X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=ayHyouyDicttE88rEHQUoTWZk98dY/5YHS8LgYO6Qgf+E9D3YHqce
	DODxzR+3TzxypY/axMxaRwWWcGokOqVwQMhH91w0ig/8ov7aGFXgHkFEGN0ed5SP
	nRWGwqezsJPelWtzMLYniCVn9n8FsscRzff89vxLf1h5spbZaIC/EI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=m87UDXBKQGrtZCTBju/B7WqZdjA=; b=T+2OgUnMhtksAhyV0Nn7HspAapin
	j8KoY8CUrhhIjL8n5RinB4x25LhUnAfyFTftRhSuyxaJG5zTJtL5ov1ohXRFx/u+
	uV5hkbHVMs+NMOOUXOiKJ/6zJSjfobfmIsEduPB/rc3yqT3faJ8MJmAIokdth6UN
	s02+pY/9Hrbbgps=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.6 required=5.0 tests=AWL,BAYES_50 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 26 Jun 2014 10:32:53 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: LDAP integration and sshd
Message-ID: <20140626083253.GA25654@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <loom DOT 20140625T141552-513 AT post DOT gmane DOT org> <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <loom DOT 20140626T093103-970 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
In-Reply-To: <loom.20140626T093103-970@post.gmane.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jun 26 07:35, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > - Build your own OpenSSH package with the following patch applied:
> >=20
> >   http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-May/032591.h=
tml
> >=20
> >   It converts the static request for an account called "sshd" into
> >   a function call which checks for the "sshd" account by calling
> >   a Cygwin DLL function checking for the account by prepending the
> >   potential prefixes.  This patch has been applied upstream, and
> >   a new version of OpenSSH will be available as soon as we go life
> >   with the AD integration stuff.
>=20
> Is there a corresponding change needed to take care of LDAP groups so the=
se

"LDAP groups" is rather misleading.  The naming convention has nothing
to do with LDAP, rather it's a Interix invention.  The names are
generated inside the Cygwin DLL in dependent of using LDAP or not.

> can be used in AllowGroups?

In theory, no.  AllowGroups is admin-settable in the config file while
the "sshd" user request is built into the code.  Just use the names as
you get them:

  AllowGroups bla MACHINE+blub DOMAIN+blubber ...


Corinna

(*) per MSFT this is supposed to be faster than NetUserEnum and uses less
    resources.  In my limited environment, `getent group' is in fact five
    times faster than the former `mkgroup -l -d'.

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTq9q1AAoJEPU2Bp2uRE+g7FgP/2C/gAwRkCYgK8ZT1KvbIA+D
l+KQJhncPTX7vCzeimH77kGIaj266XR2YoHctcmmG/dJjMitJ4A2iRImysnyqSIW
cgPGhj6JCv4tVUT5+q+/FaWS+Huq+uJuz5GNFBMVn1HNoPdikH27nBLBkDm0zcOr
IGJXPzfPo0wDUvkqP5PllBBYquc6avwXSh9mHh3ZMAMG1jKyhfdVa9CmbIxe0e8O
r/qz2y88q3iPS0FSZEphlzrBIDirGg5K4/vXq0YA9CsbrHkybLS5Agwdclc0u/n3
W1QA03+95jmbnq9FsTTw+noaCaXtA8/oLgWP1zvKiSYakjwzX6qJgY3okB37PI6N
pftkAMfVWtwNGWgTiGmS/HuMoWWkJTsHQHffBKhIKRUEBDG4vzdnUPjpG2keP4on
ZovB2TX69rblzFqGisRHPi1ti4wz7mX8KN9asVuOP/yiVHohNJ6hUcyyMBVC/1ZW
1iJkotH9SgROkV5ZzZhDQl780qL0WfJG47+WxUNc6UDLfkknL2jPlw1SCKYMgoKb
eSVRpvbEkz0Zm8VRVJsz1jqD+ecKXzd+7HOuHGiN5re0eX6BCzeQFPE6yICzhpDc
TNNWStNlIV9CwBBRkzNP5zl4GytXdHQllJN5mUtCHdHfaQp7CD0Q0/Wvzt9pJijT
utbZi59zwKQeSsdxOch9
=gwmO
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--