X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=H7pu3l7FBOLjutybIlA2HVpaTgBnYUkaxNDuOBFwxnaLfqoyU64EF
	U35yRNbK+tafIsnejS6nfQge8yB9NE8gs17yLrEht6BnFUC3kpqy1FyPeclEfthU
	5c7r8c6fDCAZ2Z2w8HpIf1Q3AwqTmY2UpM8+WMunvgI/jGA9RZv4zc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=HlcL54Bi29LoajdEgyLqaGA3pNg=; b=wjQS1iBJW/PleKymSStdd5hv/rrz
	VLoBmnDWSKzD7CG2p1W2N/htrT1Oh4tePICbtD2j77cVH9s3ghXYVgXJDephddoD
	zcqxuch+0F8KJfkRtKf4a96yZiPBUee3NZLHAU2Uk+LAT/K9HR2u03o68lMcK6Cd
	ksc8HnRKuvwU+Gs=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Fri, 1 Aug 2014 12:01:49 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Simplify AD integration?
Message-ID: <20140801100149.GC25860@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20140730134716 DOT GM25860 AT calimero DOT vinschen DOT de> <259120036f9fe92106ee2f4344c83734 AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="Gle0L8H5l8ToQqD4"
Content-Disposition: inline
In-Reply-To: <259120036f9fe92106ee2f4344c83734@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--Gle0L8H5l8ToQqD4
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jul 31 23:06, Christoph H. Hochstaetter wrote:
> Corinna Vinschen wrote:
> >Default is 'auto':
> >
> >    builtin accounts;   "+SYSTEM", "+LOCAL", etc.
> >    primary domain      "corinna", "cgf", ...
> >    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
> >
> >  If set to 'primary':
> >
> >    builtin accounts;   "+SYSTEM", "+LOCAL", etc.
> >    primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> >    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
> >
> >  If set to 'always':
> >
> >    builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
> >    primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> >    other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>=20
> >1. Shall we remove the leading '+' from the builtin account names
> >   or shall we keep it?
>=20
> None of these three seem correct to me. It should be:
>=20
> builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
> primary domain      "corinna", "cgf", ...
> other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"

The prefix-only variation for builtin and well-known acocunts is what's
originally used by SFU.  I cloned that behaviour as it seemed to have
advantages handling getpwname/getgrnam calls.

> Windows treats "NT AUTHORITY" and "BUILTIN" as foreign domains like DOMAI=
N1
> and DOMAIN2 in Win32 APIs that use a single string for domain and usernam=
e,
> e.g. lpServiceStartName in CreateService. Examples:
>=20
> ".\user1" - can be uses as a shortcut for "MYDOMAIN\user1"
> [...]

The Windows ".\" prefixing is not at all utilized inside Cygwin.  It has
nothing to do with how the prefixing is evaluated.

> This should be at least configurable thru
> db_prefix even though most users might not want to see names like " NT
> AUTHORITY+SYSTEM " in ls -l.

That's what you get with db_prefix "auto" or "primary".

> >2. Shall we stick to '+' as the separator char or choose another one?
> >   If so, which one?
>=20
> Yes "+" is well known for that purpose in Linux and other Unixes. Keep
> db_separator in /etc/nsswitch.conf if possible
>=20
> >3. Shall we keep the `db_prefix' variability or choose one of
> >   the prefixing methods and stick to it?  If so, which one, auto,
> >   primary, or always?
> See above
>=20
> >Bonus question:
> >
> >4. Should Cygwin downcase all usernames when generating the Cygwin
> >   username
> I prefer downcase. Other users probably will not. So db_username_downcase=
 =3D
> true/false would be great.

Sigh.  YA setting.  I was trying to *simplify* the stuff and reduce
variability since that stuff only complicates the code for... what
gain?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--Gle0L8H5l8ToQqD4
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT22WMAAoJEPU2Bp2uRE+g4zwP/ifjBfquNAVYtM84Ux3prx2C
dUNAE0ssSHgZcIr4dOvWRgaZgCpLonnK0dR0+o0mCU4jtbQxLsX9fI6NBq9nOdL5
j4Z2lpYYmLE/MFZolmqUK7hPEk4VkAm9iMLgJwFmhJ7QXSC1SmXMmPSXgiJWiZCK
PXsjtqgwH7OqAQYM4czFkoG7DpjoSDz1y4phnXsdX+8gQ8APqWly4ROnpZ2NMg+W
XBJ5bRcmz1WLOGloFoTefB9Utig45jlGoI5SyfCKLP31oXW9wUvTaFLQSZTBng6f
zXuNNwLCVyzg9jVULT8ZQE017Jcd5jW/VsqUHaG9tak39MUCWCzLeH7vLrxmIxyv
HApkLi+eJRxoceT5I+D8toha3PlMC4GPKy67bb34pKozmO5cC4/JmWJEb+5OsGnk
55NxB4MY9DUz2LgeHkHbfB5aESvOqj0uFjl5a7h8YVTyak4NjwAidmFQTI0765z6
8BHfLsDCmqZE1iUYg8xKxFR6lwvpblcR2+82NsgfjR6aVlYzAZoImdaNqSWRuZ0P
8G6Spbjc6q2zwBfvpJhLA4IE3Q/JKyPoHDV/HI44JjgjuG2s1NwyCh0X6eIjp8Qc
9DMiVE4pJH2SOuPLhmIMUZRyBYOUiYfHg2YSCdEaLOolEkCadW26sxu2nHd0c2P/
fxVpP8tzLWUZJ1Z/KK2e
=lSy7
-----END PGP SIGNATURE-----

--Gle0L8H5l8ToQqD4--