What about doing something like is popular on some git services, where instead of having actual accounts for each user, all the users log in with a single account but different keys? You then govern their access/behavior based on which key is used to authenticate. =Dave On 02/06/2015 12:10 PM, Cary FitzHugh wrote: > I guess I didn't want to litter the users table either - it just seems > "wrong" to be actually adding things to the host when it is really so > transient. It feels like it should be LDAP-ish. Just ask the server > for the keys and do a one-off authentication. But I've seen even LDAP > creates the user directories. > > I see that 2.6 kernels can have some 4B users, which should last me a > while. But it is a bit more work and plumbing to try to keep things > in sync. > > I'm a bit / very idealistic though - so I guess I'll keep rooting > around. I'm ok writing a PAM module if that's what I needed. But I > have a feeling there's a good bit more to it. And without someone know > "knows " - that can be a very long rabbit trail :) > > Hrm.... > > > > On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor > <dkg@xxxxxxxxxxxxxxxxx> wrote: >> On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote: >>> The trouble is that the user isn't created on the machine beforehand. >>> But I actually don't want the user created, b/c I don't want to litter >>> all these servers with little user directories. Users may be >>> transient as well - so littering the directories of these machines >>> with tons of data just causes many other problems (running out of >>> inodes, disk-space, etc). >> >> If this is your only concern, most systems don't require that a user >> have a unique home directory at all. You could create a /home/nobody >> which is unusable by anyone, and populate the systems's user table with >> users (maybe via some sensible nameservice switch module) pointing at >> that directory as their homedir. >> >> In other words, i don't think this is an ssh problem, it can be solved >> directly in other parts of your OS. >> >> --dkg > -- Hello World. David Bronder - Systems Architect Segmentation Fault ITS-EI, Univ. of Iowa Core dumped, disk trashed, quota filled, soda warm. david-bronder@xxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
