MAXLOGNAME + /etc/group + chkgrp invalid character @
Dan The Man
dan at sunsaturn.com
Wed Nov 9 00:32:52 UTC 2011
On Tue, 8 Nov 2011, Chuck Swiger wrote:
> On Nov 8, 2011, at 3:47 PM, Dan The Man wrote:
>> In the daily cron "Daily run output" email always get the following:
>> Verifying group file syntax:
>> chkgrp: /etc/group: line 3: '@' invalid character
> chkgrp expects group names to consist of characters in isalnum().
K so thats a simple fix where it does that check.
>> Could we modify system to support email addresses as usernames.
> Sure, that's why FreeBSD comes with source code.
> You can modify anything you like. :-)
> However, if you want to use a domain-aware login mechanism, Kerberos is in the base system, and SASL and LDAP are available in ports. You're not going to break anything allowing "@" into the list of characters which pw(8) likes, but the flatfile passwd and group files are not hierarchical the way domain-aware network identity systems are.
> A secondary issue is that there is rarely a one-to-one relationship between email addresses and users; many email addresses are aliases which expand either to a different username, or even to multiple users.
Wish you would elaborate abit more here, what I have found is email
addresses tend to make the best usernames, people can remember them :)
They are unique, and you solve 2 problems right away:
a) they can actually remember their username
b) they aren't having to pick through a million different taken usernames
they have to pick on their own, which is frusterating way people often do
>> From my testing it works fine, even with "Daily run output" complaining I can still su to user i added in wheel group.
>> We'd need to fix ckkgrp source,
>> adduser source, and making move to:
>> #define MAXLOGNAME 256 in /usr/src/sys/sys/param.h
> You can do that also, but I think you'll break compatibility with NIS/YP.
Well with nss-mysql its as simple as modifying the /etc/nsswitch.conf on
any machine to just point to same db server, works just fine.
> You might not care, but don't be surprised if you find that folks aren't willing to adopt this change back into FreeBSD-- I've seen a few people wanting to increase MAXLOGNAME since 2003 or so.
I've talked to many sys admins as well, that are all modifying the code to
the kernel for a decade now on every new make buildworld, would be nice to
see it mainstream.
Only issue doing this I have seen so far, is having to nuke the wtmp/utx*
files from /var/log on new installs to get them into new format, but that
would be solved mainstream as well.
I just find the benefits far outweight the cons, sure when we were all
back in our computer science classes in 80s/90s it made sense. We all had
accounts on the system for those 3-4 years, and generic usernames made
sense, but now moving to webhosting environments and providing sftp/ssh
type access to people on a larger scale, I think the email address as
usernames make alot more sense now.
I still teach unix at the university time to time and we still use the old
putty/securecrt to sshd daemon way of learning from the command line, in
that environment I find its about people forgetting passwords, take it up
a notch to webhosting environment, and i find people forget their
usernames to, and why I think it would be a good move...
Dan The Man
CTO/ Senior System Administrator
Websites, Domains and Everything else
Email: Dan at SunSaturn.com
More information about the freebsd-current