Initial notes by DanielAllen

Present: Dave Gawley, DanielAllen, Ray Butterworth, and Steven Nickerson.

Since two of the three participants with live projects (Mike P and Chris C) were in SGI Ultrix training, we held off our regularly scheduled program till next week. Instead:

Discussion with Ray about users and groups.

Dave and I had a question about the proper way to handle user/group names and IDs which are necessary for an architecture (such as debian linux) but which aren't listed in the standard passwd/group files.

Ray's response question: do we need a specific name, or a specific name and ID? Dave/Daniel's answer: the former. We can deal with a different ID.

Ray showed us 'idregistry'. (see manpages 8). This is used to maintain and query an id-database daemon on general.math.

Following usages are useful for our purpose:

idregistry request <user> will tell you if the id or name is in use, returning 'UNKNOWN' if it doesn't exist.

idregistry request <group> type=group will do the same for groups.

idregistry require <uid> will do the same; but if it doesn't previously exist it will first create the user/id/group/gid in the database.

idregistry report will verify a list of "name:id" pairs.

parameter: Conformance=strict requires that all created users and groups will "automatically conform to the registry host's standard IDs; otherwise the account or group will not be created".

[But I'm not sure how Conformance is used in practice.]

Once we have our IDs registered, we can safely add them to our regional master host. (Such as student.cs for lws000.student.cs).

Passwords are propagated from one machine to another via spread-passwd (which should be in crontab)

Diversion on configuring passwords/accounts...

[I need to ask ray what this was really about; sorry]

Files are in /software/accounts/config/$HIERARCHY/$FILES

xh-options -a -p accounts -c $FILES

-a means print list of known or set options to stdout

-p accounts refers the following -c to the accounts package

-c translates to the matching subdirectory of $HIERARCHY

$HIERARCHY is determined by:

share > arch > regional > admin > local

-- DanielAllen - 09 Jun 2005