This is the mail archive of the
cygwin
mailing list for the Cygwin project.
RE: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?)
- From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr at ncbi dot nlm dot nih dot gov>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Fri, 7 Feb 2014 21:49:44 +0000
- Subject: RE: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?)
- Authentication-results: sourceware.org; auth=none
- References: <52F339CA dot 5070305 at gmail dot com> <20140206090117 dot GD2821 at calimero dot vinschen dot de> <52F361C5 dot 3000807 at gmail dot com> <20140206141321 dot GI2821 at calimero dot vinschen dot de> <52F40208 dot 5030901 at etr-usa dot com> <20140207094917 dot GN2821 at calimero dot vinschen dot de> <52F53D7C dot 5050201 at etr-usa dot com> <20140207213013 dot GT2821 at calimero dot vinschen dot de>
> I think SAM/AD will be mostly quicker
I do not want to be a party pooper here, but have you checked how
the AD approach will work from the unmanaged Windows service accounts?
We've been experiencing rather nasty effects of the M$ design that
when a host changes its password (it is required to, every so many
days), it is no longer considered an "authorized" agent (rather,
anonymous). Accessing AD anonymously (esp. from system-managed
service account) is limited; like when you request a list,
you get only first 100 (who at M$ had invented this?!) entries.
Which means that if your code is scanning, it won't find
more than 100 users (and they are alphabetized, so the "excess"
users will simply disappear from view). That creates false-positive
nonexistent users / groups. The only remedy is to restart the host...
P.S. I'm not an AD person, and some of the info from the above
comes from our sysadmins (how they see things unfolding).
Anton Lavrentiev
Contractor NIH/NLM/NCBI