Re: Mild amazement (questions) about the output of mkpasswd (1.7.33). Corinna?

["Houder" <houder at xs4all dot nl>]

> On Oct 28 13:50, Houder wrote:
>> Hi Corinna,
>>
>> As adviced by you, I replaced the "cygwin package" with the test
>> version (1.7.33) on my "Cygwin-32" ...
>>
>> Let us assume, I am NOT interested in "Windows domains" etc. and that
>> I would like to keep my "own" mapping between SIDs and uids/gids ...
>> it appears to me, that both mkpasswd and mkgroup are no longer of any
>> help to me, as both appear to apply "some fixed (automatic) mapping"
>> between SIDs and uids/gids ... Right?
>
> Not quite.  Did you read the preliminary documentation?  You don't have
> to use mkpasswd or mkgroup at all, and you don't need the /etc/passwd
> and /etc/group files.  The new feature is NOT only for AD machines,
> it works for local machines as well, and even if your files were small,
> you might still see a performance gain.
>
> Please give https://cygwin.com/preliminary-ug/ntsec.html a try.  I really
> hope it's worht to read it because it explains the feature thoroughly.

:-)) Do you _really_ believe I did not study your text? Yes, I did ... and
not for the first time.

Keep in mind, please: Windows is not exactly 'my cup of tea' :-)

> Other than that, yes, you can still create your own mappings by
> utilizing the passwd and group files.

Wonderful ... I have grown accustomed to my old mapping (RID -> uid/gid).

>> Initially I left the passwd, group and nsswitch.conf untouched ... (as
>> noted, I am NOT connected to a domain, and I have never been troubled
>> by the slowness as result of the passwd/group files - small files).
>>
>> As the output of mkpasswd (and perhaps the "whole" changover in
>> 1.7.33) left me with a question (questions?), I subsequently removed
>> the aformentioned files ...
>>
>> Questions:
>>
>>  - why does 'mkpasswd -l Seven -u Henri' report differently from
>>  'mkpasswd -l -u Henri'?
>>     - uid: 4244636648 vs 197608 ...
>
> The underlying algorithm treats the machine name given as parameter
> to -l or -L as a foreign machine in the network and tries to contact
> it.  As a foreign machine, the created uid and gid values are different
> from the ones for the local machine.  Don't use -l Seven, just use -l
> for the local machine.

Oh, dear, it does not recognize its own name ... Poor soul. Yes, I had
already gathered that much ...

>>  - why does MACHINE show up as a prefix to LOCAL USER in 'mkpasswd -L
>>  Seven -u Henri', but NOT
>>    in 'mkpasswd -L -u Henri'?
>
> The -L option is only meant to be used for foreign machines.  The
> prefixing of the local machine is bound to the underlying mechanism used
> in Cygwin per the docs.  On second thought, a -L without machine name
> should have been refused by mkpasswd.
>
>>     - name: Seven+Henri vs Henri ...
>>     - manual says: -L, generate username WITH machine prefix ...

Understood, use mkpasswd and mkgroup with some "imagination" (until all
option processing has been thoroughly tested and repaired).

>> Just trying to make sense of it all ...
>
> Yeah, I freely admit that the usage of mkpasswd/mkgroup isn't quite as
> evident anymore.  The idea is that the underlying "db" mechanism fixes
> the rules.  I'm really not sure yet if and how mkpasswd/mkgroup needs
> more change, that's what this testing phase is supposed to show.  Keep
> in mind that the new account handling is just as new for me as it is for
> you :)

... uhm, not quite, I believe ... you are bathing in the dazzling light of
understanding ... I am just groping for a ray of that light ;-)

Once more, thank you for clarifying!

Henri

=====


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple