This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [openssh] unnatended instalation + forcing service account


On Wed, Apr 15, 2009 at 09:31, Corinna Vinschen wrote:
> On Apr 14 18:55, Julio Costa wrote:
>> Now that Chuck has released a new csih, maybe also the possibility to
>> use an alternative account could be added to this patch...
>> Can you look into this, please? This is also important because in
>> domain members server environments I found no way to make sshd work if
>> it is not running under a domain account. It would be really nice to
>> have ssh-host-config do this job (by parameters on command-line)...
>
> But that already worked all the time without having another parameter.
> If an account called cyg_server (cron_server, sshd_server) is already in
> /etc/passwd then it will be used. ÂJust make sure that cyg_server is a
> domain account. ÂI'm using this method locally as well.

Sure, you're right. But this is an 'indirect' method to *make it
work*, just like a workaround.
I thought we could have the 'direct' method of nominate which account
should be used to the service.
But, as long as this behavior by design is documented in the README,
or better yet, in the FAQ... I think that's ok.

> Does the above patch break this behaviour?

No, it just allowed ssh-host-config to blindly accept the account
chosen by the programmed algorithm, avoiding the dreadful question "Do
you want to use another account?". That is needed to allow unattended
installations with ssh-host-config (using --yes).
The core patch was really against csih, where is the account choice
algorithm, but the patch on ssh-host-config is needed to make use of
it.

Came to think of it, there is also another possibility (and a simpler
one), and that is to code the --yes option on the ssh-host-config to
use the (new) -f option to the csih, avoiding coding the extra
parameter (--force) just for this behavior. After all, this behavior
should be required for --yes and possibly is not very useful if
ssh-host-config is not invoked with --yes.
What do you think?

-- 
___________
Julio Costa

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]