Just jumping in, from following the discussion... So store the public key as an attribute in the LDAP database? -----Original Message----- From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com@xxxxxxxxxxx] On Behalf Of Daniel Kahn Gillmor Sent: Friday, February 06, 2015 10:48 AM To: Cary FitzHugh Cc: openssh-unix-dev@xxxxxxxxxxx Subject: Re: Creating users "on - the - fly" On Fri 2015-02-06 13:10:10 -0500, Cary FitzHugh wrote: > I guess I didn't want to litter the users table either - it just seems > "wrong" to be actually adding things to the host when it is really so > transient. It feels like it should be LDAP-ish. Just ask the server > for the keys and do a one-off authentication. But I've seen even LDAP > creates the user directories. you can use libnss-ldap to have a dynamic user table pulled from LDAP, if that's what you want. You don't need to touch any local file on the host if you just want to look up your users over the network. Or you can write your own name service switch extension that does the same. for GNU systems, see: https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev