Le 30/09/2020 à 22:06, Jamie Zawinski a écrit :
> The reason remote.c includes @hostname on the XA_SCREENSAVER_ID is to detect
> the case when "xscreensaver" and "xscreensaver-demo" are running on different
> hosts, because if they are different hosts, they are likely different file
> systems for the home directory. Your first patch disables this check.
>
> I still don't understand why a user name would have an @ in it in the first
> place, so I can't comment on the rest.
When using sssd[1] with different auth providers (ldap, ad, ...),
users (and groups) are suffixed by '@'providerid
Usernames without qualifiers get the default one when used.
For example:
cat /etc/sssd/sssd.conf
[sssd]
[...]
domains = nts,example.fr
default_domain_suffix = example.fr
[...]
[domain/example.fr]
id_provider = ad
[... ad config ...]
[domain/nts]
id_provider = ldap
[...ldap config ...]
And then:
$ id user1
uid=157153([email protected]) gid=5153([email protected])
groupes=5153([email protected]),13182([email protected]),136315([email protected])
$ id user2
id: 'user2': no such user
$ id user2@nts
uid=5000(user2@nts) gid=5000(user2@nts)
groups=5000(user2@nts),4010(application-access-grp@nts)
So, the '@' in the username comes from the sssd software that is
more and more used in large systems (AD/ldap/...)
This is transparent to most software, even with ssh that already uses
'@' itself. Using my previous example, to log into the system, I can use:
ssh user1@host
ssh [email protected]@host
ssh -l user1 host
ssh -l [email protected] host
ssh user2@nts@host
ssh -l user2@nts host
but not (user2 is not a user in the default auth provider)
ssh user2@host
Regards,
Vincent
[1] https://en.wikipedia.org/wiki/System_Security_Services_Daemon
--
Vincent Danjean GPG key ID 0xD17897FA [email protected]
GPG key fingerprint: 621E 3509 654D D77C 43F5 CA4A F6AE F2AF D178 97FA
Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://people.debian.org/~vdanjean/debian unstable main
