On 24.09.2004 at 09:39 Gabe Rosenhouse wrote: >Thanks. >Is there something I can read that contrasts the functionality >implications of ntsec vs nontsec? >http://cygwin.com/cygwin-ug-net/ntsec.html doesn't go into details on >the differences between the two settings. >One question specifically is, under nontsec, will domain users will >still be able to login via SSH and be recognized as members of their >domain groups? >
I am no expert on cygwin internal details so I won't guess on the functionality implications. But I have a system with NT4Server, the sshd daemon running with the environment variable set to CYGWIN=nontsec binmode tty, and it works. Clients can log in via ssh and are correctly recognized in the domain. and because the sshd daemon has CYGWIN=nontsec, all bash logon shells started via ssh also inherit the environment setting 'nontsec' and everything works fine. (mind, I just see that it works, I cannot give the exact reasons, it just works) If you do not want your sshd daemon running with 'nontsec', but with 'ntsec' but still require all login shells to have the environment variable set to 'nontsec' it gets a bit tricky. I experimented a bit, but take everything with the usual grain of salt. There is a setting in sshd_daemon called 'PermitUserEnvironment' which is set to 'no' per default. check out the man pages on this. You can also edit one of the startup scripts which are read by bash at program start (I suppose other shells have something equivalent). see man bash for a list of those files. one of them is /etc/profile IIRC. HTH benjamin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
