X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:references:in-reply-to:mime-version:date
	:message-id:subject:to:content-type; q=dns; s=default; b=OckASCK
	YP5ndeH+Gvd0WO4rT3uxd9Z6KB+7Fm1T6z4739kvO2BDLLNx5PXYVw/4NodbFyhi
	1y+FjLKRJLYnk1i9sESsZ1mQBL8UnQotF8ge/oyGgpHhUFS7of0Ig3VXz6fcVyhL
	eAuwYRrEsIgF8tY42nsxWkJiiHGvd96O1THM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:references:in-reply-to:mime-version:date
	:message-id:subject:to:content-type; s=default; bh=KJwfRpXFAc7Fc
	e2SQDrRrjnaW7g=; b=u8G2DKg6DC14LumFTdv77ZTMM562GRy/WCbQ1dbWdiQsP
	TirAe6oilZCgavK6CUt6lRhyhvmzN8G4YVjPkZk+B240VqoMRsGlkscuIfcyZOz4
	UUmcaKSG/26tT1oHezy0tm9DVyq0NrqVKedeJS2/7BGR4kJcDnmLo7P2/ek3Wg=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_20,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-vc0-f171.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20130820;        h=x-gm-message-state:from:references:in-reply-to:mime-version         :thread-index:date:message-id:subject:to:content-type;        bh=2BveRrVvxUmK5YiLK8Tzuimfjmd2S9od/SqV05Cr278=;        b=JOIlyyIUui0A5BJKwILetYxfFIqYJYm8TlSxuYfSiHYCIO6c20N7drbNJeG7y/74X4         aJUFYem+iT/c31aUzCda2YXIoct60erJ83tk/sadlwQSX3Raax/gMfZZjvJddlWdtVpu         TYio1bh/WXoRMVf9vZpwremU4h+VCm+yRRqhYvXmjgmb7wTo7OoxF9ttc2CDVwcafY2H         DX1ho/LZqRbyb+BrX4mYb/Im1yrFV33YMGdMw04K9AnbUNCsf14sUbaVFAZBaXDZ950M         Qpy7mWu2Gq/qWQYTB1b5PKJ6baoQbCpLWKA12nBQgwH6UcAI/ZSjA0/GngemK40AcN41         mQkg==
X-Gm-Message-State: ALoCoQkCPxVmP0ByjbiGaG1NB4H0X2b9V4Urdk6fI0YvaiTn0b4vS6opL2jEFN2MQd/GJG4sf4qh
X-Received: by 10.52.148.2 with SMTP id to2mr991546vdb.38.1406840760989; Thu, 31 Jul 2014 14:06:00 -0700 (PDT)
From: "Christoph H. Hochstaetter" <christoph AT hochstaetter DOT de>
References: <20140730134716 DOT GM25860 AT calimero DOT vinschen DOT de>
In-Reply-To: <20140730134716.GM25860@calimero.vinschen.de>
MIME-Version: 1.0
Date: Thu, 31 Jul 2014 23:06:00 +0200
Message-ID: <259120036f9fe92106ee2f4344c83734@mail.gmail.com>
Subject: AW: Simplify AD integration?
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=UTF-8
X-IsSubscribed: yes

Corinna Vinschen wrote:
>Default is 'auto':
>
>    builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>    primary domain      "corinna", "cgf", ...
>    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>  If set to 'primary':
>
>    builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>    primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>  If set to 'always':
>
>    builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
>    primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"

>1. Shall we remove the leading '+' from the builtin account names
>   or shall we keep it?

None of these three seem correct to me. It should be:

builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
primary domain      "corinna", "cgf", ...
other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"

Windows treats "NT AUTHORITY" and "BUILTIN" as foreign domains like DOMAIN1
and DOMAIN2 in Win32 APIs that use a single string for domain and username,
e.g. lpServiceStartName in CreateService. Examples:

".\user1" - can be uses as a shortcut for "MYDOMAIN\user1"
".\NetworkService" - cannot be used as a shortcut for "NT
AUTHORITY\NetworkService"
".\WdiServiceHost" - cannot be used as a shortcut for "NT
SERVICE\WdiServiceHost"

Whenever ".\some name" cannot be used as shortcut for "some default\some
name" in Win32, it should not be converted to "+some name" but to
"DOMAIN+some name" in Cygwin. This should be at least configurable thru
db_prefix even though most users might not want to see names like " NT
AUTHORITY+SYSTEM " in ls -l.

>2. Shall we stick to '+' as the separator char or choose another one?
>   If so, which one?

Yes "+" is well known for that purpose in Linux and other Unixes. Keep
db_separator in /etc/nsswitch.conf if possible

>3. Shall we keep the `db_prefix' variability or choose one of
>   the prefixing methods and stick to it?  If so, which one, auto,
>   primary, or always?
See above

>Bonus question:
>
>4. Should Cygwin downcase all usernames when generating the Cygwin
>   username
I prefer downcase. Other users probably will not. So db_username_downcase =
true/false would be great.

-Christoph

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple