Hi,
we are using LDAP for user authentication in our network. Works fine for
most hosts. But we want one host (call it "specialhost") to be treated a
special way:
specialhost is our host which hosts all services we provide for the
outside world. Therefore no user shpuld be able to login as her/himself
but should be asked to become root immediately. At the moment this is
done by a shell script, which is made the login shell for all users in
/etc/passwd.
As we do not want to use logins via /etc/passwd any longer we have to
find a way to make LDAP provide a special login shell for all users
logging in to specialhost.
I searched the web and asked some people for solutions but did not find
one. The only thing I found is host-based access control which prevents
users completely from logging in. As we do not want to allow remote root
logins this is no option for us.
Hopefully someone has any idea that directs me to a solution.
Greetings from Berlin, Germany,
Stephan