Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator
Originally the code was written to allow three ways of prefixing
accounts and to freely define a domain/account separator. This code
has been disabled even before being officially released, and it was
never re-enabled. Given there has been no complaints for eight years
now, drop this code eventually. Just add a macro to define the
domain/account separator statically.
Fixes: cc332c9e27
("(cygheap_pwdgrp::nss_init_line): Disable db_prefix
and db_separator settings. Add comment")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
30add3e6b3
commit
3b37a11870
|
@ -604,7 +604,7 @@ cygwin_internal (cygwin_getinfo_types t, ...)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CW_GETNSSSEP:
|
case CW_GETNSSSEP:
|
||||||
res = (uintptr_t) cygheap->pg.nss_separator ();
|
res = (uintptr_t) NSS_SEPARATOR_STRING;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CW_GETNSS_PWD_SRC:
|
case CW_GETNSS_PWD_SRC:
|
||||||
|
|
|
@ -393,13 +393,11 @@ public:
|
||||||
{ return rfc2307_domain_buf ?: NULL; }
|
{ return rfc2307_domain_buf ?: NULL; }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#define NSS_SEPARATOR_STRING L"+"
|
||||||
|
#define NSS_SEPARATOR_CHAR (NSS_SEPARATOR_STRING[0])
|
||||||
|
|
||||||
class cygheap_pwdgrp
|
class cygheap_pwdgrp
|
||||||
{
|
{
|
||||||
enum nss_pfx_t {
|
|
||||||
NSS_PFX_AUTO = 0,
|
|
||||||
NSS_PFX_PRIMARY,
|
|
||||||
NSS_PFX_ALWAYS
|
|
||||||
};
|
|
||||||
public:
|
public:
|
||||||
enum nss_scheme_method {
|
enum nss_scheme_method {
|
||||||
NSS_SCHEME_FALLBACK = 0,
|
NSS_SCHEME_FALLBACK = 0,
|
||||||
|
@ -418,8 +416,6 @@ private:
|
||||||
bool nss_inited;
|
bool nss_inited;
|
||||||
uint32_t pwd_src;
|
uint32_t pwd_src;
|
||||||
uint32_t grp_src;
|
uint32_t grp_src;
|
||||||
nss_pfx_t prefix;
|
|
||||||
WCHAR separator[2];
|
|
||||||
bool caching;
|
bool caching;
|
||||||
|
|
||||||
#define NSS_SCHEME_MAX 4
|
#define NSS_SCHEME_MAX 4
|
||||||
|
@ -458,10 +454,6 @@ public:
|
||||||
inline bool nss_grp_files () const { return !!(grp_src & NSS_SRC_FILES); }
|
inline bool nss_grp_files () const { return !!(grp_src & NSS_SRC_FILES); }
|
||||||
inline bool nss_grp_db () const { return !!(grp_src & NSS_SRC_DB); }
|
inline bool nss_grp_db () const { return !!(grp_src & NSS_SRC_DB); }
|
||||||
inline int nss_grp_src () const { return grp_src; } /* CW_GETNSS_GRP_SRC */
|
inline int nss_grp_src () const { return grp_src; } /* CW_GETNSS_GRP_SRC */
|
||||||
inline bool nss_prefix_auto () const { return prefix == NSS_PFX_AUTO; }
|
|
||||||
inline bool nss_prefix_primary () const { return prefix == NSS_PFX_PRIMARY; }
|
|
||||||
inline bool nss_prefix_always () const { return prefix == NSS_PFX_ALWAYS; }
|
|
||||||
inline PCWSTR nss_separator () const { return separator; }
|
|
||||||
inline bool nss_cygserver_caching () const { return caching; }
|
inline bool nss_cygserver_caching () const { return caching; }
|
||||||
inline void nss_disable_cygserver_caching () { caching = false; }
|
inline void nss_disable_cygserver_caching () { caching = false; }
|
||||||
|
|
||||||
|
|
|
@ -579,14 +579,10 @@ cygheap_pwdgrp::init ()
|
||||||
|
|
||||||
passwd: files db
|
passwd: files db
|
||||||
group: files db
|
group: files db
|
||||||
db_prefix: auto DISABLED
|
|
||||||
db_separator: + DISABLED
|
|
||||||
db_enum: cache builtin
|
db_enum: cache builtin
|
||||||
*/
|
*/
|
||||||
pwd_src = (NSS_SRC_FILES | NSS_SRC_DB);
|
pwd_src = (NSS_SRC_FILES | NSS_SRC_DB);
|
||||||
grp_src = (NSS_SRC_FILES | NSS_SRC_DB);
|
grp_src = (NSS_SRC_FILES | NSS_SRC_DB);
|
||||||
prefix = NSS_PFX_AUTO;
|
|
||||||
separator[0] = L'+';
|
|
||||||
enums = (ENUM_CACHE | ENUM_BUILTIN);
|
enums = (ENUM_CACHE | ENUM_BUILTIN);
|
||||||
enum_tdoms = NULL;
|
enum_tdoms = NULL;
|
||||||
caching = true; /* INTERNAL ONLY */
|
caching = true; /* INTERNAL ONLY */
|
||||||
|
@ -650,32 +646,6 @@ cygheap_pwdgrp::nss_init_line (const char *line)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
c += 3;
|
c += 3;
|
||||||
#if 0 /* Disable setting prefix and separator from nsswitch.conf for now.
