From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: RE: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?)
Date: Fri, 07 Feb 2014 21:49:00 -0000 [thread overview]
Message-ID: <5F8AAC04F9616747BC4CC0E803D5907D0C47C45C@MLBXv04.nih.gov> (raw)
In-Reply-To: <20140207213013.GT2821@calimero.vinschen.de>
> I think SAM/AD will be mostly quicker
I do not want to be a party pooper here, but have you checked how
the AD approach will work from the unmanaged Windows service accounts?
We've been experiencing rather nasty effects of the M$ design that
when a host changes its password (it is required to, every so many
days), it is no longer considered an "authorized" agent (rather,
anonymous). Accessing AD anonymously (esp. from system-managed
service account) is limited; like when you request a list,
you get only first 100 (who at M$ had invented this?!) entries.
Which means that if your code is scanning, it won't find
more than 100 users (and they are alphabetized, so the "excess"
users will simply disappear from view). That creates false-positive
nonexistent users / groups. The only remedy is to restart the host...
P.S. I'm not an AD person, and some of the info from the above
comes from our sysadmins (how they see things unfolding).
Anton Lavrentiev
Contractor NIH/NLM/NCBI
next prev parent reply other threads:[~2014-02-07 21:49 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-06 7:29 cygwin-1.7.28 getpwent header declaration changes ? Marco Atzeri
2014-02-06 9:01 ` Corinna Vinschen
2014-02-06 10:20 ` Marco Atzeri
2014-02-06 13:00 ` Jan Nijtmans
2014-02-06 14:02 ` Corinna Vinschen
[not found] ` <CAO1jNws3H_Wbec=y_UoYkhrb5nMX7iT7_A5XaHcQKCw32o055g@mail.gmail.com>
2014-02-06 14:15 ` Fwd: " Jan Nijtmans
2014-02-06 14:28 ` Corinna Vinschen
2014-02-06 14:41 ` Corinna Vinschen
2014-02-06 14:13 ` Corinna Vinschen
2014-02-06 21:43 ` get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?) Warren Young
2014-02-07 9:49 ` Corinna Vinschen
2014-02-07 12:50 ` Andrey Repin
2014-02-07 17:26 ` Warren Young
2014-02-07 18:20 ` Andrey Repin
2014-02-07 13:53 ` David Stacey
2014-02-07 17:51 ` Warren Young
2014-02-07 19:21 ` Corinna Vinschen
2014-02-09 16:10 ` Warren Young
2014-02-09 16:16 ` Corinna Vinschen
2014-02-09 16:31 ` Corinna Vinschen
2014-02-09 16:37 ` Ken Brown
2014-02-09 17:12 ` David Stacey
2014-02-10 10:48 ` Warren Young
2014-02-10 13:16 ` Peter Rosin
2014-02-10 22:05 ` Warren Young
2014-02-10 23:35 ` David Stacey
2014-02-11 2:35 ` Andrey Repin
2014-02-12 0:06 ` David Stacey
2014-02-12 2:06 ` Warren Young
2014-02-12 3:54 ` Eric Blake
2014-02-12 9:09 ` Corinna Vinschen
2014-02-12 12:05 ` Andrey Repin
2014-02-12 15:16 ` Richard
2014-02-12 16:24 ` Ken Brown
2014-02-12 17:05 ` Richard
2014-02-12 17:15 ` Andrey Repin
2014-02-12 20:49 ` Corinna Vinschen
2014-02-12 22:53 ` Christopher Faylor
2014-02-13 11:46 ` Corinna Vinschen
2014-02-13 14:35 ` Andrey Repin
2014-02-13 14:38 ` Christopher Faylor
2014-02-13 15:37 ` Corinna Vinschen
2014-02-13 15:48 ` Christopher Faylor
2014-02-13 16:09 ` Corinna Vinschen
2014-02-13 18:33 ` get rid of getpwent? Achim Gratz
2014-02-13 19:02 ` Andrey Repin
2014-02-13 20:41 ` Corinna Vinschen
2014-02-13 21:48 ` Achim Gratz
2014-02-14 9:46 ` Corinna Vinschen
2014-02-12 4:40 ` get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?) Andrey Repin
2014-02-07 20:09 ` Warren Young
2014-02-07 20:25 ` Warren Young
2014-02-07 21:01 ` Corinna Vinschen
2014-02-07 21:30 ` Corinna Vinschen
2014-02-07 21:49 ` Lavrentiev, Anton (NIH/NLM/NCBI) [C] [this message]
2014-02-08 10:38 ` Corinna Vinschen
2014-02-08 21:29 ` Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2014-02-09 1:29 ` Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2014-02-07 21:44 ` Larry Hall (Cygwin)
2014-02-07 22:45 ` David Stacey
2014-02-07 23:39 ` Larry Hall (Cygwin)
2014-02-08 0:50 ` Andrey Repin
2014-02-08 15:19 ` Warren Young
2014-02-08 15:39 ` Warren Young
2014-02-09 20:06 ` cygwin-1.7.28 getpwent header declaration changes ? Marco Atzeri
2014-02-09 20:20 ` Corinna Vinschen
2014-02-10 16:14 ` Marco Atzeri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5F8AAC04F9616747BC4CC0E803D5907D0C47C45C@MLBXv04.nih.gov \
--to=lavr@ncbi.nlm.nih.gov \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).