From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83313 invoked by alias); 24 Mar 2015 09:04:35 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 83301 invoked by uid 89); 24 Mar 2015 09:04:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail1.bemta14.messagelabs.com Received: from mail1.bemta14.messagelabs.com (HELO mail1.bemta14.messagelabs.com) (193.109.254.120) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 24 Mar 2015 09:04:33 +0000 Received: from [193.109.254.147] by server-16.bemta-14.messagelabs.com id 20/D0-05122-D9821155; Tue, 24 Mar 2015 09:04:29 +0000 X-Env-Sender: Tim.Magee@thales-esecurity.com X-Msg-Ref: server-9.tower-27.messagelabs.com!1427187869!12588268!1 X-StarScan-Received: X-StarScan-Version: 6.13.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 23561 invoked from network); 24 Mar 2015 09:04:29 -0000 Received: from mail-gate.ncipher.com (HELO mail-gate.ncipher.com) (82.108.130.23) by server-9.tower-27.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 24 Mar 2015 09:04:29 -0000 Received: from outlook.ncipher.com (exchange-uk01.ncipher.com [172.19.133.94]) by mail-gate.ncipher.com (8.13.8/8.13.8) with ESMTP id t2O94SjK013755 for ; Tue, 24 Mar 2015 09:04:29 GMT Received: from [172.23.135.192] (172.23.135.192) by exchange-uk01.ncipher.com (172.19.133.94) with Microsoft SMTP Server (TLS) id 8.3.389.2; Tue, 24 Mar 2015 09:04:28 +0000 Message-ID: <5511289D.5030203@thales-esecurity.com> Date: Tue, 24 Mar 2015 12:40:00 -0000 From: Tim Magee User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: mkpasswd: option to force the 'primary' domain? References: <550C0B53.6080201@thales-esecurity.com> <20150320181011.GB12906@calimero.vinschen.de> In-Reply-To: <20150320181011.GB12906@calimero.vinschen.de> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-03/txt/msg00409.txt.bz2 On 20/03/15 18:10, Corinna Vinschen wrote: > On Mar 20 11:58, Tim Magee wrote: >> Now then, >> >> Since Cygwin 1.7.34 dropped, mkpasswd has been problematic for us. Our >> problem is with the way user names pulled from outside the primary domain >> get decorated. My question is: will there ever be a way to tell >> mkpasswd/mkgroup "make the one whose users get >> undecorated names"? >> >> We have Windows machines in one AD domain, and all our users in a different >> AD domain. According to the 'POSIX accounts, permissions and security' >> page, the machine's domain is considered the primary one. "mkpasswd -d" will >> generate undecorated names for that domain, and decorated names for any >> other named domain. >> >> We use SSH-based tools a great deal here, and we use Cygwin to make our >> Windows machines behave like members of our POSIX machine community, so >> having our usernames appear the same on all machines is very desirable. >> >> I think I can recreate the pre-1.74 behaviour with a little seddery, but I'd >> bet folding money that my seddery isn't future-proof. So, are >> mkpasswd/mkgroup ever likely to get an option to force the "undecorated >> users" domain? > > I'm not planning this. The idea is that mkpasswd/mkgroup create account > names compatible with the "db"-based accounts and everyhing else is left > to post-creation manipulation. > > Having said that, the new account handling is supposed to be stable on > the user level for quite some time, ideally at least as many years as > the old /etc/passwd&/etc/group-only based code. Therefore using some > sed script to filter the output of mkpasswd/mkgroup if you dislike the > new account handling is the way to go. > > > Corinna > Thanks, I feel more confident of my seddery already! In case anyone else with a similar setup reads this thread: using sed to trim off the domain decoration for the chosen domain is WFMing like a champ, but you'll want to make sure you're not creating name clashes. It's safe for us because we only have users we care about in one domain. Tim -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple