> Just to clarify, do you think it's better for users to have:
> 0. no account on the server (eg use a group account)? From your previous posts,
> I think not, but I just wanted this list to be as complete as possible.
> 1. a user account (that they can't use to login to the server).
> 2. a login account.
1. a user account that cannot be used to log in.
The basic rule in secure systems is that only one user
must map to each account.
You can have multiple accounts for a different user.
But only one user per account.
And no sharing of accounts.
I might be willing to relax this rule for strictly read-only access,
but strict security administrators will not.
