I've just managed to set up a working sshd on a Cygwin snapshot with LDAP
integration. The setup scripts required quite a few modifications to deal
properly with the way local accounts and groups are now named. I've had to
reinstate files for passwd to record an "sshd" there as otherwise the
service wouldn't start ("Privilege separation user sshd does not exist").
The remaining problem is that all users that will log in have their home
drives mounted from network shares. I was hoping to use /etc/fstab.d/user
files to mount these only when necessary, but apparently they are not yet
available when sshd tries to check the pubkey credentials and thus falls
back to password login (which I'd like to switch off completely). What's
the best option here? Kerberos Authentication looks appealing, but doesn't
seem to work with LDAP. Putting the public keys elsewhere would also work,
but it isn't clear to me how to configure that.
I've currently made a copy of the .ssh directory under /home/user that later
gets shadowed by the mount point. While that works to get pubkey logins
working, it is not very appealing as it requires a delicate dance with the
mounts done by the user at the first login. Any better ideas?
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
