This is the mail archive of the
cygwin
mailing list for the Cygwin project.
SSH and COM
- From: Miles Sabin <miles at milessabin dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 1 Feb 2005 02:12:46 +0000
- Subject: SSH and COM
Hi folks,
My apologies if this question turns out to be more a general Windows
security issue than something cygwin and ssh specific, but cygwin/ssh
is the context I'm seeing my problem in and I'm utterly baffled ... any
insight would be most welcome.
I'm attempting to launch a parallel application on a Win2k cluster using
cygwin's ssh(d) in conjunction with a simple distributed shell. This
application uses COM automation to create and manipulate Excel
instances.
The user domain account on the cluster machines has the appropriate
privileges to be able to do this (verified by logging into the machines
as that user via terminal services and launching the application
manually). However, when logged in via ssh, the privileges appear to be
sensitive to the user account that the login was _from_.
Specifically,
* With an ssh login from user1@workstation to foo@cluster the launched
application can successfully create and manipulate Excel instances.
* With an ssh login from user2@workstation to foo@cluster the launched
application manages to create Excel instances, but fails when
attempting to manipulate them with a generic 80070005 Access is denied
error.
The solution is obvious: find out the differences between user1 and
user2 and bring them into line. Unfortunately (or maybe fortunately ;-)
that's out of my hands: I'm not an admin at this site and I just have
to hope that the people who are will be able to deal with it.
What I'd really like to understand, tho', is how this can possibly
happen. I wasn't aware that the SSH protocol had any mechanism for
communicating the identity (especially a Windows domain identity) of
the _originator_ of an ssh connection. Surely the only identity and
credentials which should be relevant are those of the target account?
What's going on here? Something like the ident protocol?
Any pointers you can give me which I can pass on to the people who are
in a position to fix the problem would be very much appreciated.
Cheers,
Miles
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/