public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
From: "Houder" <houder@xs4all.nl>
To: cygwin@cygwin.com
Subject: Re: Mild amazement (questions) about the output of mkpasswd  (1.7.33).  Corinna?
Date: Tue, 28 Oct 2014 15:16:00 -0000	[thread overview]
Message-ID: <1325b42e63be603bb9c8b4c206f5b91b.squirrel@webmail.xs4all.nl> (raw)
In-Reply-To: <20141028144255.GM20607@calimero.vinschen.de>

> On Oct 28 13:50, Houder wrote:
>> Hi Corinna,
>>
>> As adviced by you, I replaced the "cygwin package" with the test
>> version (1.7.33) on my "Cygwin-32" ...
>>
>> Let us assume, I am NOT interested in "Windows domains" etc. and that
>> I would like to keep my "own" mapping between SIDs and uids/gids ...
>> it appears to me, that both mkpasswd and mkgroup are no longer of any
>> help to me, as both appear to apply "some fixed (automatic) mapping"
>> between SIDs and uids/gids ... Right?
>
> Not quite.  Did you read the preliminary documentation?  You don't have
> to use mkpasswd or mkgroup at all, and you don't need the /etc/passwd
> and /etc/group files.  The new feature is NOT only for AD machines,
> it works for local machines as well, and even if your files were small,
> you might still see a performance gain.
>
> Please give https://cygwin.com/preliminary-ug/ntsec.html a try.  I really
> hope it's worht to read it because it explains the feature thoroughly.

:-)) Do you _really_ believe I did not study your text? Yes, I did ... and
not for the first time.

Keep in mind, please: Windows is not exactly 'my cup of tea' :-)

> Other than that, yes, you can still create your own mappings by
> utilizing the passwd and group files.

Wonderful ... I have grown accustomed to my old mapping (RID -> uid/gid).

>> Initially I left the passwd, group and nsswitch.conf untouched ... (as
>> noted, I am NOT connected to a domain, and I have never been troubled
>> by the slowness as result of the passwd/group files - small files).
>>
>> As the output of mkpasswd (and perhaps the "whole" changover in
>> 1.7.33) left me with a question (questions?), I subsequently removed
>> the aformentioned files ...
>>
>> Questions:
>>
>>  - why does 'mkpasswd -l Seven -u Henri' report differently from
>>  'mkpasswd -l -u Henri'?
>>     - uid: 4244636648 vs 197608 ...
>
> The underlying algorithm treats the machine name given as parameter
> to -l or -L as a foreign machine in the network and tries to contact
> it.  As a foreign machine, the created uid and gid values are different
> from the ones for the local machine.  Don't use -l Seven, just use -l
> for the local machine.

Oh, dear, it does not recognize its own name ... Poor soul. Yes, I had
already gathered that much ...

>>  - why does MACHINE show up as a prefix to LOCAL USER in 'mkpasswd -L
>>  Seven -u Henri', but NOT
>>    in 'mkpasswd -L -u Henri'?
>
> The -L option is only meant to be used for foreign machines.  The
> prefixing of the local machine is bound to the underlying mechanism used
> in Cygwin per the docs.  On second thought, a -L without machine name
> should have been refused by mkpasswd.
>
>>     - name: Seven+Henri vs Henri ...
>>     - manual says: -L, generate username WITH machine prefix ...

Understood, use mkpasswd and mkgroup with some "imagination" (until all
option processing has been thoroughly tested and repaired).

>> Just trying to make sense of it all ...
>
> Yeah, I freely admit that the usage of mkpasswd/mkgroup isn't quite as
> evident anymore.  The idea is that the underlying "db" mechanism fixes
> the rules.  I'm really not sure yet if and how mkpasswd/mkgroup needs
> more change, that's what this testing phase is supposed to show.  Keep
> in mind that the new account handling is just as new for me as it is for
> you :)

... uhm, not quite, I believe ... you are bathing in the dazzling light of
understanding ... I am just groping for a ray of that light ;-)

Once more, thank you for clarifying!

Henri

=====


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

      reply	other threads:[~2014-10-28 15:16 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-28 12:50 Houder
2014-10-28 14:42 ` Corinna Vinschen
2014-10-28 15:16   ` Houder [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1325b42e63be603bb9c8b4c206f5b91b.squirrel@webmail.xs4all.nl \
    --to=houder@xs4all.nl \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).