[Date Prev][Date Next]
Re: different shells on different hosts?
Could you tell me more about the ldap wrapper you're describing -
what/how is it written? (what language, where does it fit-into things, do
you have an example, URL?)
I was also wondering whether I could use the pam_env.so module to specify
the SHELL to be used..
I still find the symbolic link approach the easiest, but I do agree that
it has an overhead in managing the symbolic links..
On Wed, 2 Jul 2008, Mustafa A. Hashmi wrote:
On Tue, Jul 1, 2008 at 12:17 AM, Joy Khoriaty <firstname.lastname@example.org> wrote:
I'd like my LDAP users to have different shells on 2 different client
machines. Is that possible? how can I set it up?
e.g, on host1, user1 has for shell /bin/bash, on host2, user1 has for shell
Someone suggested having the defined shell for the user in their LDAP entry
be called e.g. /bin/ldap_shell, and symbolic linking accordingly on each
machine, but it doesn't give me the granularity I want on a per user basis
Interesting problem; and the suggested solution sounds fairly clean to
me -- however, since we're taking ideas:
Write a small wrapper which does an LDAP lookup on a given attribute
and parses the return to select the shell. For example, you retrieve
from attribute : userLoginShells the values:
Based on the lookup and the hostname, you get the appropriate shell.
You can choose to deny login or give a restricted shell if a match
can't be found.
Barring the overhead of actually writing the wrapper, the only
advantage (i see) here is management via LDAP of user shells (instead
of hitting the console to create symlinks).