| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
RE: openssh 3.9 source available?
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 RE: openssh 3.9 source available? - Nov. 17, '04, 3:09:18 PM
|
|
|
Rodney
Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
I've posted in the beta directory the changed version.
I've placed in beta just in-case there is some additional feedback.
It can be updated to by doing:
pkg_add ftp://ftp.interopsystems.com/pkgs/beta/openssh-3.9.0.1.0.4-bin.tgz
The number of digits will shrink once it goes to the main directory.
This version has the changes in it that I mentioned before.
If you run sshd as you would normally then if the account "root" is given
as the username then the account that has the username "root" is used. No Mapping.
If the username "root" is used and there is no account with the username "root"
then sshd has flagged to libport that it should be mapped to Administrator
(well to 197108 actually so the language/spelling problem doesn't happen).
If you don't want the mapping of "root" to 197108 when no user account named "root"
exists then use the new '-A' flag when starting sshd and the flag to libport
will be turned off.
Send in any feedback here or to me by e-mail (whichever you prefer).
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 17, '04, 3:09:51 PM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
That's why I believe that our input is worthwile because it might make the tools more useful and closer to the user's requirements.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 17, '04, 3:18:41 PM
|
|
|
jim
Posts: 7
Joined: Nov. 15, '04,
Status: offline
|
Works great - thanks.
With respect to your comment about hearing what people are trying to do - I'm working with a large number of scripts that were originally developed for Linux and now either run both on Linux and Windows/Cygwin or have been rewritten for Windows. Consequently, in my case, compatiblity with Linux and Cygwin is pretty important - things like having to put a + in front of a chown command hurt when it's called from so many scripts.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 17, '04, 3:36:44 PM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
quote:
The discussion about "domains" has been incomplete.
It normally gets simplified to 'domain' and 'local'. But this is, for this discussion now,
not enough. There are a number of "built-in" accounts (users and groups). These built-in
accounts are well-known accounts, but they are not part of the "local machine's
domain". So the "+" still needs to lead these accounts. The system account is really
"+system" as another example.
Hmmm. This is interesting.
A SID takes the format S-R-I-SA-SA-SA-SA where S is always the letter "S", R is the SID format (currently always "1"), I is a 48-bit authority identifier, and SA are 32-bit subauthority identifiers.
Two well know authorities are 0x00001 World Authority (which is used with the Everyone account) and 0x00005 NT Authority. There are actually 6 defined authorities:
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
The difference between user-defined local groups and builtin local groups is just that they have a different subauthority.
Builtin local groups are in the SECURITY_BUILTIN_DOMAIN_RID (S-1-5-21) subauthority and have exactly the same SID on every Windows instance. Whereas user defined groups are in the SECURITY_NT_NON_UNIQUE (S-1-5-32) subathority. SECURITY_BUILTIN_DOMAIN_RID is the BUILTIN "domain".
Its sort of surprising that Interix treats these two subauthorities as isolated domains when the y are subauthorities on the same machine! My understanding is that the real point of these two sub-authorities is simply to differentiate the built-in groups from the user-defined groups.
However from what Rodney is describing Interix considers each RID to be its own domain and only one can be the PrincipalDomain.
On the principal of least surprise, it would be nice if some future version of Interix automatically checked to BUITIN domain AND the PrincipalDomain when checking looking up the SID of a non-FQDN group.
Here's some more information on well-known SIDs for those that are interested.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 17, '04, 3:51:13 PM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
quote:
ORIGINAL: jim
How you manage your binaries is your call, but it seems that using the aliases is going to result in wasted resources for those using ftp/mget to download the tools, not to mention the potential for confusion by having incorrectly named files.
I'd like to go back to the issue of old package names pointing to new packages for a minute.
I agree with Jim, this is unexpected behavior. I understand that you want to only have current packages in /pkgs/3.5 and want to put older packages into /pkgs/prev.
My humble suggestion is that you remove the aliases for the package names that do not point to the correspoding package. I think it would be preferable to have nothing than to have a openssh-3.8-bin.tgz that points to openssh-3.9-bin.tgz, for example. People who want the latest, then, just get openssh-current-bin.tgz and people who want something else go to pkgs/prev and get a specific version.
Just my two cents, but I know that I and others have been confused by the current setup. It's the principal of least surprise, again.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 18, '04, 12:25:17 PM
|
|
|
Rodney
Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
The changes have been made to the general openssh release now and posted.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 18, '04, 2:41:51 PM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
So just to make sure. To keep it working with the accounts just like the
3.8 did I need to launch it with -A option Right?
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 18, '04, 2:49:01 PM
|
|
|
Rodney
Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
quote:
ORIGINAL: cortez_
So just to make sure. To keep it working with the accounts just like the
3.8 did I need to launch it with -A option Right?
You only need to start with '-A' if and only if you do not have an account
named "root" and do not want "root' to map to local administrator.
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 19, '04, 1:59:43 AM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
And i the case of the coexistance od the root and Administrator account the ssh should be started without -A and even though will recognize the situation and don't map?
|
|
|
|
|
RE: openssh 3.9 source available? - Nov. 19, '04, 2:17:52 AM
|
|
|
Rodney
Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Right.
If the there is an account named "Administrator" (or whichever the spelling is
for the current locale) and another account named "root" they will be treated
as two different accounts with or without '-A' specified -- no mapping.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
