On Apr 1 10:55, Corinna Vinschen wrote: > On Apr 1 14:46, Damien Miller wrote: > > On Mon, 31 Mar 2014, Corinna Vinschen wrote: > > > > > For instance, assuming you have a domain member machine MACH103, which > > > is member of the domain DOM1. Assuming the machine as well as DOM1 > > > and another dmain, DOM2, all have a user called "sshd", the automatically > > > generated Cygwin usernames will be > > > > > > MACH103+sshd for the local account > > > sshd for the account in domain DOM1 > > > DOM2+sshd for the account in domain DOM2. > > > > > > Additionally, the admin can decide if the domain name gets prepended > > > every time, which results in "DOM1+sshd" as username in DOM1, and the > > > domain separator character can be chosen freely as well, for instance > > > a backslash (MACH103\sshd). > > > > > > With domainnames being part of the username, this allows for so many > > > variations of the actual username, that a fixed name "sshd" or just > > > a compile time option will become a problem. > > > > > > Any chance to get such a sshd_config option? > > > > I'm really loathe to add an option for this. Is there any way that > > sshd could figure out which account automatically? e.g. by having > > ssh-host-config ensure that ${machine}/sshd exists and is appropriately > > configured > > I'm not sure I can follow. Do you mean we should make sure that a > machine account sshd always exists and use that? > > The problem is, sshd would still call getpwent("sshd"). This would work s/getpwent/getpwnam > for machine accounts on non-domain machines and for primary domain > accounts on domain member machines, but it would fail for a machine > account on a domain member machine when using the default account naming > rules. And if the admin changed them to "always prepend domain name", > there would not be a "sshd" account at all. Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat
Attachment:
pgpnq0nvx0sUa.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev