diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2010-01-25 20:04:29 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2010-01-25 20:04:29 +0300 |
commit | 9a3628f50ca108fd95aae1f081a85ccf505a6e85 (patch) | |
tree | 44f3bd73a8b01c02ddfc573b6c54824e3db225fc /winsup | |
parent | 0f8df291acf893e30674c83ff4c359ea117ae163 (diff) |
* faq-setup.xml: Drop references to non-NT systems.
* faq-using.xml: Ditto.
(faq.using.sshd-in-domain): New FAQ entry.
Diffstat (limited to 'winsup')
-rw-r--r-- | winsup/doc/ChangeLog | 6 | ||||
-rw-r--r-- | winsup/doc/faq-setup.xml | 6 | ||||
-rw-r--r-- | winsup/doc/faq-using.xml | 72 |
3 files changed, 78 insertions, 6 deletions
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog index 61425a128..f6508248f 100644 --- a/winsup/doc/ChangeLog +++ b/winsup/doc/ChangeLog @@ -1,3 +1,9 @@ +2010-01-25 Corinna Vinschen <corinna@vinschen.de> + + * faq-setup.xml: Drop references to non-NT systems. + * faq-using.xml: Ditto. + (faq.using.sshd-in-domain): New FAQ entry. + 2010-01-25 Andy Koppe <andy.koppe@gmail.com> * faq-using.xml: Fix typos and remove incorrect locale-specific diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml index 8de529e32..38f78ce87 100644 --- a/winsup/doc/faq-setup.xml +++ b/winsup/doc/faq-setup.xml @@ -364,7 +364,7 @@ character as a word delimiter. Under certain circumstances, it is possible to get around this with various shell quoting mechanisms, but you are much better off if you can avoid the problem entirely. </para> -<para>On Windows NT/2000/XP you have two choices: +<para>You have two choices: </para><orderedlist> <listitem><para>You can rename the user in the Windows User Manager GUI and then run mkpasswd. @@ -376,10 +376,6 @@ run mkpasswd. </listitem> </orderedlist> -<para>On Windows 95/98/ME you can create a new user and run mkpasswd, -or you can delete the offending entry from /etc/passwd. -Cygwin will then use the name in the default entry with uid 500. -</para> </answer></qandaentry> <qandaentry id="faq.setup.home"> diff --git a/winsup/doc/faq-using.xml b/winsup/doc/faq-using.xml index ad8a9284c..dcbc8e4d7 100644 --- a/winsup/doc/faq-using.xml +++ b/winsup/doc/faq-using.xml @@ -331,7 +331,7 @@ PostScript files on non-PostScript Windows printers). Start at <ulink url="http://cygwin.com/ml/cygwin/2001-04/msg00657.html">http://cygwin.com/ml/cygwin/2001-04/msg00657.html</ulink>. Note that the <literal>file</literal> command is now available as part of Cygwin setup. </para> -<para>Alternatively, on NT, you can use the Windows <literal>print</literal> +<para>Alternatively, you can use the Windows <literal>print</literal> command. (It does not seem to be available on Win9x.) Type </para> <screen> @@ -1017,6 +1017,76 @@ environment variable option "winsymlinks" </para> </answer></qandaentry> +<qandaentry id="faq.using.sshd-in-domain"> +<question><para>How do I setup sshd in a domain?</para></question> +<answer> + +<para> +If you want to be able to logon with domain accounts to a domain member +machine, you should make sure that the "cyg_server" account under which +the sshd service is usually running, is a domain account as well. Here's +how you set this up. +</para> + +<para> +First of all, create a new domain account called "cyg_server". This +account must be an administrative account, so make sure it's in the +"Administrators" group. Now create a domain policy which is propagated +to all machines which are supposed to run an sshd service. This domain +policy should give the following user rights to the "cyg_server" account: +</para> + +<screen> + Act as part of the operating system (SeTcbPrivilege) + Create a token object (SeCreateTokenPrivilege) + Replace a process level token (SeAssignPrimaryTokenPrivilege) +</screen> + +<para> +Now to install sshd on the member machine, logon to that machine as +an admin. Make sure the aforementioend global policy has been propagated +to this machine. Examine the Local Security Policy settings and, if +necessary, call gpupdate. +</para> + +<para> +If everything looks ok, run bash. Starting with Windows Vista, make +sure you're running bash elevated. +</para> + +<para> +If "cyg_server" is not already in <literal>/etc/passwd</literal>, add it +using <literal>mkpasswd</literal>. Make sure all domain accounts which are +supposed to be able to logon via ssh are in <literal>/etc/passwd</literal>. +Also make sure that all important domain groups are in +<literal>/etc/group</literal>. If in doubt, call +</para> + +<screen> + $ mkpasswd -l -d your_domain > /etc/passwd + $ mkgroup -l -d your_domain > /etc/group +</screen> + +<para> +Then run ssh-host-config. Answer all questions so that "cyg_server" is +used to run the service. When done, check ownership of +<literal>/var/empty</literal> and all <literal>/etc/ssh*</literal> +files. All of them must be owned by "cyg_server". If that's ok, you're +usually all set and you can start the sshd service via +</para> + +<screen> + $ cygrunsrv -S sshd +</screen> + +<para>or</para> + +<screen> + $ net start sshd +</screen> + +</answer></qandaentry> + <qandaentry id="faq.using.tcl-tk"> <question><para>Why doesn't Cygwin tcl/tk understand Cygwin paths?</para></question> <answer> |