156 lines
5.6 KiB
HTML
156 lines
5.6 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<META NAME="generator" CONTENT="lgazmail v1.4G.k">
|
|
<TITLE>The Answer Gang 95: Converting from Win2k to Linux</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
<!--endcut ==============================================-->
|
|
<!-- begin 8 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Converting from Win2k to Linux</H3>
|
|
|
|
|
|
<p><strong>From Tim Grossenbacher
|
|
</strong></p>
|
|
<p></strong></p>
|
|
|
|
<p align="right"><strong>Answered By: Faber Fedor, Jim Dennis
|
|
</strong></p>
|
|
<P><STRONG>
|
|
Gradually converting from a Windows 2000 server to Linux running Redhat 7.2.
|
|
</STRONG></P>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Faber]
|
|
First off, kudos on converting, but hy 7.2? You should at least be
|
|
doing 7.3 (although I've found 9 to be nice and stable). You have
|
|
patched the 7.2 box, haven't you?
|
|
</blockQuote>
|
|
<P><STRONG>
|
|
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
For many years, we have used social security numbers as login names within
|
|
the Win2k domain to login.
|
|
</STRONG></P>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Faber]
|
|
My gawd, man! Are you mad! I certainly hope this domain is nowhere
|
|
near the Internet! <
|
|
<IMG SRC="../../gx/dennis/smily.gif" ALT=";D"
|
|
height="24" width="20" align="middle">r. Evil> But if it is, how do you translate
|
|
between the login of the employee's SSN and his email name? Can you tell
|
|
me the name of that file and which machine it is on??</Dr. Evil>
|
|
</blockQuote>
|
|
<blockQuote>
|
|
And you've never had a problem with identity theft? Amazing.
|
|
</blockQuote>
|
|
<P><STRONG>
|
|
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Linux does not appear to allow me to create a
|
|
user with numbers only as the user.
|
|
</STRONG></P>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Faber]
|
|
Correct. Linux (and every *nix I've seen) won't allow login names to
|
|
start with a number. <Turns to the audience> Why is that? Anyone know?
|
|
</blockQuote>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [JimD]
|
|
Because any place in the code that's expecting a user toke looks at
|
|
the first character to determine if it's a UID or a name; then it
|
|
looks up <TT>(getpwnam()</TT>) the username and translates it into a UID.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
In other words "names" beginning with digits create an ambiguity between
|
|
different representations of the same object (UID vs. name).
|
|
</blockQuote>
|
|
<blockQuote>
|
|
Now, granted this could be changed. Programs could search the entire
|
|
string for any non-digit and declare it to be a name rather than a
|
|
UID. However, even then there'd be an ambiguity when the "name"
|
|
consisted entirely of digits. Also changing this would entail finding
|
|
<EM>every</EM> piece of code that was parsing UIDs and user names <EM>anywhere</EM>
|
|
(precisely the sort of change that is nearly impossible for an
|
|
operating system that's been in use in hundreds of implementions for
|
|
over thirty years).
|
|
</blockQuote>
|
|
<blockQuote>
|
|
You could certainly just use a letter prefix to your SSN as your
|
|
user naming scheme. u1234567890 (123-45-7890) would work just as
|
|
well as 1234567890.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
As Faber as said, using SSN's in ANY visible way is an incredibly bad
|
|
idea. Perusing the Privacy SSN FAQ:
|
|
</blockQuote>
|
|
<blockQuote><BLOCKQuote>
|
|
<A HREF="http://www.faqs.org/faqs/privacy/ssn-faq/index.html"
|
|
>http://www.faqs.org/faqs/privacy/ssn-faq/index.html</A>
|
|
</BLOCKQuote></blockQuote>
|
|
<blockQuote>
|
|
... would be a good idea.
|
|
</blockQuote>
|
|
<P><STRONG>
|
|
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
I have created test users with both alpha and numeric characters, and all
|
|
works perfectly. Is there a work around?
|
|
</STRONG></P>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [JimD]
|
|
Re-think your policy.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Faber]
|
|
Well, you could always hack the source, of course, of course. But I
|
|
assume there's a Good Reason why they don't allow it, I just don't know
|
|
what it is.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [JimD]
|
|
Think ambiguity. Then think, millions of lines of code in thousands
|
|
of programs. Then think 30 years of books, education and programmer
|
|
experience --- hundreds of thousands of programmers who already <EM>know</EM>
|
|
that usernames like most identifiers in most languages must start with
|
|
an alpha or some suitable punctuation and that leading digits signify
|
|
a UID.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
Sounds like a bad idea all around.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
I suppose you could just modify the login programs to accept numerics
|
|
and prefix them with some letter or even an _ (underscore) before
|
|
logging the user in. This would keep the change focused just to a few
|
|
programs and libraries (basically just the PAM and login suite).
|
|
</blockQuote>
|
|
<blockQuote>
|
|
However, this sort of hack has a way of causing more confusion later.
|
|
Everyone at your site will then be "logging in" one way and getting a
|
|
username that doesn't quite match the string they use to log in ---
|
|
could cause lots of confusion.
|
|
</blockQuote>
|
|
|
|
<!-- end 8 -->
|