From owner-freebsd-current@FreeBSD.ORG Wed Nov 9 00:32:52 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AED94106566B for ; Wed, 9 Nov 2011 00:32:52 +0000 (UTC) (envelope-from dan@sunsaturn.com) Received: from sunsaturn.com (mail1.sunsaturn.com [IPv6:2001:49f0:4004::2]) by mx1.freebsd.org (Postfix) with ESMTP id 875288FC18 for ; Wed, 9 Nov 2011 00:32:52 +0000 (UTC) Received: by sunsaturn.com (Postfix, from userid 1001) id 6DD03119C6D; Tue, 8 Nov 2011 18:32:51 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sunsaturn.com; s=gamma; t=1320798771; bh=rT+1jWoF/lFfh0lEAaxdRfG+dnkvB5qMm/XUtDBNsfA=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=PU/FolQB0sj1d0H33gXRauFC4q2xu0VuPKBtUq+SiHwnpRiHd99ZNTepKO7AAODu7 zSqTEOIoIglpH+yRlgrm7rN2cFy+5rJFW5NgJym5KwnCGCzBoGVU5LofGodvPJZT6/ 1Is1mVqrZL5zq7sHm/RgwdS7t6/7wrKvB3QYSq/g= Received: from localhost (localhost [127.0.0.1]) by sunsaturn.com (Postfix) with ESMTP id 686B6119C68; Tue, 8 Nov 2011 18:32:51 -0600 (CST) Date: Tue, 8 Nov 2011 18:32:51 -0600 (CST) From: Dan The Man To: Chuck Swiger In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org Subject: Re: MAXLOGNAME + /etc/group + chkgrp invalid character @ X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2011 00:32:52 -0000 On Tue, 8 Nov 2011, Chuck Swiger wrote: > On Nov 8, 2011, at 3:47 PM, Dan The Man wrote: >> In the daily cron "Daily run output" email always get the following: >> >> Verifying group file syntax: >> chkgrp: /etc/group: line 3: '@' invalid character > > chkgrp expects group names to consist of characters in isalnum(). K so thats a simple fix where it does that check. > >> Could we modify system to support email addresses as usernames. > > Sure, that's why FreeBSD comes with source code. > You can modify anything you like. :-) > > However, if you want to use a domain-aware login mechanism, Kerberos is in the base system, and SASL and LDAP are available in ports. You're not going to break anything allowing "@" into the list of characters which pw(8) likes, but the flatfile passwd and group files are not hierarchical the way domain-aware network identity systems are. > > A secondary issue is that there is rarely a one-to-one relationship between email addresses and users; many email addresses are aliases which expand either to a different username, or even to multiple users. Wish you would elaborate abit more here, what I have found is email addresses tend to make the best usernames, people can remember them :) They are unique, and you solve 2 problems right away: a) they can actually remember their username b) they aren't having to pick through a million different taken usernames they have to pick on their own, which is frusterating way people often do signups. > >> From my testing it works fine, even with "Daily run output" complaining I can still su to user i added in wheel group. >> We'd need to fix ckkgrp source, >> adduser source, and making move to: >> #define MAXLOGNAME 256 in /usr/src/sys/sys/param.h > > You can do that also, but I think you'll break compatibility with NIS/YP. > Well with nss-mysql its as simple as modifying the /etc/nsswitch.conf on any machine to just point to same db server, works just fine. > You might not care, but don't be surprised if you find that folks aren't willing to adopt this change back into FreeBSD-- I've seen a few people wanting to increase MAXLOGNAME since 2003 or so. > I've talked to many sys admins as well, that are all modifying the code to the kernel for a decade now on every new make buildworld, would be nice to see it mainstream. Only issue doing this I have seen so far, is having to nuke the wtmp/utx* files from /var/log on new installs to get them into new format, but that would be solved mainstream as well. I just find the benefits far outweight the cons, sure when we were all back in our computer science classes in 80s/90s it made sense. We all had accounts on the system for those 3-4 years, and generic usernames made sense, but now moving to webhosting environments and providing sftp/ssh type access to people on a larger scale, I think the email address as usernames make alot more sense now. I still teach unix at the university time to time and we still use the old putty/securecrt to sshd daemon way of learning from the command line, in that environment I find its about people forgetting passwords, take it up a notch to webhosting environment, and i find people forget their usernames to, and why I think it would be a good move... Dan. -- Dan The Man CTO/ Senior System Administrator Websites, Domains and Everything else http://www.SunSaturn.com Email: Dan@SunSaturn.com > Regards, > -- > -Chuck > >