|
|
||||||
Remove if nobody complains too loudly. */
|
|
||||||
if (NSS_NCMP ("prefix:"))
|
|
||||||
{
|
|
||||||
c = strchr (c, ':') + 1;
|
|
||||||
c += strspn (c, " \t");
|
|
||||||
if (NSS_CMP ("auto"))
|
|
||||||
prefix = NSS_AUTO;
|
|
||||||
else if (NSS_CMP ("primary"))
|
|
||||||
prefix = NSS_PRIMARY;
|
|
||||||
else if (NSS_CMP ("always"))
|
|
||||||
prefix = NSS_ALWAYS;
|
|
||||||
else
|
|
||||||
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
||||||
}
|
|
||||||
else if (NSS_NCMP ("separator:"))
|
|
||||||
{
|
|
||||||
c = strchr (c, ':') + 1;
|
|
||||||
c += strspn (c, " \t");
|
|
||||||
if ((unsigned char) *c <= 0x7f && *c != ':' && strchr (" \t", c[1]))
|
|
||||||
separator[0] = (unsigned char) *c;
|
|
||||||
else
|
|
||||||
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
if (NSS_NCMP ("enum:"))
|
if (NSS_NCMP ("enum:"))
|
||||||
{
|
{
|
||||||
tmp_pathbuf tp;
|
tmp_pathbuf tp;
|
||||||
|
@ -904,7 +874,7 @@ fetch_from_path (cyg_ldap *pldap, PUSER_INFO_3 ui, cygpsid &sid, PCWSTR str,
|
||||||
{
|
{
|
||||||
w = wcpncpy (w, dom, we - w);
|
w = wcpncpy (w, dom, we - w);
|
||||||
if (w < we)
|
if (w < we)
|
||||||
*w++ = cygheap->pg.nss_separator ()[0];
|
*w++ = NSS_SEPARATOR_CHAR;
|
||||||
}
|
}
|
||||||
w = wcpncpy (w, name, we - w);
|
w = wcpncpy (w, name, we - w);
|
||||||
break;
|
break;
|
||||||
|
@ -1939,14 +1909,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
sys_mbstowcs (name, UNLEN + 1, arg.name);
|
sys_mbstowcs (name, UNLEN + 1, arg.name);
|
||||||
/* If the incoming name has a backslash or at sign, and neither backslash
|
/* If the incoming name has a backslash or at sign, and neither backslash
|
||||||
nor at are the domain separator chars, the name is invalid. */
|
nor at are the domain separator chars, the name is invalid. */
|
||||||
if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0])
|
if ((p = wcspbrk (name, L"\\@")) && *p != NSS_SEPARATOR_CHAR)
|
||||||
{
|
{
|
||||||
debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
|
debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
/* Replace domain separator char with backslash and make sure p is NULL
|
/* Replace domain separator char with backslash and make sure p is NULL
|
||||||
or points to the backslash. */
|
or points to the backslash. */
|
||||||
if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))
|
if ((p = wcschr (name, NSS_SEPARATOR_CHAR)))
|
||||||
{
|
{
|
||||||
fq_name = true;
|
fq_name = true;
|
||||||
*p = L'\\';
|
*p = L'\\';
|
||||||
|
@ -1992,13 +1962,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
/* AzureAD user must be prepended by "domain" name. */
|
/* AzureAD user must be prepended by "domain" name. */
|
||||||
if (sid_id_auth (sid) == 12)
|
if (sid_id_auth (sid) == 12)
|
||||||
return NULL;
|
return NULL;
|
||||||
/* name_only only if db_prefix is auto. */
|
|
||||||
if (!cygheap->pg.nss_prefix_auto ())
|
|
||||||
{
|
|
||||||
debug_printf ("Invalid account name <%s> (name only/"
|
|
||||||
"db_prefix not auto)", arg.name);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
/* name_only account is either builtin or primary domain, or
|
