Kyle Waters wrote: > The problem is that on the remote box they only log in via samba+ldap. > Which I'm told doesn't trigger pam. Plus I have to run smbpasswd > inorder to configure the ldap account for the samba settings(I'm looking > into a better way of doing this).
Ok, how about this: have the remote servers run a fairly frequent cron job that downloads the latest list of all user account names and acts upon any additions or removals. Download via authenticated HTTPS or ssh (sftp) so that people can neither snoop nor alter the download (although they might block it). If you're feeling gutsy, you can make the servers download only a delta rather than the complete list. That would scale better if you have thousands of users, but it's more likely to introduce error. Shane /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
