[openssh-unix-dev] Re: Creating users "on - the - fly"
David Bronder
david-bronder at uiowa.edu
Sat Feb 7 05:21:42 AEDT 2015
What about doing something like is popular on some git services, where
instead of having actual accounts for each user, all the users log in with a
single account but different keys? You then govern their access/behavior
based on which key is used to authenticate.
=Dave
On 02/06/2015 12:10 PM, Cary FitzHugh wrote:
> I guess I didn't want to litter the users table either - it just seems
> "wrong" to be actually adding things to the host when it is really so
> transient. It feels like it should be LDAP-ish. Just ask the server
> for the keys and do a one-off authentication. But I've seen even LDAP
> creates the user directories.
>
> I see that 2.6 kernels can have some 4B users, which should last me a
> while. But it is a bit more work and plumbing to try to keep things
> in sync.
>
> I'm a bit / very idealistic though - so I guess I'll keep rooting
> around. I'm ok writing a PAM module if that's what I needed. But I
> have a feeling there's a good bit more to it. And without someone know
> "knows " - that can be a very long rabbit trail :)
>
> Hrm....
>
>
>
> On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>> On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote:
>>> The trouble is that the user isn't created on the machine beforehand.
>>> But I actually don't want the user created, b/c I don't want to litter
>>> all these servers with little user directories. Users may be
>>> transient as well - so littering the directories of these machines
>>> with tons of data just causes many other problems (running out of
>>> inodes, disk-space, etc).
>>
>> If this is your only concern, most systems don't require that a user
>> have a unique home directory at all. You could create a /home/nobody
>> which is unusable by anyone, and populate the systems's user table with
>> users (maybe via some sensible nameservice switch module) pointing at
>> that directory as their homedir.
>>
>> In other words, i don't think this is an ssh problem, it can be solved
>> directly in other parts of your OS.
>>
>> --dkg
>
--
Hello World. David Bronder - Systems Architect
Segmentation Fault ITS-EI, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm. david-bronder at uiowa.edu
More information about the openssh-unix-dev
mailing list