On Tue, 4 Dec 2007, Bill Tangren wrote:
A new policy has been implemented here at work. The old policy stated that, when someone logs in to a system via ssh, I had to display a consent to monitor banner, which is easy to implement. The new policy, however, requires that the user has to somehow signify that they have read and will abide by the policy. In essence, I have to get a yes or no input from the user, possibly just after they log on, and if they say no, log them off. If they say yes, they get to proceed. My question: what is the best way to implement this? I have to make sure the user cannot remove this functionality for future logins, so I can't put it in any of their login scripts. This is easy to implement for GUI logins, but I don't know the best way to proceed for ssh. Any ideas?
We did a somewhat-similar task at a place where I used to work. We set everyone's login shell to a locally-written perl script. That perl script did things such as ensure that the user had permission to log in to the system, check the user's quota, print out a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to fit what you want to do. I don't have the code anymore, but this might give you an idea of what direction to go. (Would you need to record user's answers to your question in a database for future reference? This might give you that ability.)
HTH, Carl -- Carl G. Riches Software Engineer Department of Biostatistics Box 357232 voice: 206-616-2725 University of Washington fax: 206-543-3286 Seattle, WA 98195-7232 internet: cgr@xxxxxxxxxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
