Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Sat, 25 Oct 2003 12:23:00 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: ssh-host-config: "mkpasswd -l -u sshd"; should it be "-d" on domain controller? Message-ID: <20031025102300.GC10718@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <200310241838 DOT h9OIcofD006268 AT tigris DOT pounder DOT sol DOT net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200310241838.h9OIcofD006268@tigris.pounder.sol.net> User-Agent: Mutt/1.4.1i On Fri, Oct 24, 2003 at 01:38:50PM -0500, Tom Rodman wrote: > consider: > > bash-2.05b$ uname -r; grep mkpasswd /bin/ssh-host-config > 1.5.5(0.94/3/2) > mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd > > Does "mkpasswd -l" make any sense on a domain controller? > > On an NT domain controller I tested > > mkpasswd -d -u sshd | sed -e 's/bash$/false/' >> /etc/passwd > > and "ssh localhost" worked fine after stopping and starting sshd. The '-d" > option creates a user entry that apparently has the same SID, but > different uid offset. It's only the uid which is different then, this has been introduced long ago to minimize the chance for collision between local and domain account ids. Other than that, -l and -d are practically the same on a domain controller. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/