This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Still testing needed: New passwd/group AD/SAM integration


Greetings, Corinna Vinschen!

>> > * db_separator in /etc/nsswitch.conf
>> 
>> >   Is it really such a good idea to have a configurable separator
>> >   char in user and group names?  Is it important that it is
>> >   configurable?  Is '+' a good choice for the default separator?
>> >   Wouldn't the backslash a better and, perhaps, only choice?
>> 
>> The "+" as a separator was conceived in *NIX because backslash has a long

> in *NIX?  Do you mean SFU or is there other precedent of the '+
> character I'm not aware of?

Ok, Samba specifically. Sorry I was unclear.

>> history of being a way-too-meaningful escape character.
>> (Though, you know it, I'll just say it for other interested parties.)
>> I don't have an opinion on it, but I tend to favor native semantics, means,
>> the backslash.
>> If anyone are familiar with modern state of preferred domain separator
>> in Samba 4, would that effect the decision?

> Quoting from the smb.conf man page:

>    winbind separator (G)

>        This parameter allows an admin to define the character used when
>        listing a username of the form of DOMAIN \user. This parameter is
>        only applicable when using the pam_winbind.so and nss_winbind.so
>        modules for UNIX services.

>        Please note that setting this parameter to + causes problems with
>        group membership at least on glibc systems, as the character + is
>        used as a special character for NIS in /etc/group.

>        Default: winbind separator = '\'

>        Example: winbind separator = +

> We don't have the glibc/NIS problem, of course.  I'm not going to
> comment on this, I'd really like to see what you guys think.  Obvious
> choices are:

> - Keep "db_separator", + as default
> - Keep "db_separator", \ as default
> - Remove "db_separator", fixed character +
> - Remove "db_separator", fixed character \
> - Something entirely different.

mmm... For something entirely different...
Fixed db_separator = \
Default domain setting somewhere to tell Cygwin to look for users there first.
Environment variable to specify/override default domain on the fly.
Or even simpler, just an environment variable establishing the list of
domains to lookup. And the order of lookup.

Perhaps, convoluted, but could cover many cases, where simple user name would
be ambiguous, but useful. And doesn't break standalone installations, if not set.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 14.04.2014, <13:00>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]