Re: Simplify AD integration?

["Larry Hall (Cygwin)" <reply-to-list-only-lh at cygwin dot com>]

On 07/30/2014 09:47 AM, Corinna Vinschen wrote:
> Hi folks,
>
>
> here's a set of question to those of you interested in the new
> passwd/group functionality.  This already has been discussed partially,
> but there was no conclusion.
>
> Right now, there's a lot of variability in the user names, based on the
> /etc/nsswitch.conf settings db_prefix and db_separator.
>
> The separator char is a '+' by default but can be replaced with other
> ASCII chars.  db_prefix allows three styles of user naming conventions:
>
>    Default is 'auto':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "corinna", "cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'primary':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'always':
>
>      builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> "Primary domain" here is either the primary domain of the machine or the
> local SAM if the machine is no domain member.  "Other domain" here is
> either a trusted domain or the local SAM for domain machines.
>
> Together with the variable separator char this is an awful lot of
> variability, which has the potential side effect to complicate the
> code *and* debugging.
>
> Also, the leading '+' for builtin accounts results in some downsides,
> one of them for instance the fact that `chown +x' assumes that x is a
> numerical uid or gid.  Thus `chown +SYSTEM ...' fails.  On the other
> hand it simplifies the account handling inside of Cygwin.
>
> So I'd like to ask a few questions to which I'd like to have some brief
> answers, kind of like a poll, to get a better idea how we should
> proceed:
>
> 1. Shall we remove the leading '+' from the builtin account names
>     or shall we keep it?

I'd say remove it since it isn't providing a clear benefit and,
more importantly, causes regressions in some cases with existing tools
(as you stated above with chown).

> 2. Shall we stick to '+' as the separator char or choose another one?
>     If so, which one?

Did the discussion of this before end up inconclusive?  I thought that
'+' was seen as preferable for some reason that received some overall
approval.

> 3. Shall we keep the `db_prefix' variability or choose one of
>     the prefixing methods and stick to it?  If so, which one, auto,
>     primary, or always?

My opinion is that options are only necessary when there's no clear
single solution.  If it's very clear that there is no way to merge
all these possibilities into 1 or one is not clearly a superset of
the others, then we need to keep the options.  We shouldn't keep the
options just to have options obviously. :-)

> Bonus question:
>
> 4. Should Cygwin downcase all usernames when generating the Cygwin
>     username, so, if your Windows username is 'Ralph', your Cygwin
>     username will be 'ralph'?

This is enticing since it's a more common convention for UNIX/Linux
environments, which Cygwin strives to mimic.  But I would say that
downcasing isn't desirable since it just upholds a convention.  The
convention isn't a requirement so it shouldn't be enforced.


--
Larry

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple