Multiple servers, restricting user commands and LDAP

[Finlay Dobbie]

I have a set-up of 3 servers at disparate geographical locations.

Server 1 provides web services, and users should be able to use sftp
only. Admins should be able to get shells.
Server 2 provides CVS services, and users sh ould be able to use cvs
only. Admins should be able to get shells.
Server 3 provides shell services for all users.

There appears to be no easy way of implementing this within the
current OpenSSH system. At this point in time, for various reasons,
each server maintains its own authentication database, which are
periodically regenerated from a master SQL database of users and
groups (and other stuff). Another set of scripts generate
.ssh/authorized_keys files and rsync them about, creating the correct
command= and so on for each user based on their relative privileges
and the host in question.

For obvious reasons, this is nasty. I am pushing towards moving
everything over to LDAP for authentication and user information. This
includes the public keys, and in fact we have taken over the hosting
of the OpenSSH-LPK project[1] and I plan on contributing resources
towards that end (we've started using our own schema, I'm writing up
an Internet-Draft on it, etc).

Basically, I was wondering if anybody had any input on this situation,
what they'd like to see from any OpenSSH/LDAP integration, and that
kind of thing. It seems that the command= shouldn't necessarily only
be coupled to keys, no?

Has anybody dealt with a similar situation?

[1] http://www.opendarwin.org/projects/openssh-lpk/

 -- Finlay