From owner-freebsd-hackers  Thu Jan  2 13:26:15 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8698937B401
	for <hackers@freebsd.org>; Thu,  2 Jan 2003 13:26:13 -0800 (PST)
Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D75043EA9
	for <hackers@freebsd.org>; Thu,  2 Jan 2003 13:26:13 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0545.cvx40-bradley.dialup.earthlink.net ([216.244.44.35] helo=mindspring.com)
	by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)
	id 18UCqt-0001OT-00; Thu, 02 Jan 2003 13:26:08 -0800
Message-ID: <3E14AE17.EC42A534@mindspring.com>
Date: Thu, 02 Jan 2003 13:24:39 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mahlon <mahlon-dated-1041966902.d3c7ee@martini.nu>
Cc: hackers@freebsd.org
Subject: Re: pw(8): $ (dollar sign) in username
References: <20021227112033.N93884-100000@ren.sasknow.com>
		<Pine.LNX.4.33.0212271129520.3939-100000@ns.aus.com>
		<20021229042543.GB91785@rfc-networks.ie> <20030102191500.GC886@martini.nu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a46fd765a536c9f9706a542154440187da350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Mahlon wrote:
> This has come up more than a few times in the past.  vipw does allow
> the $ character, and works great in a 'couple of machines' network.
> It's not a viable solution for using samba's machine trust accounts
> in an *automated* environment.  Having to manually add your domain
> trust accounts is unneeded when samba can do it for you - after a
> 1 character change in pw.

Probably the correct approach is to use the PAM module that
allows the UNIX machine to perform authentication against the
domain controller, instead of its local password database.

You talk about the difficulty of adding all these account to
a UNIX machine, and then having to modify them with "vipw",
but you don't complain about the difficulty *still* involved
in adding them, if the "vipw" step is removed.  Better to
eliminate the need to create the accounts at all.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message