[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: different shells on different hosts?

Thanks Mustafa,

Could you tell me more about the ldap wrapper you're describing -
what/how is it written? (what language, where does it fit-into things, do you have an example, URL?)

I was also wondering whether I could use the pam_env.so module to specify the SHELL to be used..

I still find the symbolic link approach the easiest, but I do agree that it has an overhead in managing the symbolic links..


On Wed, 2 Jul 2008, Mustafa A. Hashmi wrote:

On Tue, Jul 1, 2008 at 12:17 AM, Joy Khoriaty <elventails@elventails.com> wrote:

I'd like my LDAP users to have different shells on 2 different client
machines. Is that possible? how can I set it up?

e.g, on host1, user1 has for shell /bin/bash, on host2, user1 has for shell

Someone suggested having the defined shell for the user in their LDAP entry
be called e.g. /bin/ldap_shell, and symbolic linking accordingly on each
machine, but it doesn't give me the granularity I want on a per user basis

Interesting problem; and the suggested solution sounds fairly clean to me -- however, since we're taking ideas:

Write a small wrapper which does an LDAP lookup on a given attribute
and parses the return to select the shell. For example, you retrieve
from attribute : userLoginShells the values:


Based on the lookup and the hostname, you get the appropriate shell.
You can choose to deny login or give a restricted shell if a match
can't be found.

Barring the overhead of actually writing the wrapper, the only
advantage (i see) here is management via LDAP of user shells (instead
of hitting the console to create symlinks).


-- Joy Khoriaty elventails@elventails.com http://elventails.com