Initial patch to implement partial auth with SSH2

Corinna Vinschen vinschen@redhat.com
Fri Apr 20 04:14:00 GMT 2001

• Previous message (by thread): Initial patch to implement partial auth with SSH2
• Next message (by thread): Initial patch to implement partial auth with SSH2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On Fri, Apr 20, 2001 at 01:29:42AM -0700, Karl M wrote:
> Hi All...
>> I've been experimenting with the partial authorization patch for 
> OpenSSH-2.5.2. I'm using CygWin on a Windows 2000 (SP1) box.
>> I noticed a bug in the patch that shows up for CygWin users. The problem is 
> that publickey authentication only works if sshd is running with the same 
> user-id as the ssh client. When I run sshd as a service with a user-id of 
> LocalSystem publickey authentication fails.
>> This is because the check_nt_auth call in userauth-pubkey fails if the ssh 
> user-id is different from the sshd user-id.
>> It looks to me like userauth_pubkey needs to "suspend disbelief" (and not 
> call check_nt_auth and auth_password) for partial authentication, in the 
> hope that a password may come later. Then somewhere check_nt_auth 
> auth_password need to be called to make sure that we don't forget to set the 
> sshd user-id to the ssh user-id.

Since the original partial authorization patch isn't applied yet,
you're somwhat on your own. Why don't you simply override the
check in `check_ntsec' for now?
Corinna
-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen@redhat.com
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

---

• Previous message (by thread): Initial patch to implement partial auth with SSH2
• Next message (by thread): Initial patch to implement partial auth with SSH2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Cygwin mailing list