Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<3E73DEEF.9040605@attglobal.net>
Date:	Sat, 15 Mar 2003 18:18:23 -0800
From:	Doug VanLeuven <roamdad AT attglobal DOT net>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210
X-Accept-Language:	en-us, en
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: [ANNOUNCEMENT] New release of setup.exe (2.249.2.10)
References:	<20030313205847 DOT E1E4B1C221 AT redhat DOT com> <3E710A26 DOT 5050207 AT t-online DOT de> <20030314025249 DOT GB33739617 AT hpn5170x> <3E718AD8 DOT 4010209 AT t-online DOT de> <3E71E49E DOT 3D2F3ABF AT ieee DOT org> <3E720A5A DOT 9060804 AT t-online DOT de> <3E730EBB DOT 9080700 AT attglobal DOT net> <20030315152717 DOT GA930535 AT hpn5170x>
In-Reply-To:	<20030315152717.GA930535@hpn5170x>
X-MailScanner:	Found to be clean

Pierre A. Humblet wrote:
> On Sat, Mar 15, 2003 at 03:30:03AM -0800, Doug VanLeuven wrote:
> 
>>I wish I had just one domain.  To set this up in a mutidomain
>>environment, I'm finding
>>I install as an administrator of one of the domains DOMAIN1
>>create local passwd & group files
>>	passwd.local & group.local
>>create domain passwd & group files:
>>	passwd.DOMAIN1 & group.DOMAIN1
>>Then log in as an admin in domain DOMAIN2
>>create domain passwd & group files:
>>	passwd.DOMAIN2 group.DOMAIN2
>>...
> 
> 
> Why do you need to log in several times instead of using
> repeatedly mkpasswd -d DOMAINX? Is it for access right reasons?
> Also, how do you avoid having duplicated uids? Do you use the
> -o switch ?

Have to log in to establish credentials.  Same name in different
domain is not really same user.
Yeah -o offset.  I use a case table matching against domain name
when the domain name != machine name.  Since the default case
was 10000, I used multiples of 10000.

> If it weren't for the access right problems (can you solve them
> by having one user that has access everywhere), mkpasswd could be 
> extended to take several domains at once. It could also avoid 
> duplicating uids. Would that help you?

That could be done by trust relationships between domains and
adding users outside the current domain to account operators.
But those pre-conditions don't always exist and sometimes by design.

> How large is /etc/passwd in the end? 
> Do you really need to have all the users in the file?

Depends on the number of users.  I have hundreds of accounts,
not thousands, so its not too bad.  call it 120k per domain.

Technically, it wouldn't strictly be necessary, but I roll out
images to a couple hundred machines.  I want proper account
info available in the event the machine boots without network
connectivity.  Notebooks are a good example of this.  The user
can log on for a configurable number of times to the domain
account when detached from the network.  Cygwin should work
under that circumstance too.

Plus it's one of those nitpicky completeness things I do just
because I've been admin on Unix for 20+ years & things
like that have bit me before.

Regards,
-- 
Doug VanLeuven
Programmer/Analyst, SCWA
Chief Engineer, USMM


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -