X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-3.4 required=5.0 tests=BAYES_00,KHOP_THREADED,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: David Koppenhofer Subject: Re: Seteuid "operation not permitted" error when using LSA for sshd Date: Thu, 2 Aug 2012 18:39:40 +0000 (UTC) Lines: 25 Message-ID: References: <20120529125057 DOT GD12040 AT calimero DOT vinschen DOT de> <20120802091119 DOT GA12772 AT calimero DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit User-Agent: Loom/3.14 (http://gmane.org/) X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com > Why did you install cyglsa64 from the old snapshot? The changes to > cyglsa are supposed to be in the Cygwin 1.7.16 package anyway. Because I was grasping for straws, and didn't know the fix was in the current package. > > I rebooted the server, made sure the sshd service was running, but I still > > receive the "sshd: PID 3064: fatal: seteuid 1000: Operation not permitted" error. > > Does the service account have TCB privileges? That's a hard requirement > for the user switch. Ah ha! The service account does not have the "Act as part of the operating system" permission. However, I ended up asking the network admin to give "Create a token object" to the service account. Since key authentication started working after that, I'll just leave things as they are. Thanks for your help. David -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple