On Sat, 31 Jul 1999, Alex Zepeda wrote:

> The easiest way I can think of would be to add them to /etc/passwd and set
> their shell and home dir to /nonexistant. Ideally you wouldn't be running
> any other daemons, so there'd be no real way for them to access files; but
> the stock ftpd, as well as sshd offer ways to disable access to specific
> users.
> 
> Dealing with "real" users IMO is quite a bit less hackish.

I like the 'keeping it real' idea as well.

Then again, doesn't 3.2R+ support SecureRPC?  Isn't this the sort of thing
NIS+ was invented for?  A centralized db of users that you can then export
to various machines with differing characteristics?  I.e. couldn't you
import the NIS db to your mail box(es) with /nonexistent home directory
and /sbin/nologin shell?  Name and password pairs would still exist,
allowing any SMTP/POP3 daemons I know of to work without change.

If NIS sends chills down your spine, I guess you could also do a bit of
non-daemon-based hackage...  make a script replace the home directory and
shell fields with appropriate values in a copied passwd and rsync the
thing to your mail boxes...

Then again, SQL seems to be the current buzz...  Having SQL-based access
is cool/manageable (a friend generates the MySQL db from his Radius users
file).

As usual, there's more than one way to skin a cat.

Later,
--mike




To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to