, Regular Domain User".
Is that profile so rare out there? Is not something that Cygwin should
support in a more friendly (if not transparent) manner?

>
> I, for one, created a cyg_server account using ssh-host-config on the
> domain controller, then created a domain policy to propagate the
> necessary permissions to other machines in the domain.

That I can't do. But also do not need to, because I've my Cygwin work
focused in one, two server at most, at the moment.

> You can also
> create the important rights(*) for this user on a per-machine base
> using editrights or native Windows tools.
>

Precisely. Although I still thinking "Why do I have to do this by hand?"

Regarding editrights, I think that there is a problem also.
Is the reported output in my previous email as expected?

Do you want me to start another thread on that?

___________
Julio Costa

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: [openssh] service with domain user
  - From: Corinna Vinschen

References:
- [openssh] service with domain user
  - From: Julio Costa
- Re: [openssh] service with domain user
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]