This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...



Hello?  Did you read all of my previous mail?


Please, don't http://cygwin.com/acronyms/#TOFU
==============================================


On Dec 16 09:39, Carsten.Porzler wrote:
> Hello, Corinna,
> 
> 1. It only takes 3 secs on your machine, but do you logon with an Active 
> Directory user?

Yes, against a 2K8 domain server.  Additionally, it doesn't make any
difference whether the user is logged on locally or not.

> 2. The problem occours on cygwin environments after the 2008-06-18 
> version! I recognized the behaviour on all of our machines I tested on. 
> Until cygwin 2008-06-18 it works fine, on versions after it, the problem 
> occurs.

After 2008-06-18 (mainly on 2008-07-09) I changed the code which
verifies user tokens and the code which creates the user token
information (groups and privileges) when using NtCreateToken or
cyglsa.dll.  This code changes were a result of testing password and
public key authentication against the 2K8 AD controller extensively.
The old code was wrong in a way which could screw up password
authentication entirely and could result in crippled group and
privilege lists when using public key auth.

I'm quite confident that the new code is much more correct than the
old code.

> 3. Unfortunately I can't debug the problem, because I am not a software 
> developer. I can analyze the behaviour of software very exactly, but 
> debugging is not my area. I am not experienced enought and it is too time 
> consuming. I am a system administrator.

And you don't have a developer in-house who could help?

I can't reproduce the problem, neither logging in on a domain member
machine, nor on the domain controller.  If you want to find out where
the time is wasted, we would need some figures.  If you can set yourself
up to build the Cygwin DLL and then add some debugging statements at
some places I tell you, we could probably figure out what takes so long
in your environment.

> 4. Actually I have watched the pipe access on a system running cygwin of 
> 2008-09-12. There are exact the pipe accesses I reported before 
> (\\<domaincontroller>\PIPE\samr, \\<domaincontroller>\PIPE\lsarpc). Many 
> of the accesses has done until the logon process finished.

So it's probably related to the sec_auth.cc changes I explaind above.

> If I see all the reported effects, I have to conclude that something basic 
> change after the cygwin version of 2008-06-18!
> 
> I do not believe that the reason for the problems are based on our Windows 
> enviroment, because all regular Windows logons and the cygwin logons 
> recent to version of 2008-06-18 (inclusive) work fine!

What a surprise.  It only occurs in your environment right now, though.

Again, Please don't http://cygwin.com/acronyms/#TOFU


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]