/* name_only account is either builtin or primary domain, or
|
||||||
account domain on non-domain machines. */
|
account domain on non-domain machines. */
|
||||||
if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
||||||
|
@ -2023,9 +1986,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* All is well if db_prefix is always. */
|
|
||||||
if (cygheap->pg.nss_prefix_always ())
|
|
||||||
break;
|
|
||||||
/* AzureAD accounts should be fully qualifed either. */
|
/* AzureAD accounts should be fully qualifed either. */
|
||||||
if (sid_id_auth (sid) == 12)
|
if (sid_id_auth (sid) == 12)
|
||||||
break;
|
break;
|
||||||
|
@ -2042,9 +2002,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
"not NON_UNIQUE or NT_SERVICE)", arg.name);
|
"not NON_UNIQUE or NT_SERVICE)", arg.name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
/* All is well if db_prefix is primary. */
|
|
||||||
if (cygheap->pg.nss_prefix_primary ())
|
|
||||||
break;
|
|
||||||
/* Domain member and domain == primary domain? */
|
/* Domain member and domain == primary domain? */
|
||||||
if (cygheap->dom.member_machine ())
|
if (cygheap->dom.member_machine ())
|
||||||
{
|
{
|
||||||
|
@ -2263,15 +2220,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
#else
|
#else
|
||||||
posix_offset = 0;
|
posix_offset = 0;
|
||||||
#endif
|
#endif
|
||||||
fully_qualified_name = cygheap->pg.nss_prefix_always ();
|
|
||||||
is_domain_account = false;
|
is_domain_account = false;
|
||||||
}
|
}
|
||||||
/* Account domain account? */
|
/* Account domain account? */
|
||||||
else if (!wcscasecmp (dom, cygheap->dom.account_flat_name ()))
|
else if (!wcscasecmp (dom, cygheap->dom.account_flat_name ()))
|
||||||
{
|
{
|
||||||
posix_offset = 0x30000;
|
posix_offset = 0x30000;
|
||||||
if (cygheap->dom.member_machine ()
|
if (cygheap->dom.member_machine ())
|
||||||
|| !cygheap->pg.nss_prefix_auto ())
|
|
||||||
fully_qualified_name = true;
|
fully_qualified_name = true;
|
||||||
is_domain_account = false;
|
is_domain_account = false;
|
||||||
}
|
}
|
||||||
|
@ -2290,8 +2245,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
set domain here to non-NULL, unless you're sure you have
|
set domain here to non-NULL, unless you're sure you have
|
||||||
also changed subsequent assumptions that domain is NULL
|
also changed subsequent assumptions that domain is NULL
|
||||||
if it's a primary domain account. */
|
if it's a primary domain account. */
|
||||||
if (!cygheap->pg.nss_prefix_auto ())
|
|
||||||
fully_qualified_name = true;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2486,18 +2439,16 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
if (pgrp)
|
if (pgrp)
|
||||||
{
|
{
|
||||||
/* Set primary group from the "Description" field. Prepend
|
/* Set primary group from the "Description" field. Prepend
|
||||||
account domain if this is a domain member machine or the
|
account domain if this is a domain member machine. */
|
||||||
db_prefix setting requires it. */
|
|
||||||
char gname[2 * DNLEN + strlen (pgrp) + 1], *gp = gname;
|
char gname[2 * DNLEN + strlen (pgrp) + 1], *gp = gname;
|
||||||
struct group *gr;
|
struct group *gr;
|
||||||
|
|
||||||
