Testers needed: New passwd/group handling in Cygwin
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Feb 26 10:07:00 GMT 2014
On Feb 26 08:09, Achim Gratz wrote:
> > Sorry, I don't grok this. What has a web application server to do with
> > asking a DC for user info?
>
> We have one of these that does a lot of DC lookups because it authenticates
> all users. It's also in a much faster network, so I can check there what
> the lookup rate could be reasonably expected to be.
>
> > Erm... how often are you calling id, usually?
>
> I'm currently doing this in the login process to figure out whether the
> prompt should show "root" powers. I'll have to figure out something else to
> do instead.
No, you don't. I'm actually doing the same. Let's keep up with this
and try to make Cygwin faster in the first place.
> > Also, we're in the early
> > stages of testing this change. The idea is not that you just switch,
> > the idea is that we *test* this and I get enough feedback to be able to
> > ease the biggest pains.
>
> Understood. Until now I had to generate passwd and group files and I was
> hoping that the need for doing that would go away (I'd also need to talk to
> our AD folks so they start populating the correct fields).
Yup. Feedback from AD admins is greatly appreciated.
> > Other than that, I just had an in-shower inspiration how to speed up
> > `id' specificially. The getgroups(2) call is in the center of this and
> > I could probably speed up the stuiff a lot by opening the LDAP
> > connection in getgroups only once.
>
> Thursday? :-)
Hmm, probably.
> > Also, more radically, if we drop the functionality to define another
> > group name for a group, we could drop the requirement to open an LDAP
> > connection to fetch group information to the DC entirely(*). This would
> > only affect domain groups, local groups could still have different
> > names. But I'm already wondering for a couple of days if having a
> > Cygwin group name different from the Windows group name is really
> > necessary at all. I added this years ago for fun, but there's no
> > serious reason I can think of which would require to keep up with this.
> >
> > (*) Assuming the group info is cached in the local LSA, which is
> > pretty likely for the groups of the current user.
>
> That would also work for me (I don't think I've ever used that feature
> consciously).
>
> > Sigh. Testing in this tempo will take ages.
>
> Sorry, but that's not my decision to make in this case. I'll see if I can
> sneak in something until the end of the week.
That would be nice. Especially since your mail was the last straw
which keeps me from having to do *shudder* more documentation.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140226/2d25a9a2/attachment.sig>
More information about the Cygwin
mailing list