X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=Y+QTV3fE9XyLaYwm
	c+1BGEb2aQOCFwy0jrAhP+6c2R2mJm3Vs6CWRqI6lfFMnBEfK4/W2kMNPp7Tk82j
	KFi6k5EM/2cuY2mPOrmDA5VO/0v/aVAJiIfnL1SQUrIYdyH3QQTaBMc6DRkBi0us
	5zQjps0NwvWTnuBvULT+AAMq+4s=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=dvncVkdpw5fbE+umj/6DuZ
	urIOU=; b=PDiSdfSI52iiY+RMU1+6qb+Au4t4hr4zIE+fuNG5VZOWFLgG3urrCS
	27TqwXxWoNB0B2Sih5O6YmsPOLUwsdUYQUhaaKeudUzECXp/LXfUiagzqeNLK+Mi
	/vmb9QIOoPaF8nvkq/PMrGiYEk02lzxpbtzyUHL/m1uSC+BaeeSwQ=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.7 required=5.0 tests=AWL,BAYES_20,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtpback.ht-systems.ru
Date: Mon, 14 Apr 2014 13:08:23 +0400
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <152973304.20140414130823@yandex.ru>
To: Corinna Vinschen <cygwin AT cygwin DOT com>
Subject: Re: Still testing needed: New passwd/group AD/SAM integration
In-Reply-To: <20140414083514.GL3271@calimero.vinschen.de>
References: <20140410145323 DOT GB2437 AT calimero DOT vinschen DOT de> <1723507354 DOT 20140413141847 AT yandex DOT ru> <20140414083514 DOT GL3271 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Corinna Vinschen!

>> > * db_separator in /etc/nsswitch.conf
>> 
>> >   Is it really such a good idea to have a configurable separator
>> >   char in user and group names?  Is it important that it is
>> >   configurable?  Is '+' a good choice for the default separator?
>> >   Wouldn't the backslash a better and, perhaps, only choice?
>> 
>> The "+" as a separator was conceived in *NIX because backslash has a long

> in *NIX?  Do you mean SFU or is there other precedent of the '+
> character I'm not aware of?

Ok, Samba specifically. Sorry I was unclear.

>> history of being a way-too-meaningful escape character.
>> (Though, you know it, I'll just say it for other interested parties.)
>> I don't have an opinion on it, but I tend to favor native semantics, means,
>> the backslash.
>> If anyone are familiar with modern state of preferred domain separator
>> in Samba 4, would that effect the decision?

> Quoting from the smb.conf man page:

>    winbind separator (G)

>        This parameter allows an admin to define the character used when
>        listing a username of the form of DOMAIN \user. This parameter is
>        only applicable when using the pam_winbind.so and nss_winbind.so
>        modules for UNIX services.

>        Please note that setting this parameter to + causes problems with
>        group membership at least on glibc systems, as the character + is
>        used as a special character for NIS in /etc/group.

>        Default: winbind separator = '\'

>        Example: winbind separator = +

> We don't have the glibc/NIS problem, of course.  I'm not going to
> comment on this, I'd really like to see what you guys think.  Obvious
> choices are:

> - Keep "db_separator", + as default
> - Keep "db_separator", \ as default
> - Remove "db_separator", fixed character +
> - Remove "db_separator", fixed character \
> - Something entirely different.

mmm... For something entirely different...
Fixed db_separator = \
Default domain setting somewhere to tell Cygwin to look for users there first.
Environment variable to specify/override default domain on the fly.
Or even simpler, just an environment variable establishing the list of
domains to lookup. And the order of lookup.

Perhaps, convoluted, but could cover many cases, where simple user name would
be ambiguous, but useful. And doesn't break standalone installations, if not set.


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 14.04.2014, <13:00>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple