Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Date: Fri, 13 Dec 2002 13:59:06 +0100 From: Corinna Vinschen To: cygwin-developers AT cygwin DOT com Subject: Re: Subauthentication Message-ID: <20021213135906.R7796@cygbert.vinschen.de> Reply-To: cygwin-developers AT cygwin DOT com Mail-Followup-To: cygwin-developers AT cygwin DOT com References: <20021213125004 DOT O7796 AT cygbert DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.22.1i On Fri, Dec 13, 2002 at 01:22:38PM +0100, Hartmut Honisch wrote: > > That sounds really interesting. If we turn around the order in > > seteuid again (first call subauth, if that fails create_token) we > > could use that extra step as explained above to create a correct > > logon token. It's just important, that the current NTCreateToken > > stuff still works as today if subauth is not installed. > > There are scenarios where we would have to call both subauth and > create_token. Pierre pointed out some problems with setgid / setgroups and > subauthentication: Sure. I was just saying that the create_token magic should still work as today if subauth fails. Otherwise I see the advantage of having a logon session. It's ok, somebody just has to implement it ;-) Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc.