X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.6 required=5.0 tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By:	sourceware.org
MIME-Version:	1.0
In-Reply-To:	<20090415083139.GI15443@calimero.vinschen.de>
References:	<af075b00904141055w9b6eba0t6e9f79190a3f9ad6 AT mail DOT gmail DOT com> <20090415083139 DOT GI15443 AT calimero DOT vinschen DOT de>
From:	Julio Costa <costaju AT gmail DOT com>
Date:	Wed, 15 Apr 2009 11:30:26 +0100
Message-ID:	<af075b00904150330r5d4de0fdj4c2edd05d26f32b5@mail.gmail.com>
Subject:	Re: [openssh] unnatended instalation + forcing service account
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On Wed, Apr 15, 2009 at 09:31, Corinna Vinschen wrote:
> On Apr 14 18:55, Julio Costa wrote:
>> Now that Chuck has released a new csih, maybe also the possibility to
>> use an alternative account could be added to this patch...
>> Can you look into this, please? This is also important because in
>> domain members server environments I found no way to make sshd work if
>> it is not running under a domain account. It would be really nice to
>> have ssh-host-config do this job (by parameters on command-line)...
>
> But that already worked all the time without having another parameter.
> If an account called cyg_server (cron_server, sshd_server) is already in
> /etc/passwd then it will be used. =C2=A0Just make sure that cyg_server is=
 a
> domain account. =C2=A0I'm using this method locally as well.

Sure, you're right. But this is an 'indirect' method to *make it
work*, just like a workaround.
I thought we could have the 'direct' method of nominate which account
should be used to the service.
But, as long as this behavior by design is documented in the README,
or better yet, in the FAQ... I think that's ok.

> Does the above patch break this behaviour?

No, it just allowed ssh-host-config to blindly accept the account
chosen by the programmed algorithm, avoiding the dreadful question "Do
you want to use another account?". That is needed to allow unattended
installations with ssh-host-config (using --yes).
The core patch was really against csih, where is the account choice
algorithm, but the patch on ssh-host-config is needed to make use of
it.

Came to think of it, there is also another possibility (and a simpler
one), and that is to code the --yes option on the ssh-host-config to
use the (new) -f option to the csih, avoiding coding the extra
parameter (--force) just for this behavior. After all, this behavior
should be required for --yes and possibly is not very useful if
ssh-host-config is not invoked with --yes.
What do you think?

--=20
___________
Julio Costa

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -