Best practices for "pure" remote accounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I was wondering what the conventional wisdom is in the following scenario...

I'm working on a downstream distro that uses Debian/Ubuntu bases, and we allow users to log into an appliance (or "server", if you prefer, but not really).  For now we have to go ahead and create a placekeeper account with no password for each user for LDAP or Radius authentication to work, but I saw some articles on stackoverflow and elsewhere talking about "authconfig" and "nslcd", etc.

Our requirements are such that having a "seed" user that everyone gets cloned as is fine, so they can inherit that uid, gid, and (nonexistent) home directory as they won't be dropping into a shell but into a management CLI instead.

We just need to be able to tell them apart by username.

And we can block access to scp/sftp if needed for that uid/gid so we don't have to worry about them creating files since they don't have a home directory of their own.

How is this typically solved in the most lightweight way possible?

Thanks,

-Philip

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux