[ANNOUNCEMENT] New release of setup.exe (2.249.2.10)

Doug VanLeuven roamdad@attglobal.net
Sun Mar 16 06:26:00 GMT 2003 

Pierre A. Humblet wrote:
> On Sat, Mar 15, 2003 at 03:30:03AM -0800, Doug VanLeuven wrote:
> 
>>I wish I had just one domain.  To set this up in a mutidomain
>>environment, I'm finding
>>I install as an administrator of one of the domains DOMAIN1
>>create local passwd & group files
>>	passwd.local & group.local
>>create domain passwd & group files:
>>	passwd.DOMAIN1 & group.DOMAIN1
>>Then log in as an admin in domain DOMAIN2
>>create domain passwd & group files:
>>	passwd.DOMAIN2 group.DOMAIN2
>>...
> 
> 
> Why do you need to log in several times instead of using
> repeatedly mkpasswd -d DOMAINX? Is it for access right reasons?
> Also, how do you avoid having duplicated uids? Do you use the
> -o switch ?

Have to log in to establish credentials.  Same name in different
domain is not really same user.
Yeah -o offset.  I use a case table matching against domain name
when the domain name != machine name.  Since the default case
was 10000, I used multiples of 10000.

> If it weren't for the access right problems (can you solve them
> by having one user that has access everywhere), mkpasswd could be 
> extended to take several domains at once. It could also avoid 
> duplicating uids. Would that help you?

That could be done by trust relationships between domains and
adding users outside the current domain to account operators.
But those pre-conditions don't always exist and sometimes by design.

> How large is /etc/passwd in the end? 
> Do you really need to have all the users in the file?

Depends on the number of users.  I have hundreds of accounts,
not thousands, so its not too bad.  call it 120k per domain.

Technically, it wouldn't strictly be necessary, but I roll out
images to a couple hundred machines.  I want proper account
info available in the event the machine boots without network
connectivity.  Notebooks are a good example of this.  The user
can log on for a configurable number of times to the domain
account when detached from the network.  Cygwin should work
under that circumstance too.

Plus it's one of those nitpicky completeness things I do just
because I've been admin on Unix for 20+ years & things
like that have bit me before.

Regards,
-- 
Doug VanLeuven
Programmer/Analyst, SCWA
Chief Engineer, USMM


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list