>>> Michael Ströder <[email protected]> schrieb am 07.06.2022 um 08:27 in Nachricht <[email protected]>: > On 6/7/22 08:25, Ulrich Windl wrote: >>>>> Michael Ströder <[email protected]> schrieb am 05.06.2022 um 23:16 in >> Nachricht <[email protected]>: >>> On 6/5/22 23:02, Felix Schäfer wrote: >>>>> Am 05.06.2022 um 22:36 schrieb Michael Ströder <[email protected]>: >>>>> >>>>> But, like it or not, POSIX names are case-sensitive. So with >>>>> posixGroup entries you have to preserve the case for completely >>>>> consistent data. > >>>> It’s not just posix. >>> >>> Believe me I'm aware of all those issues. >>> >>> That's the reason why my Æ-DIR mandates lower-cased user and group names. >> >> Ah that bug: In the past we could lock out a user by entering it's name in >> capitals (the user couldn't log in even with the correct password, as LDAP
> did >> find the user). >> Later the lower-case variant of the user would be locked out as well. > > Hmm, which component enforced the lock out in this case? It's quite some time ago; I can hardly remember. I searched and found it. Seems to be a different problem, but now that you were asking, I'm explaining: For NIS compatibility were were uing ent´tries like this at the end of the password file: +@dialog_users:::::: +:NO-LOGIN:::::/sbin/nologin So all non-dialog users were denied login. When I had eneterd the user in capital letters the NO-LOGIN entry matched, but when entering the name correctly later, I could not log in. I had found out that "getent passwd user" would show /sbin/nologin as shell then. In that case the solution was: "nscd -i passwd" (invalidate the password cache) So a different problem it seems, and sorry for the confusion. Regards, Ulrich > > Ciao, Michael.
