Simplify AD integration?

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Jul 30 15:01:00 GMT 2014


On Jul 30 14:38, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > 1. Shall we remove the leading '+' from the builtin account names
> >    or shall we keep it?
> 
> I'd rather keep it since it's a good reminder where that comes from.
>  
> > 2. Shall we stick to '+' as the separator char or choose another one?
> >    If so, which one?
> 
> WJFFM at the moment, so I don't see a pressing need for variability.
> 
> > 3. Shall we keep the `db_prefix' variability or choose one of
> >    the prefixing methods and stick to it?  If so, which one, auto,
> >    primary, or always?
> 
> I'd rather keep this, although "auto" is all I use at the moment.  BTW,
> would it be possible to recognize PRIMARYDOMAIN+user and (auto) user be
> recognized as the same thing when auto is in effect?  The ability to
> explicitly specify the prefix even though it isn't necessarily displayed
> would most likely remove much of the potential need for variability in that
> department

I'm not sure if that would work as expected. Cygwin explicitely tests
if the account name follows the current rule.  I'm not so sure what
effects it would have, if getpwnam could return another username as
the one given as parameter (apart from the case difference).

(and defuse the booby trap in chown).

Well, hmm.  If we allow to specify "NT AUTHORITY+SYSTEM" or
"BUILTIN+Administrators" even in "auto" or "primary" mode...

Unfortunately this won't help in all cases.  I used a broken example :(
The "LOCAL" account and a few others have NO domain.  Thus, they are
simply +-prefixed ("+LOCAL"), even in 'db_prefix: always' mode.

Tricky.

> If you keep it, then there's an obvious candidate missing: "local+other",
> which should prefix all accounts except the primary domain ones.

Do you mean

  builtin accounts;   "NT AUTHORITY+SYSTEM", "BUILTIN+Administrators", ...
  primary domain      "corinna", "cgf", ...
  other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"

?

> So it'd be
> better to simply flag which groups to prefix, I'd think ("local", "primary",
> "other") and specify this like symbolic modes in chmod, perhaps?
> 
> > Bonus question:
> > 
> > 4. Should Cygwin downcase all usernames when generating the Cygwin
> >    username, so, if your Windows username is 'Ralph', your Cygwin
> >    username will be 'ralph'?
> 
> I'd be in favor of this since I've already had two users that wouldn't see
> their home directories until I figured out that they'd have their names
> capitalized in AD...  as long as Windows is unable to distinguish users
> based on the case there shouldn't be a problem.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140730/7a32be8a/attachment.sig>


More information about the Cygwin mailing list