Is it possible to use centralized passwords with cygwin inetd?

Is it possible to use centralized passwords with cygwin inetd?

[Bruce P. Osler]

For starters - I'd like to contribute to the Cygwin love-fest going
on.  I think Cygwin is an awesome environment with huge benefits
for folks working under windows.

Today I'm interested in finding out wether I can use networked
password services with the cygwin inetd.  At work I would like to
setup a series of computers with Cygwin tools all of which are
running the Cygwin inetd.  As there are a couple of hundred engineers
in this environment the option of maintaining multiple /etc/passwd
files is a bit onerous (if not unreasonable).  All of these computers
are already hooked into an environment where the user passwords are
provided and managed centrally to an NT domain.  Is there any way
I can have Cygwin/inetd use the central domain password service
for authentication?

- Bruce


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Is it possible to use centralized passwords with cygwin inetd?

[Andrew DeFaria]

(Send to the list and the sender)...

Bruce P. Osler wrote:

> For starters - I'd like to contribute to the Cygwin love-fest going
> on.  I think Cygwin is an awesome environment with huge benefits
> for folks working under windows.
>
> Today I'm interested in finding out wether I can use networked
> password services with the cygwin inetd.  At work I would like to
> setup a series of computers with Cygwin tools all of which are
> running the Cygwin inetd.  As there are a couple of hundred engineers
> in this environment the option of maintaining multiple /etc/passwd
> files is a bit onerous (if not unreasonable).  All of these computers
> are already hooked into an environment where the user passwords are
> provided and managed centrally to an NT domain.  Is there any way
> I can have Cygwin/inetd use the central domain password service
> for authentication?

Short answer: Yes.

Slightly longer answer: Create a passwd file with mkpasswd -d and store 
it on a common area. Then symlink /etc/passwd -> 
//<commonserver>/<commonshare>/passwd. Normally people worry about 
symlinking such files as /etc/passwd because it would be hard to boot up 
and log into the machine if the network were down. But you don't boot up 
nor log into Cygwin as per se, rather you log into Windows first.

You might wish to do this for /etc/group too.

You might wish to scriptize mkpasswd to call /bin/mkpasswd then perform 
some fix ups on the resulting passwd file before making it global.

You might wish to develop a script to insure the above symlink(s) are 
properly in place as well as say mounting //<commonserver>/<homeshare> 
-> /home, etc.

This is what I do and it works very well.




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Is it possible to use centralized passwords with cygwin inetd ?

[Bruce P. Osler]

Thnx, the pieces fit now.

- Bruce


At 04:42 PM 12/6/2002 +0000, Max Bowsher wrote:
>Bruce P. Osler <brosler@cisco.com> wrote:
>
> > Hmmm, I had thought the long ugly string (eg
> > S-1-5-21-1677152479-820197058- 1843927889-1002) was the password.
>
>No, that's the Windows SID. The password field is the one with
>"unused_by_nt/2000/xp".
>
>Max.
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Is it possible to use centralized passwords with cygwin inetd ?

[Max Bowsher]

Bruce P. Osler <brosler@cisco.com> wrote:

> Hmmm, I had thought the long ugly string (eg
> S-1-5-21-1677152479-820197058- 1843927889-1002) was the password.

No, that's the Windows SID. The password field is the one with
"unused_by_nt/2000/xp".

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Is it possible to use centralized passwords with cygwin inetd ?

[Bruce P. Osler]

Hmmm, I had thought the long ugly string (eg S-1-5-21-1677152479-820197058-
1843927889-1002) was the password.  Sounds like I made the wrong assumption.
So ... if this is the case, it sounds like it's workable.  Especially so
given that the employee roles haven't changed in nearly two years :-/

- Bruce


At 02:39 PM 12/6/2002 +0000, Max Bowsher wrote:
>Bruce P. Osler <brosler@cisco.com> wrote:
>
> > I guess I was looking for something a bit more dynamic.
>
>IIRC - If you do what was suggested, you should only need to rerun mkpasswd
>when users are added or removed, not when they change their password.
>
>Not wonderful, but distinctly better that what you imagine.
>
>If you look inside a mkpasswd-generated passwd file, you will see that there
>is no password info stored there.
>
>Max.
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Is it possible to use centralized passwords with cygwin inetd ?

[Max Bowsher]

Bruce P. Osler <brosler@cisco.com> wrote:

> I guess I was looking for something a bit more dynamic.

