This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

More testing needed: New passwd/group AD/SAM integration

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Tue, 13 May 2014 12:58:32 +0200
Subject: More testing needed: New passwd/group AD/SAM integration
Authentication-results: sourceware.org; auth=none
Reply-to: cygwin at cygwin dot com

Hi list,


I'm still interested in testing of the new Cygwin code to have
user/group identification without requiring /etc/passwd and /etc/group
files.

This is a pretty big change, and it would be very helpful if as many
users as possible would be willing to give this a test.

Think about it:  You'll never have to care for /etc/passwd and
/etc/group files again!

The latest preliminary documentation is attached to this mail again.

As usual the changes are present in the latest snapshots:

  http://cygwin.com/snapshots/

The latest snapshots now handle "Microsoft Accounts", a marketing name
for a way to login with your email address(1).  These accounts, if
local (non-domain) accounts, will have the "Users" group as their
primary group in Cygwin by default.  The problems are outlined in
the thread "Problem with "None" Group on Non-Domain Members"(2).

==========
IMPORTANT:
==========

I'm still a bit unhappy with the account naming strategy and especially
the nsswitch.conf configuration.  It would be more reliable if the user
names would be constructed in always the same way.  So, here are the
things I'm still unsure about:

* db_separator in /etc/nsswitch.conf

  Is it really such a good idea to have a configurable separator
  char in user and group names?  Is it important that it is
  configurable?  Isn't '+' a good choice for the separator and be
  done with it?

* Right now the builtin accounts are prepended by the separator char:

    +SYSTEM
    +Users
    ...

  This is how it's done in SFU, but... do we need that?  The builtin
  accounts are unambiguous.  There's no way to create a user or group
  with the same name asd a builtin account.  And while compatibility
  with SFU looks funny, it's not necessary.

  So, shall we drop this prepending of the separator char and make
  the builtin accounts "normal" accounts again, just like before?

    SYSTEM
    Users
    ...

* Right now there are three configurable strategies for the account
  naming in /etc/nsswitch.conf:

  db_prefix: auto

    This is the default.  If your account is from the primary domain of
    your machine, or if your machine is a standalone machine (not a domain
    member), your Cygwin account name is just the Windows account
    name.
    If your account is from another domain, or if you're logged in as
    local user on a domain machine, the Cygwin username will be the
    combination of Windows domainname and username, with the separator
    char in between:

      MY_DOM+username      (foreign domain)
      MACHINE+username     (local account)

  db_prefx: primary

    Like "auto", but primary domain accounts will be prepended by
    the domainname as well.

  db_prefix: always

    All accounts, even the builtin accounts, will have the domain
    name prepended:

      BUILTIN+Users

  Do we really need this flexibility?


Thanks,
Corinna


(1) ...and a nice way for MSFT to collect your personal information...
(2) http://cygwin.com/ml/cygwin/2014-05/threads.html#00059


-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pwdgrp-doc
Description: Text document

Attachment: pgpmaNNkNgU6Z.pgp
Description: PGP signature

Follow-Ups:
- Re: More testing needed: New passwd/group AD/SAM integration
  - From: Henry S. Thompson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]