On Jun 26 07:35, Achim Gratz wrote: > Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes: > > - Build your own OpenSSH package with the following patch applied: > > > > http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-May/032591.html > > > > It converts the static request for an account called "sshd" into > > a function call which checks for the "sshd" account by calling > > a Cygwin DLL function checking for the account by prepending the > > potential prefixes. This patch has been applied upstream, and > > a new version of OpenSSH will be available as soon as we go life > > with the AD integration stuff. > > Is there a corresponding change needed to take care of LDAP groups so these
"LDAP groups" is rather misleading. The naming convention has nothing
to do with LDAP, rather it's a Interix invention. The names are
generated inside the Cygwin DLL in dependent of using LDAP or not.
> can be used in AllowGroups?
In theory, no. AllowGroups is admin-settable in the config file while
the "sshd" user request is built into the code. Just use the names as
you get them:
AllowGroups bla MACHINE+blub DOMAIN+blubber ...
Corinna
(*) per MSFT this is supposed to be faster than NetUserEnum and uses less
resources. In my limited environment, `getent group' is in fact five
times faster than the former `mkgroup -l -d'.
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
pgpOiDU9snUGT.pgp
Description: PGP signature
