DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=UzVH9XUmeiAhLhWnWkMvkyJwwZ1D8g9ykwBzggyhWbCJWvq3mKgCf
	e80WpMBcy/wmUDtesWL1QlT5DDTlUv1fbAay+VjLfC+95sND04hcO5jOMDYlrxDP
	EwxUEFCvf0n18VWVtJs2X6afzDBeuzTkIy49UrbiZEc/+zA6VZ0UwE=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
To: cygwin@cygwin.com
From: Achim Gratz <Stromeko@NexGo.DE>
Subject: Re: Testers needed:  New passwd/group handling in Cygwin
Date: Wed, 26 Feb 2014 08:09:51 +0000 (UTC)
Lines: 52
Message-ID: <loom.20140226T085959-119@post.gmane.org>
References: <20140213143849.GH2246@calimero.vinschen.de> <87fvn7cb68.fsf@Rainer.invalid> <20140225200414.GA4238@calimero.vinschen.de> <87y50zaqjb.fsf@Rainer.invalid> <20140225215423.GA6065@calimero.vinschen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)

> Sorry, I don't grok this.  What has a web application server to do with
> asking a DC for user info?

We have one of these that does a lot of DC lookups because it authenticates
all users.  It's also in a much faster network, so I can check there what
the lookup rate could be reasonably expected to be.

> Erm... how often are you calling id, usually?

I'm currently doing this in the login process to figure out whether the
prompt should show "root" powers.  I'll have to figure out something else to
do instead.

> Also, we're in the early
> stages of testing this change.  The idea is not that you just switch,
> the idea is that we *test* this and I get enough feedback to be able to
> ease the biggest pains.

Understood.  Until now I had to generate passwd and group files and I was
hoping that the need for doing that would go away (I'd also need to talk to
our AD folks so they start populating the correct fields).

> Other than that, I just had an in-shower inspiration how to speed up
> `id' specificially.  The getgroups(2) call is in the center of this and
> I could probably speed up the stuiff a lot by opening the LDAP
> connection in getgroups only once. 

Thursday?  :-)

> Also, more radically, if we drop the functionality to define another
> group name for a group, we could drop the requirement to open an LDAP
> connection to fetch group information to the DC entirely(*).  This would
> only affect domain groups, local groups could still have different
> names.  But I'm already wondering for a couple of days if having a
> Cygwin group name different from the Windows group name is really
> necessary at all.  I added this years ago for fun, but there's no
> serious reason I can think of which would require to keep up with this.
> 
> (*) Assuming the group info is cached in the local LSA, which is
>     pretty likely for the groups of the current user.

That would also work for me (I don't think I've ever used that feature
consciously).

> Sigh.  Testing in this tempo will take ages.

Sorry, but that's not my decision to make in this case.  I'll see if I can
sneak in something until the end of the week.


Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple