Simplify AD integration?

Wolf Geldmacher wolf.geldmacher@abacus.ch
Wed Jul 30 15:29:00 GMT 2014 

On 30.07.2014 15:47, Corinna Vinschen wrote:
> Hi folks,
>
>
> here's a set of question to those of you interested in the new
> passwd/group functionality.  This already has been discussed partially,
> but there was no conclusion.
>
> Right now, there's a lot of variability in the user names, based on the
> /etc/nsswitch.conf settings db_prefix and db_separator.
>
> The separator char is a '+' by default but can be replaced with other
> ASCII chars.  db_prefix allows three styles of user naming conventions:
>
>    Default is 'auto':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "corinna", "cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'primary':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'always':
>
>      builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> "Primary domain" here is either the primary domain of the machine or the
> local SAM if the machine is no domain member.  "Other domain" here is
> either a trusted domain or the local SAM for domain machines.
>
> Together with the variable separator char this is an awful lot of
> variability, which has the potential side effect to complicate the
> code *and* debugging.
>
> Also, the leading '+' for builtin accounts results in some downsides,
> one of them for instance the fact that `chown +x' assumes that x is a
> numerical uid or gid.  Thus `chown +SYSTEM ...' fails.  On the other
> hand it simplifies the account handling inside of Cygwin.
>
> So I'd like to ask a few questions to which I'd like to have some brief
> answers, kind of like a poll, to get a better idea how we should
> proceed:
>
> 1. Shall we remove the leading '+' from the builtin account names
>     or shall we keep it?
>
> 2. Shall we stick to '+' as the separator char or choose another one?
>     If so, which one?
>
> 3. Shall we keep the `db_prefix' variability or choose one of
>     the prefixing methods and stick to it?  If so, which one, auto,
>     primary, or always?
>
> Bonus question:
>
> 4. Should Cygwin downcase all usernames when generating the Cygwin
>     username, so, if your Windows username is 'Ralph', your Cygwin
>     username will be 'ralph'?
>
>
> Thanks,
> Corinna
>
Just a thought:

Is there anything preventing you from using the pathname conventions for 
user names?

I seem to remember having seen constructs like "domain/user" (or ./user 
for the local domain) e.g. in Samba and found this to be quite 
intuitive, up to and including the ability to drop a leading "./" for 
local names.

It is also pretty close to how Windows specifies domain users names (but 
use the unixy '/' instead of the windozy '\' (or must I write '\\' ;-)) 
and positively avoids the chown gotcha.

Also some code could be reused for user name handling from path 
canonicalization?

Again - I'm not deep into this topic, so please feel free to ignore the 
suggestion if it doesn't make sense to you.

Cheers,
Wolf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list