if (cygheap->dom.member_machine ()
|
if (cygheap->dom.member_machine ())
|
||||||
|| !cygheap->pg.nss_prefix_auto ())
|
|
||||||
{
|
{
|
||||||
gp = gname
|
gp = gname
|
||||||
+ sys_wcstombs (gname, sizeof gname,
|
+ sys_wcstombs (gname, sizeof gname,
|
||||||
cygheap->dom.account_flat_name ());
|
cygheap->dom.account_flat_name ());
|
||||||
*gp++ = cygheap->pg.nss_separator ()[0];
|
*gp++ = NSS_SEPARATOR_CHAR;
|
||||||
}
|
}
|
||||||
stpcpy (gp, pgrp);
|
stpcpy (gp, pgrp);
|
||||||
if ((gr = internal_getgrnam (gname, cldap)))
|
if ((gr = internal_getgrnam (gname, cldap)))
|
||||||
|
@ -2521,9 +2472,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SidTypeWellKnownGroup:
|
case SidTypeWellKnownGroup:
|
||||||
fully_qualified_name = (cygheap->pg.nss_prefix_always ()
|
fully_qualified_name = (
|
||||||
/* NT SERVICE Account */
|
/* NT SERVICE Account */
|
||||||
|| (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
(sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
||||||
&& sid_sub_auth (sid, 0) == SECURITY_SERVICE_ID_BASE_RID)
|
&& sid_sub_auth (sid, 0) == SECURITY_SERVICE_ID_BASE_RID)
|
||||||
/* Microsoft Account */
|
/* Microsoft Account */
|
||||||
|| sid_id_auth (sid) == 11);
|
|| sid_id_auth (sid) == 11);
|
||||||
|
@ -2582,7 +2533,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
break;
|
break;
|
||||||
case SidTypeLabel:
|
case SidTypeLabel:
|
||||||
uid = 0x60000 + sid_sub_auth_rid (sid);
|
uid = 0x60000 + sid_sub_auth_rid (sid);
|
||||||
fully_qualified_name = cygheap->pg.nss_prefix_always ();
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -2641,7 +2591,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
wcpcpy (name = namebuf, sid_sub_auth_rid (sid) == 1
|
wcpcpy (name = namebuf, sid_sub_auth_rid (sid) == 1
|
||||||
? (PWCHAR) L"Authentication authority asserted identity"
|
? (PWCHAR) L"Authentication authority asserted identity"
|
||||||
: (PWCHAR) L"Service asserted identity");
|
: (PWCHAR) L"Service asserted identity");
|
||||||
fully_qualified_name = false;
|
|
||||||
acc_type = SidTypeUnknown;
|
acc_type = SidTypeUnknown;
|
||||||
}
|
}
|
||||||
else if (sid_id_auth (sid) == 22)
|
else if (sid_id_auth (sid) == 22)
|
||||||
|
@ -2711,7 +2660,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
if (gid == ILLEGAL_GID)
|
if (gid == ILLEGAL_GID)
|
||||||
gid = uid;
|
gid = uid;
|
||||||
if (fully_qualified_name)
|
if (fully_qualified_name)
|
||||||
p = wcpcpy (wcpcpy (p, dom), cygheap->pg.nss_separator ());
|
p = wcpcpy (wcpcpy (p, dom), NSS_SEPARATOR_STRING);
|
||||||
wcpcpy (p, name);
|
wcpcpy (p, name);
|
||||||
|
|
||||||
if (is_group ())
|
if (is_group ())
|
||||||
|
|
|
@ -870,9 +870,6 @@ set up to all default values:
|
||||||
# /etc/nsswitch.conf
|
# /etc/nsswitch.conf
|
||||||
passwd: files db
|
passwd: files db
|
||||||
group: files db
|
group: files db
|
||||||
<!--
|
|
||||||
db_prefix: auto
|
|
||||||
db_separator: + -->
|
|
||||||
db_enum: cache builtin
|
db_enum: cache builtin
|
||||||
db_home: /home/%U
|
db_home: /home/%U
|
||||||
db_shell: /bin/bash
|
db_shell: /bin/bash
|
||||||
|
@ -991,159 +988,6 @@ and <literal>group</literal> information from the database.