IIRC - If you do what was suggested, you should only need to rerun mkpasswd
when users are added or removed, not when they change their password.

Not wonderful, but distinctly better that what you imagine.

If you look inside a mkpasswd-generated passwd file, you will see that there
is no password info stored there.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: Is it possible to use centralized passwords with cygwin inetd ?

[Bruce P. Osler]

I guess I was looking for something a bit more dynamic.  I understand
that I can create entries on my local machine which contain the domain
users password.  The issue for me is one of centralization.  Is there
a way I can bypass the local /etc/passwd file in order that cygwin
directly queries the network resource.  To do this I would imagine an
exchange similar to the following would have to be seen:

brosler@WHEREVER-NT ~
$ telnet brosler-nt
Trying 172.27.57.214...
Connected to brosler-nt.foobar.com.
Escape character is '^]'.

CYGWIN_NT-4.0 1.3.15(0.63/3/2) (brosler-nt) (tty0)

login: FOOBAR_ENG\brosler
password:

brosler-nt@BROSLER-nt ~
$



In this instance the /etc/passwd file would NOT contain an entry for
this specific user, but rather it would contain an entry for something
like "U-FOOBAR_ENG\everyone" or some such thing which would cause the
passwd agent to direct the query to the network instead of at the local
passwd file.

I mean, inside cisco there's something on the order of 40000 employees.
In my imediate group there's over 400.  The idea that all of them are
never going to change their password is ludicrous as well as the nature
of having to pull down 400 passwords on a periodic basis (NT reboots are
not an unknown :-)  As all this password stuff is already accounted for
on a network server somewhere in the ether, why not take advantage of it.

- Bruce




At 10:41 AM 12/6/2002 +0000, Vince Hoffman wrote:
>Cygwin fully supports domain users. just run `mkpasswd -d <domain name> >>
>/etc/passwd` on each box.
>(setup may run this automaticly these days i'm not sure so check if you
>already have a list of domain users in your passwd file.)
>
>
> > -----Original Message-----
> > From: Bruce P. Osler [mailto:brosler@cisco.com]
> > Sent: 05 December 2002 22:04
> > To: cygwin@cygwin.com
> > Cc: Bruce Osler
> > Subject: Is it possible to use centralized passwords with
> > cygwin inetd?
> >
> >
> > For starters - I'd like to contribute to the Cygwin love-fest going
> > on.  I think Cygwin is an awesome environment with huge benefits
> > for folks working under windows.
> >
> > Today I'm interested in finding out wether I can use networked
> > password services with the cygwin inetd.  At work I would like to
> > setup a series of computers with Cygwin tools all of which are
> > running the Cygwin inetd.  As there are a couple of hundred engineers
> > in this environment the option of maintaining multiple /etc/passwd
> > files is a bit onerous (if not unreasonable).  All of these computers
> > are already hooked into an environment where the user passwords are
> > provided and managed centrally to an NT domain.  Is there any way
> > I can have Cygwin/inetd use the central domain password service
> > for authentication?
> >
> > - Bruce
> >
> >
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> >
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: Is it possible to use centralized passwords with cygwin inetd ?

[Vince Hoffman]

Cygwin fully supports domain users. just run `mkpasswd -d <domain name> >>
/etc/passwd` on each box.
(setup may run this automaticly these days i'm not sure so check if you
already have a list of domain users in your passwd file.)


> -----Original Message-----
> From: Bruce P. Osler [mailto:brosler@cisco.com]
> Sent: 05 December 2002 22:04
> To: cygwin@cygwin.com
> Cc: Bruce Osler
> Subject: Is it possible to use centralized passwords with 
> cygwin inetd?
> 
> 
> For starters - I'd like to contribute to the Cygwin love-fest going
> on.  I think Cygwin is an awesome environment with huge benefits
> for folks working under windows.
> 
> Today I'm interested in finding out wether I can use networked
> password services with the cygwin inetd.  At work I would like to
> setup a series of computers with Cygwin tools all of which are
> running the Cygwin inetd.  As there are a couple of hundred engineers
> in this environment the option of maintaining multiple /etc/passwd
> files is a bit onerous (if not unreasonable).  All of these computers
> are already hooked into an environment where the user passwords are
> provided and managed centrally to an NT domain.  Is there any way
> I can have Cygwin/inetd use the central domain password service
> for authentication?
> 
> - Bruce
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/