On Jun 21 08:29, Andrew DeFaria wrote: > The change is necessary since W2K3 tightened up security and permissions > on the Local System Account such that sshd would not be able to switch > user if it used that account. Instead it offers to create a new account > called sshd_server and bestow on it the required rights to switch user. > (I've been wondering why not bestow those rights directly to the Local > System Account? I mean it had them before... Obviously a security > decision, probably a wise one).
You'll be surprised, but on 2K3 the SYSTEM account still has all the rights it has on previous systems. The sad fact on 2K3 is that the SYSTEM account gets revoked the SeCreateTokenName privilege *unconditionally* as soon as a service is running under that account. Unfortunately this is the privilege necessary to allow password-less logins. Whatever you do to the SYSTEM account, you'll not have the SeCreateTokenName privilege in any service started under this account. This is a Microsoft design decision to raise security. Alas, the cygwin mailing list is not the right place to discuss sense or nonsense of this decision... Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/