Mail Archives: cygwin/2014/02/07/16:30:34
--hI0HXimLkvfVxAyB
Content-Type: multipart/mixed; boundary="15+E349fsei051WC"
Content-Disposition: inline
--15+E349fsei051WC
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Feb 7 13:09, Warren Young wrote:
> On 2/7/2014 02:49, Corinna Vinschen wrote:
> >On Feb 6 14:43, Warren Young wrote:
> >>On 2/6/2014 07:13, Corinna Vinschen wrote:
> >
> >it would, of course, be possible to implement Cygwin
> >command line tools along the lines of useradd/usermod/groupdel. For AD,
> >they would just have to use LDAP,
>=20
> If by "use LDAP" you mean the ldap_* functions in the OpenLDAP
> library, I can't recommend it. (See my other post on LDAP books.)
You can also use the calls from wldap32.dll which is available anyway.
> Such programs need not be portable.
Never said so.
> I don't see why such programs shouldn't be written straight to the
> Windows API, even though this is naughty on Cygwin. The Win32
> security API fills the same role as libldap does on a Linux box
> configured for LDAP.
The underlying protocol is LDAP, so why not use it, given that lots of
changes to AD cannot be done using the "High Level" Net API anyway.
> You're right that such programs are probably going to be necessary,
> if Cygwin moves to SAM/AD as primary. Windows Home edition user
> management probably won't be powerful enough to do what Cygwin
> needs, if SAM is Cygwin's Single Point of Truth on such systems.
Again, it isn't. We will keep the passwd and group files for users
who are more comfortable with them.
We will also have an nsswitch.conf file for configuration. I attached
my local sandbox version below.
> I want the mkpasswd and mkgroup utilities to remain available
They will, with slight changes. The default values generated for
uid/gid numbers should preferredly reflect the automatism when reading
from SAM/AD.
> Corinna, an earlier post of yours suggested that /etc/foo was being
> kept as primary for speed reasons, but are you comparing to SAM or
> to AD? And have you tested it lately?
Did I really write something about speed? I think SAM/AD will be mostly
quicker but they will be especially less hassle and allow centralized
maintainance, which is a real boon for admins.
Also, the new Cygwin will only read and cache the requested entries
from the passwd/group files, not the entire file.
Also, if it turns out that AD is too slow for some reason or in some
environment, we should consider to use cygserver as a centralized local
cache. But this is something for later.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--15+E349fsei051WC
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="nsswitch.conf"
# /etc/nsswitch.conf
#
# This file is read once by the first process in a Cygwin process tree.
# To pick up changes, restart all Cygwin processes.
#
# passwd:
# group:
#
# "files" only use /etc/passwd or /etc/group file.
# "db" only use SAM/AD retrieval.
# "files db" both, files preferred. This is the default.
#
# "db files" does not make any sense
#
passwd: files db
group: files db
#
# Configuration of "db" style passwd/group handling:
#
# db_prefix:
#
# "auto" If "auto", prepend domain to account name if the account
# is not a member of the machine's primary domain. Prepend
# just the separator char if the account is a well-known
# or builtin group.
#
# "primary" "primary" is like "auto", but prepend domain to account name
# as well, if the account is a member of the machine's primary
# domain.
#
# "always" If set to "always", always prepend domain, even for
# well-known and builtin accounts.
#
db_prefix: auto
#
# db_cache:
#
# "yes" If yes, cache once retrieved DB values in local process,
# hand cache down to child processes.
#
# "no" If no, fetch passwd or group entries anew, every time an
# entry is requested. Default is "no".
#
db_cache: no
#
# db_separator:
#
# Set separator character between domain and account name to
# the ASCII char X. Default is '+'.
#
db_separator: +
--15+E349fsei051WC--
--hI0HXimLkvfVxAyB
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJS9VBlAAoJEPU2Bp2uRE+g9HkP/A2gGzGd5cDmGyCtFdF4YPyM
e0dSGG4sSUJpR/C6CydoYgWP7oD6glgiF57NtH/vEOCled6lXK0wtrYQkczwP9sI
NvkaTfIeS8OPgj25P327ea2I09DpGz3ji4VCugkb193BDuyR9dAuXxUj5M+3XUZq
0uvkmghssgdK71ue5cuMjUmbKMH0m/Hv3vUP3fTeOs81p769/dU1VvqjUflTiHGP
X/h5f5nZ3I4o8Yi45TV4t1MEuDYSOKedZPz2WG0O0FV6n4XDLy7Lrt1m2wHzI5Kz
DFflgkZUuxBaCXSUiSYQrzgutnOFNP9v+yoSsNS+r64Osa/SVB5xJCRGG+jA/Kw7
EOk9dcJTo662/dFv1tuiReuGoumbIBSOHpUhMDlary1v8E7qbWu3iFyuMRiQ/UWE
6vQplbOWmllPYXm+74JCK5aqn7Q3PkC7EfkDnHCxarYeUioRuIUHXR5UMllnUFhD
I3nPBvqyWh6P4uR6BbAJqM+tVyLDMjAuMVQFu6ST+U6Bfp5aPhOiPuF7yRQq+1lP
FooyHnkSS9QpCXZAx/qD3M4nsKXG7xYzglf/cmLMhfypjjEB1gQTeSqdJmbt/6kk
+jnVP3ZgF9ZwALhs2QCEKytkDwRySxfJsz8r9ZpsXzO7+FmdgXeTfJS+VfAfjue8
GCmMUaLB+C/rR6SOdBhO
=Rosa
-----END PGP SIGNATURE-----
--hI0HXimLkvfVxAyB--
- Raw text -