From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10927 invoked by alias); 28 Oct 2014 14:42:59 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 10915 invoked by uid 89); 28 Oct 2014 14:42:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,SPAM_BODY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 28 Oct 2014 14:42:58 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id D73998E0A28; Tue, 28 Oct 2014 15:42:55 +0100 (CET) Date: Tue, 28 Oct 2014 14:42:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Mild amazement (questions) about the output of mkpasswd (1.7.33). Corinna? Message-ID: <20141028144255.GM20607@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <56f1e6ae0c5e30cb5745eed0af9efe39.squirrel@webmail.xs4all.nl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gHypzss5dW8YUwgb" Content-Disposition: inline In-Reply-To: <56f1e6ae0c5e30cb5745eed0af9efe39.squirrel@webmail.xs4all.nl> User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2014-10/txt/msg00497.txt.bz2 --gHypzss5dW8YUwgb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2963 On Oct 28 13:50, Houder wrote: > Hi Corinna, >=20 > As adviced by you, I replaced the "cygwin package" with the test > version (1.7.33) on my "Cygwin-32" ... >=20 > Let us assume, I am NOT interested in "Windows domains" etc. and that > I would like to keep my "own" mapping between SIDs and uids/gids ... > it appears to me, that both mkpasswd and mkgroup are no longer of any > help to me, as both appear to apply "some fixed (automatic) mapping" > between SIDs and uids/gids ... Right? Not quite. Did you read the preliminary documentation? You don't have to use mkpasswd or mkgroup at all, and you don't need the /etc/passwd and /etc/group files. The new feature is NOT only for AD machines, it works for local machines as well, and even if your files were small, you might still see a performance gain. Please give https://cygwin.com/preliminary-ug/ntsec.html a try. I really hope it's worht to read it because it explains the feature thoroughly. Other than that, yes, you can still create your own mappings by utilizing the passwd and group files. > Initially I left the passwd, group and nsswitch.conf untouched ... (as > noted, I am NOT connected to a domain, and I have never been troubled > by the slowness as result of the passwd/group files - small files). >=20 > As the output of mkpasswd (and perhaps the "whole" changover in > 1.7.33) left me with a question (questions?), I subsequently removed > the aformentioned files ... >=20 > Questions: >=20 > - why does 'mkpasswd -l Seven -u Henri' report differently from > 'mkpasswd -l -u Henri'? > - uid: 4244636648 vs 197608 ... The underlying algorithm treats the machine name given as parameter to -l or -L as a foreign machine in the network and tries to contact it. As a foreign machine, the created uid and gid values are different from the ones for the local machine. Don't use -l Seven, just use -l for the local machine. > - why does MACHINE show up as a prefix to LOCAL USER in 'mkpasswd -L > Seven -u Henri', but NOT > in 'mkpasswd -L -u Henri'? The -L option is only meant to be used for foreign machines. The prefixing of the local machine is bound to the underlying mechanism used in Cygwin per the docs. On second thought, a -L without machine name should have been refused by mkpasswd. > - name: Seven+Henri vs Henri ... > - manual says: -L, generate username WITH machine prefix ... >=20 > Just trying to make sense of it all ... Yeah, I freely admit that the usage of mkpasswd/mkgroup isn't quite as evident anymore. The idea is that the underlying "db" mechanism fixes the rules. I'm really not sure yet if and how mkpasswd/mkgroup needs more change, that's what this testing phase is supposed to show. Keep in mind that the new account handling is just as new for me as it is for you :) Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --gHypzss5dW8YUwgb Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUT6tvAAoJEPU2Bp2uRE+gyMEP/050lEkLujWf2eq6o8vAeQUP Apf6oiLhADTTlLFPWZieF2UaFkJiOhzlj0GOOg8GKk0fjvYTo+xaXSJaBHg4lxhu H1Igzg8BMUmXFA7Jk2uHdHN1PzUBn+mj+ZROHudXlvla1+X925rBq0LOE8aJJ4Xj ovX3x7iRjZEr5q57qD5DlnUWcYX26fQr6p/z33yyXBdTunNhGUxNrD+/ddLIzobj +yawqIoba0vCx0YD/eCcR7Yuo+emtp+bdxXtMmvaPvDq0n2YfOQ9dq3IzMSafDho McBEevcSPzO1aAmcGgPZ8o//bfitjcJFn787uj9LdmluzACPMl2mP9ObyZFerl8B WIXIQdpf+Yffm2IWs6KoJl8bUEaE8GL5+G/HHacw9q62g4zM4nIEk7rjcckBShd6 RBtqTU1/nzikzyDcL1zBsBGlvZ6xCoyPVYr9jGZVlDd90LNO3KIqIlv1vyqGrNj6 cfNiRMdyPGUkf7h+ZVhirTun6Bj5uRSIES9FpgsEhqPBXvizVi4cs5SKUWyJbrRX 1AqvY6anwE6QMffemmx3y/sgAd3l2p43xKVl9FkBMrC0j6emejX9SJE1BwUjctEr 5LmPl6p8A+Wcl7iJtlbB04D13fDHHvvPNf2dLzqVomOTrnvyd9sM8jQ2/qNrYdnd 9ViBz9ySVhzAv2vPhw8A =itk5 -----END PGP SIGNATURE----- --gHypzss5dW8YUwgb--