This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Mild amazement (questions) about the output of mkpasswd (1.7.33). Corinna?


On Oct 28 13:50, Houder wrote:
> Hi Corinna,
> 
> As adviced by you, I replaced the "cygwin package" with the test
> version (1.7.33) on my "Cygwin-32" ...
> 
> Let us assume, I am NOT interested in "Windows domains" etc. and that
> I would like to keep my "own" mapping between SIDs and uids/gids ...
> it appears to me, that both mkpasswd and mkgroup are no longer of any
> help to me, as both appear to apply "some fixed (automatic) mapping"
> between SIDs and uids/gids ... Right?

Not quite.  Did you read the preliminary documentation?  You don't have
to use mkpasswd or mkgroup at all, and you don't need the /etc/passwd
and /etc/group files.  The new feature is NOT only for AD machines,
it works for local machines as well, and even if your files were small,
you might still see a performance gain.

Please give https://cygwin.com/preliminary-ug/ntsec.html a try.  I really
hope it's worht to read it because it explains the feature thoroughly.

Other than that, yes, you can still create your own mappings by
utilizing the passwd and group files.

> Initially I left the passwd, group and nsswitch.conf untouched ... (as
> noted, I am NOT connected to a domain, and I have never been troubled
> by the slowness as result of the passwd/group files - small files).
> 
> As the output of mkpasswd (and perhaps the "whole" changover in
> 1.7.33) left me with a question (questions?), I subsequently removed
> the aformentioned files ...
> 
> Questions:
> 
>  - why does 'mkpasswd -l Seven -u Henri' report differently from
>  'mkpasswd -l -u Henri'?
>     - uid: 4244636648 vs 197608 ...

The underlying algorithm treats the machine name given as parameter
to -l or -L as a foreign machine in the network and tries to contact
it.  As a foreign machine, the created uid and gid values are different
from the ones for the local machine.  Don't use -l Seven, just use -l
for the local machine.

>  - why does MACHINE show up as a prefix to LOCAL USER in 'mkpasswd -L
>  Seven -u Henri', but NOT
>    in 'mkpasswd -L -u Henri'?

The -L option is only meant to be used for foreign machines.  The
prefixing of the local machine is bound to the underlying mechanism used
in Cygwin per the docs.  On second thought, a -L without machine name
should have been refused by mkpasswd.

>     - name: Seven+Henri vs Henri ...
>     - manual says: -L, generate username WITH machine prefix ...
> 
> Just trying to make sense of it all ...

Yeah, I freely admit that the usage of mkpasswd/mkgroup isn't quite as
evident anymore.  The idea is that the underlying "db" mechanism fixes
the rules.  I'm really not sure yet if and how mkpasswd/mkgroup needs
more change, that's what this testing phase is supposed to show.  Keep
in mind that the new account handling is just as new for me as it is for
you :)


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpte_V7XVI0_.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]