Creating / Removing users "on the fly"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi --

I've got a situation where I have a very large number of "users", one where I can't be sure all my user accounts would fit on a single machine. 

Additionally - all the users are going to do is set up reverse tunnels.  They can only auth via the authorized_keys as well.  And they don't 

I've looked around and a PAM module may be the ticket - hence my joining the list.

Does anyone have a suggestion / direction for how to go about doing this?

I have found a few PAM modules which let you create users on the fly - but I don't have a good way to clean them up after the fact.

My current "best guess":
 * PAM module accepts any username and looks it up  in a webservice for keys.
  * Changes the user to a uuid, creates the .authorized-keys file and drops the keys in there.
  * Somehow - knows when the ssh auth is completed, and removes the directory.

My current "ideal":
  * PAM module accepts any username and looks it up  in a webservice for keys.
  * Puts those keys into a PAM env-var
  * Changes the user to a standard , can't do anything but reverse tunnel user
  * somehow.. those authorized-keys :(   gets put into the ssh workflow 

Hoping someone had a suggestion.  

Or maybe all of this is just a big mis-use of PAM / SSH and I should just write a server in go or something that checks the keys, opens ports, etc..

Thanks for any thoughts!
Cary FitzHugh

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux