mkpasswd: option to force the 'primary' domain?

Tim Magee Tim.Magee@thales-esecurity.com
Tue Mar 24 12:40:00 GMT 2015 


On 20/03/15 18:10, Corinna Vinschen wrote:
> On Mar 20 11:58, Tim Magee wrote:
>> Now then,
>>
>> Since Cygwin 1.7.34 dropped, mkpasswd has been problematic for us.  Our
>> problem is with the way user names pulled from outside the primary domain
>> get decorated.  My question is: will there ever be a way to tell
>> mkpasswd/mkgroup "make <some non-primary domain> the one whose users get
>> undecorated names"?
>>
>> We have Windows machines in one AD domain, and all our users in a different
>> AD domain.  According to the 'POSIX accounts, permissions and security'
>> page, the machine's domain is considered the primary one. "mkpasswd -d" will
>> generate undecorated names for that domain, and decorated names for any
>> other named domain.
>>
>> We use SSH-based tools a great deal here, and we use Cygwin to make our
>> Windows machines behave like members of our POSIX machine community, so
>> having our usernames appear the same on all machines is very desirable.
>>
>> I think I can recreate the pre-1.74 behaviour with a little seddery, but I'd
>> bet folding money that my seddery isn't future-proof.  So, are
>> mkpasswd/mkgroup ever likely to get an option to force the "undecorated
>> users" domain?
>
> I'm not planning this.  The idea is that mkpasswd/mkgroup create account
> names compatible with the "db"-based accounts and everyhing else is left
> to post-creation manipulation.
>
> Having said that, the new account handling is supposed to be stable on
> the user level for quite some time, ideally at least as many years as
> the old /etc/passwd&/etc/group-only based code.  Therefore using some
> sed script to filter the output of mkpasswd/mkgroup if you dislike the
> new account handling is the way to go.
>
>
> Corinna
>
Thanks, I feel more confident of my seddery already!

In case anyone else with a similar setup reads this thread: using sed to 
trim off the domain decoration for the chosen domain is WFMing like a 
champ, but you'll want to make sure you're not creating name clashes. 
It's safe for us because we only have users we care about in one domain.

Tim


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list