|
||||||
|
|
||||||
</sect4>
|
</sect4>
|
||||||
|
|
||||||
<!--
|
|
||||||
|
|
||||||
DESCRIPTION OF db_prefix AND db_separator
|
|
||||||
|
|
||||||
Keep in for reference
|
|
||||||
|
|
||||||
|
|
||||||
<itemizedlist spacing="compact">
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<literal>db_prefix:</literal> determines how the Cygwin user or group name
|
|
||||||
is created. The recognized values are:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term><literal>auto</literal></term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This is the default. If your account is from the primary domain of your
|
|
||||||
machine, or if your machine is a standalone machine (not a domain member),
|
|
||||||
your Cygwin account name is just the Windows account name.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
If your account is from another domain, or if you're logged in as
|
|
||||||
local user on a domain machine, the Cygwin username will be the
|
|
||||||
combination of Windows domainname and username, with the separator
|
|
||||||
char in between:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<segmentedlist><?dbhtml list-presentation="table"?>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>MY_DOM+username</literal></seg>
|
|
||||||
<seg>(foreign domain)</seg>
|
|
||||||
</seglistitem>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>MACHINE+username</literal></seg>
|
|
||||||
<seg>(local account)</seg>
|
|
||||||
</seglistitem>
|
|
||||||
</segmentedlist>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Builtin accounts are simply used as is:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<segmentedlist><?dbhtml list-presentation="table"?>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>LOCAL</literal></seg>
|
|
||||||
</seglistitem>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>Users</literal></seg>
|
|
||||||
</seglistitem>
|
|
||||||
</segmentedlist>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Unknown accounts on NFS or Samba shares (that is, accounts which cannot be
|
|
||||||
mapped to Windows user accounts via
|
|
||||||
<ulink url="https://tools.ietf.org/html/rfc2307">RFC 2307</ulink>) get a
|
|
||||||
Cygwin account name consisting of the artificial domains
|
|
||||||
<literal>Unix_User</literal> or <literal>Unix_Group</literal> and the
|
|
||||||
uid/gid value, for instance:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<segmentedlist><?dbhtml list-presentation="table"?>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>Unix_User+0</literal></seg>
|
|
||||||
<seg>(root)</seg>
|
|
||||||
</seglistitem>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>Unix_Group+10</literal></seg>
|
|
||||||
<seg>(wheel)</seg>
|
|
||||||
</seglistitem>
|
|
||||||
</segmentedlist>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><literal>primary</literal></term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Like <literal>auto</literal>, but primary domain accounts will be
|
|
||||||
prepended by the domainname as well.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><literal>always</literal></term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
All accounts, even the builtin accounts, will have the domain name
|
|
||||||
prepended:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<segmentedlist><?dbhtml list-presentation="table"?>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>BUILTIN+Users</literal></seg>
|
|
||||||
</seglistitem>
|
|
||||||
</segmentedlist>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
A special case are builtin accounts which have an emtpy domain name.
|
|
||||||
These will be prependend by just the separator character in
|
|
||||||
<literal>always</literal> mode:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<segmentedlist><?dbhtml list-presentation="table"?>
|
|
||||||
<seglistitem>
|
|
||||||
<seg><literal>+LOCAL</literal></seg>
|
|
||||||
</seglistitem>
|
|
||||||
</segmentedlist>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<literal>db_separator:</literal> defines the spearator char used to prepend the
|
|
||||||
domain name to the user or group name. The default is the plus character
|
|
||||||
<literal>+</literal>.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<screen>
|
|
||||||
MY_DOM+username
|
|
||||||
</screen>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
With <literal>db_separator:</literal>, you can define any ASCII char except
|
|
||||||
space, tab, carriage return, line feed, and the colon, as separator char.
|
|
||||||
Example:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<screen>
|
|
||||||
db_separator: \
|
|
||||||
</screen>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This results in usernames with the backslash as separator:
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<screen>
|
|
||||||
MY_DOM\username
|
|
||||||
</screen>
|
|
||||||
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
</itemizedlist>
|
|
||||||
-->
|
|
||||||
|
|
||||||
<sect4 id="ntsec-mapping-nsswitch-enum"><title id="ntsec-mapping-nsswitch-enum.title">The <literal>db_enum:</literal> setting</title>
|
<sect4 id="ntsec-mapping-nsswitch-enum"><title id="ntsec-mapping-nsswitch-enum.title">The <literal>db_enum:</literal> setting</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
|
Loading…
Reference in New Issue