This is the mail archive of the cygwin mailing list for the Cygwin project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Jun 26 07:35, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > - Build your own OpenSSH package with the following patch applied:
> >
> > http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-May/032591.html
> >
> > It converts the static request for an account called "sshd" into
> > a function call which checks for the "sshd" account by calling
> > a Cygwin DLL function checking for the account by prepending the
> > potential prefixes. This patch has been applied upstream, and
> > a new version of OpenSSH will be available as soon as we go life
> > with the AD integration stuff.
>
> Is there a corresponding change needed to take care of LDAP groups so these
"LDAP groups" is rather misleading. The naming convention has nothing
to do with LDAP, rather it's a Interix invention. The names are
generated inside the Cygwin DLL in dependent of using LDAP or not.
> can be used in AllowGroups?
In theory, no. AllowGroups is admin-settable in the config file while
the "sshd" user request is built into the code. Just use the names as
you get them:
AllowGroups bla MACHINE+blub DOMAIN+blubber ...
Corinna
(*) per MSFT this is supposed to be faster than NetUserEnum and uses less
resources. In my limited environment, `getent group' is in fact five
times faster than the former `mkgroup -l -d'.
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
Attachment:
pgpugCB11Ykzj.pgp
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |