RE: Is it possible to use centralized passwords with cygwin inetd?
Cygwin fully supports domain users. just run `mkpasswd -d domain name /etc/passwd` on each box. (setup may run this automaticly these days i'm not sure so check if you already have a list of domain users in your passwd file.) -Original Message- From: Bruce P. Osler [mailto:[EMAIL PROTECTED]] Sent: 05 December 2002 22:04 To: [EMAIL PROTECTED] Cc: Bruce Osler Subject: Is it possible to use centralized passwords with cygwin inetd? For starters - I'd like to contribute to the Cygwin love-fest going on. I think Cygwin is an awesome environment with huge benefits for folks working under windows. Today I'm interested in finding out wether I can use networked password services with the cygwin inetd. At work I would like to setup a series of computers with Cygwin tools all of which are running the Cygwin inetd. As there are a couple of hundred engineers in this environment the option of maintaining multiple /etc/passwd files is a bit onerous (if not unreasonable). All of these computers are already hooked into an environment where the user passwords are provided and managed centrally to an NT domain. Is there any way I can have Cygwin/inetd use the central domain password service for authentication? - Bruce -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Is it possible to use centralized passwords with cygwin inetd ?
I guess I was looking for something a bit more dynamic. I understand that I can create entries on my local machine which contain the domain users password. The issue for me is one of centralization. Is there a way I can bypass the local /etc/passwd file in order that cygwin directly queries the network resource. To do this I would imagine an exchange similar to the following would have to be seen: brosler@WHEREVER-NT ~ $ telnet brosler-nt Trying 172.27.57.214... Connected to brosler-nt.foobar.com. Escape character is '^]'. CYGWIN_NT-4.0 1.3.15(0.63/3/2) (brosler-nt) (tty0) login: FOOBAR_ENG\brosler password: brosler-nt@BROSLER-nt ~ $ In this instance the /etc/passwd file would NOT contain an entry for this specific user, but rather it would contain an entry for something like U-FOOBAR_ENG\everyone or some such thing which would cause the passwd agent to direct the query to the network instead of at the local passwd file. I mean, inside cisco there's something on the order of 4 employees. In my imediate group there's over 400. The idea that all of them are never going to change their password is ludicrous as well as the nature of having to pull down 400 passwords on a periodic basis (NT reboots are not an unknown :-) As all this password stuff is already accounted for on a network server somewhere in the ether, why not take advantage of it. - Bruce At 10:41 AM 12/6/2002 +, Vince Hoffman wrote: Cygwin fully supports domain users. just run `mkpasswd -d domain name /etc/passwd` on each box. (setup may run this automaticly these days i'm not sure so check if you already have a list of domain users in your passwd file.) -Original Message- From: Bruce P. Osler [mailto:[EMAIL PROTECTED]] Sent: 05 December 2002 22:04 To: [EMAIL PROTECTED] Cc: Bruce Osler Subject: Is it possible to use centralized passwords with cygwin inetd? For starters - I'd like to contribute to the Cygwin love-fest going on. I think Cygwin is an awesome environment with huge benefits for folks working under windows. Today I'm interested in finding out wether I can use networked password services with the cygwin inetd. At work I would like to setup a series of computers with Cygwin tools all of which are running the Cygwin inetd. As there are a couple of hundred engineers in this environment the option of maintaining multiple /etc/passwd files is a bit onerous (if not unreasonable). All of these computers are already hooked into an environment where the user passwords are provided and managed centrally to an NT domain. Is there any way I can have Cygwin/inetd use the central domain password service for authentication? - Bruce -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Is it possible to use centralized passwords with cygwin inetd ?
Bruce P. Osler [EMAIL PROTECTED] wrote: I guess I was looking for something a bit more dynamic. IIRC - If you do what was suggested, you should only need to rerun mkpasswd when users are added or removed, not when they change their password. Not wonderful, but distinctly better that what you imagine. If you look inside a mkpasswd-generated passwd file, you will see that there is no password info stored there. Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Is it possible to use centralized passwords with cygwin inetd ?
Hmmm, I had thought the long ugly string (eg S-1-5-21-1677152479-820197058- 1843927889-1002) was the password. Sounds like I made the wrong assumption. So ... if this is the case, it sounds like it's workable. Especially so given that the employee roles haven't changed in nearly two years :-/ - Bruce At 02:39 PM 12/6/2002 +, Max Bowsher wrote: Bruce P. Osler [EMAIL PROTECTED] wrote: I guess I was looking for something a bit more dynamic. IIRC - If you do what was suggested, you should only need to rerun mkpasswd when users are added or removed, not when they change their password. Not wonderful, but distinctly better that what you imagine. If you look inside a mkpasswd-generated passwd file, you will see that there is no password info stored there. Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Is it possible to use centralized passwords with cygwin inetd ?
Bruce P. Osler [EMAIL PROTECTED] wrote: Hmmm, I had thought the long ugly string (eg S-1-5-21-1677152479-820197058- 1843927889-1002) was the password. No, that's the Windows SID. The password field is the one with unused_by_nt/2000/xp. Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Is it possible to use centralized passwords with cygwin inetd ?
Thnx, the pieces fit now. - Bruce At 04:42 PM 12/6/2002 +, Max Bowsher wrote: Bruce P. Osler [EMAIL PROTECTED] wrote: Hmmm, I had thought the long ugly string (eg S-1-5-21-1677152479-820197058- 1843927889-1002) was the password. No, that's the Windows SID. The password field is the one with unused_by_nt/2000/xp. Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Is it possible to use centralized passwords with cygwin inetd?
(Send to the list and the sender)... Bruce P. Osler wrote: For starters - I'd like to contribute to the Cygwin love-fest going on. I think Cygwin is an awesome environment with huge benefits for folks working under windows. Today I'm interested in finding out wether I can use networked password services with the cygwin inetd. At work I would like to setup a series of computers with Cygwin tools all of which are running the Cygwin inetd. As there are a couple of hundred engineers in this environment the option of maintaining multiple /etc/passwd files is a bit onerous (if not unreasonable). All of these computers are already hooked into an environment where the user passwords are provided and managed centrally to an NT domain. Is there any way I can have Cygwin/inetd use the central domain password service for authentication? Short answer: Yes. Slightly longer answer: Create a passwd file with mkpasswd -d and store it on a common area. Then symlink /etc/passwd - //commonserver/commonshare/passwd. Normally people worry about symlinking such files as /etc/passwd because it would be hard to boot up and log into the machine if the network were down. But you don't boot up nor log into Cygwin as per se, rather you log into Windows first. You might wish to do this for /etc/group too. You might wish to scriptize mkpasswd to call /bin/mkpasswd then perform some fix ups on the resulting passwd file before making it global. You might wish to develop a script to insure the above symlink(s) are properly in place as well as say mounting //commonserver/homeshare - /home, etc. This is what I do and it works very well. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
