Simplify AD integration?

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Aug 1 09:23:00 GMT 2014


On Jul 31 07:12, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > Good points.  I might have overvalued the gain of easily recognizing
> > builtin accounts by the leading '+' separator.
> 
> After some thinking with my eyes closed... not prefixing local accounts at
> all would at least allow the sshd to see the local sshd user without jumping
> through hoops, so that might be a net gain after all.  What I don't know:
> what happens if a local and a primary domain user have the same name?

You misinterpreted what I described.  Please re-read my preliminary
documentation.  The prefixing is used for *builtin* and *well-known*
accounts, *not* for local accounts.  Local accounts from the local SAM,
users and groups, are either

- not prefixed at all, if the machine is a standalone machine, or

- prefixed with the machine name if the machine is member of a domain.

The non-prefixed, name-only account names are exclusively used for the
*primary* domain of the machine you're working on, *iff* db_prefix is
set to "auto".  This is either the domain the machine has been added to,
or the machine name itself if it's a standalone machine.

I hope that clears things up.  


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140801/d34a8a24/attachment.sig>


More information about the Cygwin mailing list