On Sat, 31 Jul 1999, Alex Zepeda wrote: > The easiest way I can think of would be to add them to /etc/passwd and set > their shell and home dir to /nonexistant. Ideally you wouldn't be running > any other daemons, so there'd be no real way for them to access files; but > the stock ftpd, as well as sshd offer ways to disable access to specific > users. > > Dealing with "real" users IMO is quite a bit less hackish.
I like the 'keeping it real' idea as well. Then again, doesn't 3.2R+ support SecureRPC? Isn't this the sort of thing NIS+ was invented for? A centralized db of users that you can then export to various machines with differing characteristics? I.e. couldn't you import the NIS db to your mail box(es) with /nonexistent home directory and /sbin/nologin shell? Name and password pairs would still exist, allowing any SMTP/POP3 daemons I know of to work without change. If NIS sends chills down your spine, I guess you could also do a bit of non-daemon-based hackage... make a script replace the home directory and shell fields with appropriate values in a copied passwd and rsync the thing to your mail boxes... Then again, SQL seems to be the current buzz... Having SQL-based access is cool/manageable (a friend generates the MySQL db from his Radius users file). As usual, there's more than one way to skin a cat. Later, --mike To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
