On Mar 6 10:09, Maayan Apelboim wrote: > Well, it doesn't work OK unfortunately, but I'm not sure if I missed > something in the process, or is it just not working properly. > I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major > version and will probably have new bugs that I wouldn't want to find in > production. > > Assuming we will eventually upgrade to latest version - > My sshd service is running with domain user cyg_server and we login with > domains users via ssh - is it still OK to switch the sshd service's user to > local system? > Will we still be able to login with domain users via ssh?
Yes, that's the idea. The new method using the official S4U logon technique runs under the SYSTEM account. No need to have a special cyg_server account with potentially dangerous privileges anymore. > Will it help with my network shares problem? No. Just like the old techniques using an LSA authentication module or creating a user token from scratch, S4U login does not create tokens with valid network credentials. For some weird reason only Microsoft knows about, you still need a password login for that. The other method, logging in by stored password, as described in https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still works, though. Corinna -- Corinna Vinschen Cygwin Maintainer
signature.asc
Description: PGP signature
