the below patch adds a Windows NT user right to the sshd_server user
which will be important in an upcoming version of Cygwin. I have a
preliminary implementation which solves the problem that native Windows
processes don't recognize the user name correctly, if the user has
logged in using public key authentication. The new mechanism requires
the SeTcbPrivilege for the user which changes the user context using
setuid. To keep the transition as smooth as possible, I'd like to give
the user this specific right rather early.

Could this be applied to config/cygwin/ssh-host-config before 4.4p1 is


Index: contrib/cygwin/ssh-host-config
================================================== =================
RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
retrieving revision 1.19
diff -p -u -r1.19 ssh-host-config
--- contrib/cygwin/ssh-host-config 3 Mar 2006 21:50:32 -0000 1.19
+++ contrib/cygwin/ssh-host-config 30 Aug 2006 16:45:57 -0000
@@ -516,6 +516,7 @@ then
editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
editrights -a SeCreateTokenPrivilege -u sshd_server &&
+ editrights -a SeTcbPrivilege -u sshd_server &&
editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
editrights -a SeDenyNetworkLogonRight -u sshd_server &&
editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&

Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
openssh-unix-dev mailing list