LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue95/tag/8.html

156 lines
5.6 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<META NAME="generator" CONTENT="lgazmail v1.4G.k">
<TITLE>The Answer Gang 95: Converting from Win2k to Linux</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<!--endcut ==============================================-->
<!-- begin 8 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>Converting from Win2k to Linux</H3>
<p><strong>From Tim Grossenbacher
</strong></p>
<p></strong></p>
<p align="right"><strong>Answered By: Faber Fedor, Jim Dennis
</strong></p>
<P><STRONG>
Gradually converting from a Windows 2000 server to Linux running Redhat 7.2.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
First off, kudos on converting, but hy 7.2? You should at least be
doing 7.3 (although I've found 9 to be nice and stable). You have
patched the 7.2 box, haven't you?
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
For many years, we have used social security numbers as login names within
the Win2k domain to login.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
My gawd, man! Are you mad! I certainly hope this domain is nowhere
near the Internet! &lt
<IMG SRC="../../gx/dennis/smily.gif" ALT=";D"
height="24" width="20" align="middle">r. Evil&gt; But if it is, how do you translate
between the login of the employee's SSN and his email name? Can you tell
me the name of that file and which machine it is on??&lt;/Dr. Evil&gt;
</blockQuote>
<blockQuote>
And you've never had a problem with identity theft? Amazing.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Linux does not appear to allow me to create a
user with numbers only as the user.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
Correct. Linux (and every *nix I've seen) won't allow login names to
start with a number. &lt;Turns to the audience&gt; Why is that? Anyone know?
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
Because any place in the code that's expecting a user toke looks at
the first character to determine if it's a UID or a name; then it
looks up <TT>(getpwnam()</TT>) the username and translates it into a UID.
</blockQuote>
<blockQuote>
In other words "names" beginning with digits create an ambiguity between
different representations of the same object (UID vs. name).
</blockQuote>
<blockQuote>
Now, granted this could be changed. Programs could search the entire
string for any non-digit and declare it to be a name rather than a
UID. However, even then there'd be an ambiguity when the "name"
consisted entirely of digits. Also changing this would entail finding
<EM>every</EM> piece of code that was parsing UIDs and user names <EM>anywhere</EM>
(precisely the sort of change that is nearly impossible for an
operating system that's been in use in hundreds of implementions for
over thirty years).
</blockQuote>
<blockQuote>
You could certainly just use a letter prefix to your SSN as your
user naming scheme. u1234567890 (123-45-7890) would work just as
well as 1234567890.
</blockQuote>
<blockQuote>
As Faber as said, using SSN's in ANY visible way is an incredibly bad
idea. Perusing the Privacy SSN FAQ:
</blockQuote>
<blockQuote><BLOCKQuote>
<A HREF="http://www.faqs.org/faqs/privacy/ssn-faq/index.html"
>http://www.faqs.org/faqs/privacy/ssn-faq/index.html</A>
</BLOCKQuote></blockQuote>
<blockQuote>
... would be a good idea.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I have created test users with both alpha and numeric characters, and all
works perfectly. Is there a work around?
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
Re-think your policy.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
Well, you could always hack the source, of course, of course. But I
assume there's a Good Reason why they don't allow it, I just don't know
what it is.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
Think ambiguity. Then think, millions of lines of code in thousands
of programs. Then think 30 years of books, education and programmer
experience --- hundreds of thousands of programmers who already <EM>know</EM>
that usernames like most identifiers in most languages must start with
an alpha or some suitable punctuation and that leading digits signify
a UID.
</blockQuote>
<blockQuote>
Sounds like a bad idea all around.
</blockQuote>
<blockQuote>
I suppose you could just modify the login programs to accept numerics
and prefix them with some letter or even an _ (underscore) before
logging the user in. This would keep the change focused just to a few
programs and libraries (basically just the PAM and login suite).
</blockQuote>
<blockQuote>
However, this sort of hack has a way of causing more confusion later.
Everyone at your site will then be "logging in" one way and getting a
username that doesn't quite match the string they use to log in ---
could cause lots of confusion.
</blockQuote>
<!-- end 8 -->
Reference in New Issue View Git Blame Copy Permalink