On Wed, May 23, 2001 at 02:39:19PM -0700, Randall Gellens wrote:
> At 5:12 PM -1000 5/22/01, Clifton Royston wrote:
>
> > Changing the login group for thousands of
> > users, so that we could use the group-based server mode selection
> > seemed likely to cause problems.
>
> There's no need to change the login group. Secondary group is
> fine. The user only needs to be a member of the group.
At least on the BSD systems we use, I *believe* we have found problems
in the past with putting more than <mumble> users into a single given
secondary group. I forget what the exact number was, maybe several
hundred. (This may have been a bug resulting from some maximum buffer
length or line size in the login program parsing the /etc/groups file
at login time.) We could certainly have worked around this by using
different groups for different subsets of the shell users, but that was
starting to look a bit convoluted and hard to maintain if shell access
gets added or revoked
It just seemed logical to me that if the main contraindication for
server_mode is shell access, I should implement a way of making
server_mode hinge on shell access. At this site, at least, it looks
like it will make configuration very simple.
But of course it's your call as to whether it should be integrated into
the main line of code.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED]
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
