Date: Tue, 8 Nov 2011 18:32:51 -0600 (CST) From: Dan The Man <dan@sunsaturn.com> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-current@freebsd.org Subject: Re: MAXLOGNAME + /etc/group + chkgrp invalid character @ Message-ID: <alpine.BSF.2.00.1111081812170.10168@sunsaturn.com> In-Reply-To: <F7EA307A-606B-431A-A2C3-87B4BBC7F004@mac.com> References: <alpine.BSF.2.00.1111081745520.10168@sunsaturn.com> <F7EA307A-606B-431A-A2C3-87B4BBC7F004@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 8 Nov 2011, Chuck Swiger wrote: > On Nov 8, 2011, at 3:47 PM, Dan The Man wrote: >> In the daily cron "Daily run output" email always get the following: >> >> Verifying group file syntax: >> chkgrp: /etc/group: line 3: '@' invalid character > > chkgrp expects group names to consist of characters in isalnum(). K so thats a simple fix where it does that check. > >> Could we modify system to support email addresses as usernames. > > Sure, that's why FreeBSD comes with source code. > You can modify anything you like. :-) > > However, if you want to use a domain-aware login mechanism, Kerberos is in the base system, and SASL and LDAP are available in ports. You're not going to break anything allowing "@" into the list of characters which pw(8) likes, but the flatfile passwd and group files are not hierarchical the way domain-aware network identity systems are. > > A secondary issue is that there is rarely a one-to-one relationship between email addresses and users; many email addresses are aliases which expand either to a different username, or even to multiple users. Wish you would elaborate abit more here, what I have found is email addresses tend to make the best usernames, people can remember them :) They are unique, and you solve 2 problems right away: a) they can actually remember their username b) they aren't having to pick through a million different taken usernames they have to pick on their own, which is frusterating way people often do signups. > >> From my testing it works fine, even with "Daily run output" complaining I can still su to user i added in wheel group. >> We'd need to fix ckkgrp source, >> adduser source, and making move to: >> #define MAXLOGNAME 256 in /usr/src/sys/sys/param.h > > You can do that also, but I think you'll break compatibility with NIS/YP. > Well with nss-mysql its as simple as modifying the /etc/nsswitch.conf on any machine to just point to same db server, works just fine. > You might not care, but don't be surprised if you find that folks aren't willing to adopt this change back into FreeBSD-- I've seen a few people wanting to increase MAXLOGNAME since 2003 or so. > I've talked to many sys admins as well, that are all modifying the code to the kernel for a decade now on every new make buildworld, would be nice to see it mainstream. Only issue doing this I have seen so far, is having to nuke the wtmp/utx* files from /var/log on new installs to get them into new format, but that would be solved mainstream as well. I just find the benefits far outweight the cons, sure when we were all back in our computer science classes in 80s/90s it made sense. We all had accounts on the system for those 3-4 years, and generic usernames made sense, but now moving to webhosting environments and providing sftp/ssh type access to people on a larger scale, I think the email address as usernames make alot more sense now. I still teach unix at the university time to time and we still use the old putty/securecrt to sshd daemon way of learning from the command line, in that environment I find its about people forgetting passwords, take it up a notch to webhosting environment, and i find people forget their usernames to, and why I think it would be a good move... Dan. -- Dan The Man CTO/ Senior System Administrator Websites, Domains and Everything else http://www.SunSaturn.com Email: Dan@SunSaturn.com > Regards, > -- > -Chuck > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1111081812170.10168>