get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?)

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Feb 7 21:30:00 GMT 2014 

On Feb  7 13:09, Warren Young wrote:
> On 2/7/2014 02:49, Corinna Vinschen wrote:
> >On Feb  6 14:43, Warren Young wrote:
> >>On 2/6/2014 07:13, Corinna Vinschen wrote:
> >
> >it would, of course, be possible to implement Cygwin
> >command line tools along the lines of useradd/usermod/groupdel.  For AD,
> >they would just have to use LDAP,
> 
> If by "use LDAP" you mean the ldap_* functions in the OpenLDAP
> library, I can't recommend it.  (See my other post on LDAP books.)

You can also use the calls from wldap32.dll which is available anyway.

> Such programs need not be portable.

Never said so.

> I don't see why such programs shouldn't be written straight to the
> Windows API, even though this is naughty on Cygwin.  The Win32
> security API fills the same role as libldap does on a Linux box
> configured for LDAP.

The underlying protocol is LDAP, so why not use it, given that lots of
changes to AD cannot be done using the "High Level" Net API anyway.

> You're right that such programs are probably going to be necessary,
> if Cygwin moves to SAM/AD as primary.  Windows Home edition user
> management probably won't be powerful enough to do what Cygwin
> needs, if SAM is Cygwin's Single Point of Truth on such systems.

Again, it isn't.  We will keep the passwd and group files for users
who are more comfortable with them.

We will also have an nsswitch.conf file for configuration.  I attached
my local sandbox version below.

> I want the mkpasswd and mkgroup utilities to remain available

They will, with slight changes.  The default values generated for
uid/gid numbers should preferredly reflect the automatism when reading
from SAM/AD.

> Corinna, an earlier post of yours suggested that /etc/foo was being
> kept as primary for speed reasons, but are you comparing to SAM or
> to AD? And have you tested it lately?

Did I really write something about speed?  I think SAM/AD will be mostly
quicker but they will be especially less hassle and allow centralized
maintainance, which is a real boon for admins.

Also, the new Cygwin will only read and cache the requested entries
from the passwd/group files, not the entire file.

Also, if it turns out that AD is too slow for some reason or in some
environment, we should consider to use cygserver as a centralized local
cache.  But this is something for later.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
# /etc/nsswitch.conf
#
#    This file is read once by the first process in a Cygwin process tree.
#    To pick up changes, restart all Cygwin processes.
#
# passwd:
# group:
#
#    "files"	only use /etc/passwd or /etc/group file.
#    "db"	only use SAM/AD retrieval.
#    "files db"	both, files preferred.  This is the default.
#
#    "db files"	does not make any sense
#
passwd: files db
group:  files db
#
# Configuration of "db" style passwd/group handling:
#
# db_prefix:
#
#    "auto" 	If "auto", prepend domain to account name if the account
#		is not a member of the machine's primary domain.  Prepend
#		just the separator char if the account is a well-known
#		or builtin group.
#
#    "primary" 	"primary" is like "auto", but prepend domain to account name
#		as well, if the account is a member of the machine's primary
#		domain.
#
#    "always" 	If set to "always", always prepend domain, even for
#		well-known and builtin accounts.
#
db_prefix: auto
#
# db_cache:
#
#    "yes" 	If yes, cache once retrieved DB values in local process,
#		hand cache down to child processes.
#
#    "no"	If no, fetch passwd or group entries anew, every time an
#		entry is requested.  Default is "no".
#
db_cache: no
#
#  db_separator:
#
#		Set separator character between domain and account name to
#		the ASCII char X.  Default is '+'.
#
db_separator: +
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140207/225b2272/attachment.sig>

More information about the Cygwin mailing list