Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <3E73DEEF.9040605@attglobal.net>
Date: Sat, 15 Mar 2003 18:18:23 -0800
From: Doug VanLeuven <roamdad@attglobal.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] New release of setup.exe (2.249.2.10)
References: <20030313205847.E1E4B1C221@redhat.com> <3E710A26.5050207@t-online.de> <20030314025249.GB33739617@hpn5170x> <3E718AD8.4010209@t-online.de> <3E71E49E.3D2F3ABF@ieee.org> <3E720A5A.9060804@t-online.de> <3E730EBB.9080700@attglobal.net> <20030315152717.GA930535@hpn5170x>
In-Reply-To: <20030315152717.GA930535@hpn5170x>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MailScanner: Found to be clean

Pierre A. Humblet wrote:
> On Sat, Mar 15, 2003 at 03:30:03AM -0800, Doug VanLeuven wrote:
> 
>>I wish I had just one domain.  To set this up in a mutidomain
>>environment, I'm finding
>>I install as an administrator of one of the domains DOMAIN1
>>create local passwd & group files
>>	passwd.local & group.local
>>create domain passwd & group files:
>>	passwd.DOMAIN1 & group.DOMAIN1
>>Then log in as an admin in domain DOMAIN2
>>create domain passwd & group files:
>>	passwd.DOMAIN2 group.DOMAIN2
>>...
> 
> 
> Why do you need to log in several times instead of using
> repeatedly mkpasswd -d DOMAINX? Is it for access right reasons?
> Also, how do you avoid having duplicated uids? Do you use the
> -o switch ?

Have to log in to establish credentials.  Same name in different
domain is not really same user.
Yeah -o offset.  I use a case table matching against domain name
when the domain name != machine name.  Since the default case
was 10000, I used multiples of 10000.

> If it weren't for the access right problems (can you solve them
> by having one user that has access everywhere), mkpasswd could be 
> extended to take several domains at once. It could also avoid 
> duplicating uids. Would that help you?

That could be done by trust relationships between domains and
adding users outside the current domain to account operators.
But those pre-conditions don't always exist and sometimes by design.

> How large is /etc/passwd in the end? 
> Do you really need to have all the users in the file?

Depends on the number of users.  I have hundreds of accounts,
not thousands, so its not too bad.  call it 120k per domain.

Technically, it wouldn't strictly be necessary, but I roll out
images to a couple hundred machines.  I want proper account
info available in the event the machine boots without network
connectivity.  Notebooks are a good example of this.  The user
can log on for a configurable number of times to the domain
account when detached from the network.  Cygwin should work
under that circumstance too.

Plus it's one of those nitpicky completeness things I do just
because I've been admin on Unix for 20+ years & things
like that have bit me before.

Regards,
-- 
Doug VanLeuven
Programmer/Analyst, SCWA
Chief Engineer, USMM


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/