On Feb 13 09:35, Christopher Faylor wrote: > On Thu, Feb 13, 2014 at 11:00:25AM +0100, Corinna Vinschen wrote: > >On Feb 12 16:37, Christopher Faylor wrote: > >> On Wed, Feb 12, 2014 at 08:59:31PM +0100, Corinna Vinschen wrote: > >> >There's only one tiny problem. Whatever I think about the full > >> >enumerate being right or wrong, I have this vague feeling that I'd like > >> >to have this implemented fully at one point. My cat disapproves, but we > >> >can't agree on everything, I guess. Another configuration option in > >> >/etc/nsswitch.conf might comfort her. > >> > >> I don't know if this has been mentioned but would a cache help here, > >> i.e., nscd? I think that's how Linux deals with this type of situation. > > > >Caching is wonderful for the usual requests for single entries from the > >DB, and for this we have already two caches, the LSA cache and Cygwin's > >own cache. But caching doesn't help at all when enumerating. > > > >There's also the problem to rely on an external program. > > But that's no different than Linux. I've never looked at the code but > apparently libc has hooks for talking to nscd. We could do the same > with cygserver. > > >If it turns out that the current implementation is too slow, I'm > >prepared to add caching to cygserver to have a system-wide caching > >server, but Cygwin shouldn't *require* that cygserver runs. And either > >way, it still wouldn't help when enumerating all accounts. > > nscd does more than just keep information around in memory. As I said, > it's how Linux deals with this situation. I know because I didn't install > nscd when setting up a minimal Fedora 20 server at work and was met with > awful lags and timeouts in services which tried to read from our nis. > So Fedora doesn't require nscd but it sure does help. > > But, even after having set it up, I still have to remember not to do > ls ~cg<tab> because it just takes forever. So, if it is possible to > enumerate users then I think you just do it and let people learn the > cost.
Yes, I think so too. I have some preliminary code (actually, just empty function shells right now) which are supposed to implement full enumerating. However, system admins might not exactly approve. I discussed this with our Linux folks, and I learned that NSS backends like SSSD or winbind default to NOT allowing enumerating, but giving the admin a choice to enable it. So I think for our case a configuration option in /etc/nsswitch.conf to limit the scope of the enumeration might be feasible. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgpcj0Sq6Ff6H.pgp
Description: PGP signature
