Simplify AD integration?
Wolf Geldmacher
wolf.geldmacher@abacus.ch
Wed Jul 30 15:29:00 GMT 2014
On 30.07.2014 15:47, Corinna Vinschen wrote:
> Hi folks,
>
>
> here's a set of question to those of you interested in the new
> passwd/group functionality. This already has been discussed partially,
> but there was no conclusion.
>
> Right now, there's a lot of variability in the user names, based on the
> /etc/nsswitch.conf settings db_prefix and db_separator.
>
> The separator char is a '+' by default but can be replaced with other
> ASCII chars. db_prefix allows three styles of user naming conventions:
>
> Default is 'auto':
>
> builtin accounts; "+SYSTEM", "+LOCAL", etc.
> primary domain "corinna", "cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> If set to 'primary':
>
> builtin accounts; "+SYSTEM", "+LOCAL", etc.
> primary domain "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> If set to 'always':
>
> builtin accounts; "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
> primary domain "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> "Primary domain" here is either the primary domain of the machine or the
> local SAM if the machine is no domain member. "Other domain" here is
> either a trusted domain or the local SAM for domain machines.
>
> Together with the variable separator char this is an awful lot of
> variability, which has the potential side effect to complicate the
> code *and* debugging.
>
> Also, the leading '+' for builtin accounts results in some downsides,
> one of them for instance the fact that `chown +x' assumes that x is a
> numerical uid or gid. Thus `chown +SYSTEM ...' fails. On the other
> hand it simplifies the account handling inside of Cygwin.
>
> So I'd like to ask a few questions to which I'd like to have some brief
> answers, kind of like a poll, to get a better idea how we should
> proceed:
>
> 1. Shall we remove the leading '+' from the builtin account names
> or shall we keep it?
>
> 2. Shall we stick to '+' as the separator char or choose another one?
> If so, which one?
>
> 3. Shall we keep the `db_prefix' variability or choose one of
> the prefixing methods and stick to it? If so, which one, auto,
> primary, or always?
>
> Bonus question:
>
> 4. Should Cygwin downcase all usernames when generating the Cygwin
> username, so, if your Windows username is 'Ralph', your Cygwin
> username will be 'ralph'?
>
>
> Thanks,
> Corinna
>
Just a thought:
Is there anything preventing you from using the pathname conventions for
user names?
I seem to remember having seen constructs like "domain/user" (or ./user
for the local domain) e.g. in Samba and found this to be quite
intuitive, up to and including the ability to drop a leading "./" for
local names.
It is also pretty close to how Windows specifies domain users names (but
use the unixy '/' instead of the windozy '\' (or must I write '\\' ;-))
and positively avoids the chown gotcha.
Also some code could be reused for user name handling from path
canonicalization?
Again - I'm not deep into this topic, so please feel free to ignore the
suggestion if it doesn't make sense to you.
Cheers,
Wolf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list