Open marcvs opened 2 years ago
So something like the read_only
mode for the LDAP backend, but applied to any backend? It probably makes sense then to move this issue to the feudalAdapter.
I don't see a big conflict with authorized_users
, logically they are two separate things. Even when an account was created manually by the admin, the user needs to be authorised to access the service, either through authorized_users
, authorized_vos
, or by authorising all users from an OP. Sure, I guess there is redundant configuration, but that's the price to pay for the admin to gain more control.
I have the feeling, that it may make sense to have a setting that allows some kind of "freeze" of users.
I.e. a mode in which users are not created automatically, and login only works if an account exists already.
I see the conflict with the
authorized_users
option inmotley-cue.conf
, but...People may be afraid of a system that generates new accounts, and might prefer a mode in which they create a new account config. The only thing to set the correct "gecos" field for
/etc/passwd
, which can (more or less) easily be done with: