Greg Woods wrote:
and that works right off the bat. There were other reasons why it might have been nice to set the realm based on the user name; we're a research institution, meaning that the groups here have a relatively high degree of autonomy with little central control. It might have been nice to allow the various groups to run their own backend servers, and choosing a back end based on the username would be a handy thing to be able to do.
That's realms. A lot of people do that.
But just for the purpose at hand (being able to authenticate a few users with pam instead of otp), it works to just use the users file on the back end server to accomplish that. If I do try to do something organization-wide, it will probably be better to have some kind of database (LDAP or SQL) involved.
Yes. Much better. Alan DeKok.