Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3E73DEEF.9040605@attglobal.net>
Date: Sat, 15 Mar 2003 18:18:23 -0800
From: Doug VanLeuven <roamdad AT attglobal DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] New release of setup.exe (2.249.2.10)
References: <20030313205847 DOT E1E4B1C221 AT redhat DOT com> <3E710A26 DOT 5050207 AT t-online DOT de> <20030314025249 DOT GB33739617 AT hpn5170x> <3E718AD8 DOT 4010209 AT t-online DOT de> <3E71E49E DOT 3D2F3ABF AT ieee DOT org> <3E720A5A DOT 9060804 AT t-online DOT de> <3E730EBB DOT 9080700 AT attglobal DOT net> <20030315152717 DOT GA930535 AT hpn5170x>
In-Reply-To: <20030315152717.GA930535@hpn5170x>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MailScanner: Found to be clean

Pierre A. Humblet wrote:
> On Sat, Mar 15, 2003 at 03:30:03AM -0800, Doug VanLeuven wrote:
> 
>>I wish I had just one domain.  To set this up in a mutidomain
>>environment, I'm finding
>>I install as an administrator of one of the domains DOMAIN1
>>create local passwd & group files
>>	passwd.local & group.local
>>create domain passwd & group files:
>>	passwd.DOMAIN1 & group.DOMAIN1
>>Then log in as an admin in domain DOMAIN2
>>create domain passwd & group files:
>>	passwd.DOMAIN2 group.DOMAIN2
>>...
> 
> 
> Why do you need to log in several times instead of using
> repeatedly mkpasswd -d DOMAINX? Is it for access right reasons?
> Also, how do you avoid having duplicated uids? Do you use the
> -o switch ?

Have to log in to establish credentials.  Same name in different
domain is not really same user.
Yeah -o offset.  I use a case table matching against domain name
when the domain name != machine name.  Since the default case
was 10000, I used multiples of 10000.

> If it weren't for the access right problems (can you solve them
> by having one user that has access everywhere), mkpasswd could be 
> extended to take several domains at once. It could also avoid 
> duplicating uids. Would that help you?

That could be done by trust relationships between domains and
adding users outside the current domain to account operators.
But those pre-conditions don't always exist and sometimes by design.

> How large is /etc/passwd in the end? 
> Do you really need to have all the users in the file?

Depends on the number of users.  I have hundreds of accounts,
not thousands, so its not too bad.  call it 120k per domain.

Technically, it wouldn't strictly be necessary, but I roll out
images to a couple hundred machines.  I want proper account
info available in the event the machine boots without network
connectivity.  Notebooks are a good example of this.  The user
can log on for a configurable number of times to the domain
account when detached from the network.  Cygwin should work
under that circumstance too.

Plus it's one of those nitpicky completeness things I do just
because I've been admin on Unix for 20+ years & things
like that have bit me before.

Regards,
-- 
Doug VanLeuven
Programmer/Analyst, SCWA
Chief Engineer, USMM


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/