This is the mail archive of the
cygwin
mailing list for the Cygwin project.
AW: Simplify AD integration?
- From: "Christoph H. Hochstaetter" <christoph at hochstaetter dot de>
- To: cygwin at cygwin dot com
- Date: Thu, 31 Jul 2014 23:06:00 +0200
- Subject: AW: Simplify AD integration?
- Authentication-results: sourceware.org; auth=none
- References: <20140730134716 dot GM25860 at calimero dot vinschen dot de>
Corinna Vinschen wrote:
>Default is 'auto':
>
> builtin accounts; "+SYSTEM", "+LOCAL", etc.
> primary domain "corinna", "cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> If set to 'primary':
>
> builtin accounts; "+SYSTEM", "+LOCAL", etc.
> primary domain "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> If set to 'always':
>
> builtin accounts; "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
> primary domain "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
> other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
>1. Shall we remove the leading '+' from the builtin account names
> or shall we keep it?
None of these three seem correct to me. It should be:
builtin accounts; "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
primary domain "corinna", "cgf", ...
other domain: "DOMAIN1+walter", "DOMAIN2+mathilda"
Windows treats "NT AUTHORITY" and "BUILTIN" as foreign domains like DOMAIN1
and DOMAIN2 in Win32 APIs that use a single string for domain and username,
e.g. lpServiceStartName in CreateService. Examples:
".\user1" - can be uses as a shortcut for "MYDOMAIN\user1"
".\NetworkService" - cannot be used as a shortcut for "NT
AUTHORITY\NetworkService"
".\WdiServiceHost" - cannot be used as a shortcut for "NT
SERVICE\WdiServiceHost"
Whenever ".\some name" cannot be used as shortcut for "some default\some
name" in Win32, it should not be converted to "+some name" but to
"DOMAIN+some name" in Cygwin. This should be at least configurable thru
db_prefix even though most users might not want to see names like " NT
AUTHORITY+SYSTEM " in ls -l.
>2. Shall we stick to '+' as the separator char or choose another one?
> If so, which one?
Yes "+" is well known for that purpose in Linux and other Unixes. Keep
db_separator in /etc/nsswitch.conf if possible
>3. Shall we keep the `db_prefix' variability or choose one of
> the prefixing methods and stick to it? If so, which one, auto,
> primary, or always?
See above
>Bonus question:
>
>4. Should Cygwin downcase all usernames when generating the Cygwin
> username
I prefer downcase. Other users probably will not. So db_username_downcase =
true/false would be great.
-Christoph
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple