This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Testers needed: New passwd/group handling in Cygwin
- From: Achim Gratz <Stromeko at NexGo dot DE>
- To: cygwin at cygwin dot com
- Date: Wed, 26 Feb 2014 08:09:51 +0000 (UTC)
- Subject: Re: Testers needed: New passwd/group handling in Cygwin
- Authentication-results: sourceware.org; auth=none
- References: <20140213143849 dot GH2246 at calimero dot vinschen dot de> <87fvn7cb68 dot fsf at Rainer dot invalid> <20140225200414 dot GA4238 at calimero dot vinschen dot de> <87y50zaqjb dot fsf at Rainer dot invalid> <20140225215423 dot GA6065 at calimero dot vinschen dot de>
> Sorry, I don't grok this. What has a web application server to do with
> asking a DC for user info?
We have one of these that does a lot of DC lookups because it authenticates
all users. It's also in a much faster network, so I can check there what
the lookup rate could be reasonably expected to be.
> Erm... how often are you calling id, usually?
I'm currently doing this in the login process to figure out whether the
prompt should show "root" powers. I'll have to figure out something else to
do instead.
> Also, we're in the early
> stages of testing this change. The idea is not that you just switch,
> the idea is that we *test* this and I get enough feedback to be able to
> ease the biggest pains.
Understood. Until now I had to generate passwd and group files and I was
hoping that the need for doing that would go away (I'd also need to talk to
our AD folks so they start populating the correct fields).
> Other than that, I just had an in-shower inspiration how to speed up
> `id' specificially. The getgroups(2) call is in the center of this and
> I could probably speed up the stuiff a lot by opening the LDAP
> connection in getgroups only once.
Thursday? :-)
> Also, more radically, if we drop the functionality to define another
> group name for a group, we could drop the requirement to open an LDAP
> connection to fetch group information to the DC entirely(*). This would
> only affect domain groups, local groups could still have different
> names. But I'm already wondering for a couple of days if having a
> Cygwin group name different from the Windows group name is really
> necessary at all. I added this years ago for fun, but there's no
> serious reason I can think of which would require to keep up with this.
>
> (*) Assuming the group info is cached in the local LSA, which is
> pretty likely for the groups of the current user.
That would also work for me (I don't think I've ever used that feature
consciously).
> Sigh. Testing in this tempo will take ages.
Sorry, but that's not my decision to make in this case. I'll see if I can
sneak in something until the end of the week.
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple