Re: Help with default shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Jun 23, 2021, at 7:12 AM, Hooton, Gerard <g.hooton@xxxxxx> wrote:
> 
> The users are authenticated using OpenLDAP.
> On LDAP the default shell is csh.
> When  ssh to login it works, i.e. $SHELL = /bin/csh
> Also, when using xrdp it works.
> However, a login from the  keyboard and screen attached computer we get $SHELL = /bin/bash

The shell is a symptom, not the core issue here.  The core issue is that local console logins aren’t configured to use LDAP on your system, so they fall back to the old flat-file-based user info sources.  (/etc/passwd, /etc/group, /etc/shadow…) 

The question then is, do you really *want* local logins to require the LDAP server to be up before it’ll accept a login?  If an LDAP package upgrade roaches things, do you want to be forced to reboot into single-user mode to fix it?  If there’s a network outage between this box and the OpenLDAP server, are you going to wait to log in locally as well until the network’s fixed?

Me, I’d just do a “chsh” on the users or a sed pass on /etc/passwd to change all the shells locally so they match the LDAP configuration so I can have it both ways.

However, if you’re bound and determined to have LDAP be the single source of all user truth, the bit at the end of Step 2 here looks like it should do that:

    https://arthurdejong.org/nss-pam-ldapd/setup

May you live to *not* regret doing that!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux