I'm using WSL in an exclusively windows environment because of a number of tools that are only really available for Linux. I often connect to DBs programmatically and would like to be able to do that without specifying my login information. For example in Python through Windows I could do this:
import pymssql
con = pymssql.connect(server, port)
And that connection would go through without my having to specify any credentials because my AD account has access to the server, and pymssql will use windows auth when no credentials are specified.
In python running on WSL however that doesn't work, and so to make the same connection I would have to additionally pass the user and password parameters.
Is there any way to make WSL inherit windows authentication when running Linux processes?
I got you Fam!
Here is the solution : http://michaeljw.com/blog/post/keyring-r-python-windows/
Here is the Sauce:
Use the Windows Credential Manager to store the creds you want to use
https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0
Here is the command for accessing the credential manager in Python:
keyring.get_password(u"[Domain or URI]", u"[username]")
As long as the user is in the cred manager, you should be able to use that command to variablize creds. You will probably have to play with it a bit to get it right, but it will work. Be sure to read the linked articles.
Enjoy
Related
I'm using git over ssh on a remote machine that is running Windows 10. When I try to do a git pull, I get the error message in the title after entering my credentials.
Fixed by installing the latest version of git credential manager on chocolatey (not sure if this is necessary) and switching my git credential store to dpapi.
See https://github.com/GitCredentialManager/git-credential-manager/blob/main/docs/credstores.md#dpapi-protected-files for instructions on how to do so.
This could be illustrated by GitCredentialManager/git-credential-manager issue 325
The error you're seeing is related to the way that Windows handles "logon sessions" and "credential sets".
GCM Core uses the Windows Credential Manager (wincred.h) to store credentials safely on Windows.
We interact with wincred via the Windows APIs: CredRead, CredWrite, CredDelete, and CredEnumerate.
The error being returned in your case here is ERROR_NO_SUCH_LOGON_SESSION (0x520) which means:
The logon session does not exist or there is no credential set associated with this logon session.
Network logon sessions do not have an associated credential set.
The key part here is in bold.
When you connect via SSH, the sshd daemon/Windows service is running as the NT AUTHORITY\NETWORK SERVICE account (most likely/by default), which creates network logon sessions when an SSH client connects.
From some searching online, one workaround posted is to change the account that sshd runs as to be your real user, which would then have an associated credential set. Your milage may vary here depending on setup.
If you try to use the built-in cmdkey command for interacting credentials stores in the Windows Credential Manager, you'll see similar errors or messages like "saved for this login only".
Upgrading to the latest version of GCM comes with:
With the latest GCM Core release (v2.0.567) there is support on Windows to use a different credential store other than the Windows Credential Manager that shouldn't have the same remote-session limitations.
You can read more about the different options here: https://aka.ms/gcmcore-credstores
The specific store that may help this SSH scenario is the DPAPI-protected file store.
Credentials are protected using Windows DPAPI encryption (based on your current user account) and are written to files on disk (configurable; defaults to %USERPROFILE%\.gcm\dpapi_store).
I am running an EC2 instance on AWS running RockyOS. The system boots with gnome running, but I can not access the gnome session, so I can not run the settings apps to enable the remote desktop sharing.
Is there anyway to configure the remote screen sharing password and enable the remote desktop sharing service via the command line?
I know I can install xvnc, but I would rather just be able to access the main gnome session.
I found this gist that enables VNC + RDP. I personally had trouble with writing password in secret-tool due locked gnome-keyring but it's still good inspiration:
https://gist.github.com/greyltc/7085bff8f2e728b60077b81329019828
On my new Windows 10, as I am trying to install Jenkins, I encountered following prompt:
Since I don't know what local or domain user creds to enter, I keep on getting following error:
Error logging on DESKTOP-xxxx\user: The user name or password is incorrect
From reading the official doc, I am understanding that this is something new that Jenkins installer is doing for running as a Windows service, but where do I find these credentials on Windows?
Most of the applications when installed on Windows OS may want to run as a service using either the local system account or a specific account which needs specific permissions on the OS. Please use any local admin account which already there on the system where you are trying to install Jenkins. If the system is joined to a domain, prefer to use an domain account which has admin privileges on the system.
The worst advice to grand admin permissions for a single service.
You need to use local existing credentials from your windows system (if it's not connected to a domain) or a domain creds. Don't use admin creds for the installation.
I was disappointed to know that my colleague said there is no ruby library which will help us to access windows credentials and store it somewhere (but python does) so that my ruby script can use it to authenticate. I looked around a little bit and found nothing, so is this true or do we have some way to do it.
My information was python can achieve this using win32cred.
[EDIT]: Would like to retrieve credentials from the Windows Credential manager
and if it cannot find them then I would want to launch the Credential Password dialog
which is the built in credential manager dialog and captures the username
and password and saves it to the credential manager.
use FFI to call the CryptProtectData/CryptUnProtectData methods https://github.com/ffi/ffi/wiki/Windows-Examples
Since version 5.50 the Bitvise SSH Server allows connected client to authenticate to Windows user account without providing this user's Windows password. See here: https://www.bitvise.com/ssh-server-version-history
I've checked it myself - it does indeed.
My question is of pure curiosity: what kind of sorcery is this? Is there any WinAPI that allows such thing or is this some kind of clever hack? I always thought it is impossible to impersonate as other user without a password (as even when configuring Windows service or scheduled task to "run as user" it is neccessary to provide one).
IIRC, the SSH server in Cygwin does the same thing.
If you have the appropriate privileges you can create an access token with ZwCreateToken, no password required. Such a token has some limitations. For example, you can't access network resources without a password and some encrypted material isn't accessible.
There's an explanation and some sample code here.
Since version 5.50, Bitvise SSH Server comes with a Windows authentication package. An authentication package can enhance the Windows logon process in custom ways. When the SSH server needs to log you in, but does not have a password (e.g. because you logged in with a public key), it calls the authentication package to construct a logon token which closely resembles the logon token that would have been created by Windows. As arx has noted, a session created this way does not contain your authentication credentials, so side effects are that you can't access things like network resources and EFS.