The account plugin manages authentication data, including
User access data is stored in three files in the Account directory:
SSH keys are stored in files named $username.key; these are installed into root’s authorized keys for users in the superusers list as well as for the pertitent users in the rootlike file (for the current system).
Authentication data is read in from (static|dyn).(passwd|group) The static ones are for system local ones, while the dyn. versions are for external synchronization (from ldap/nis/etc). There is also a static.limits.conf that provides the limits.conf header and any static entries.
Files in the Account directory:
Format: The SSH public key for user <username>.If the user is in the “rootlike” or “superusers” group, these keys will be appended to /root/.ssh/auth
Format: “user:hostname” on each line.Describes who may login where (via PAMs /etc/security/limits.conf). Everybody else will be denied access.(?)
If Alice should be able to access host “foo”, Bob should access “foo” and “bar”:alice:foo.example.com bob:foo.example.com bob:bar.example.com
Format: “user:hostname” on each line.Describes who will be allowed root access where. The user may login via public key and use sudo.
If Chris should be root only on host “foo”:chris:foo.example.com
Format: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.)Describes who will be allowed root access on all hosts. The user may login via public key and use sudo.
Daniel, Eve and Faith are global admins:daniel eve faith
Format: Lines from /etc/passwd or /etc/groupThese entries are appended to the passwd and group files (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above) without doing anything else.
Format: Lines from /etc/passwd or /etc/groupSimilar to “static.*” above, but for entries that are managed “on the network” (yp, LDAP, ...), so it is most likely periodically (re)filled.
Format: Lines from /etc/security/limit.confThese limits will be appended to limits.conf (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above).
Format: Lines from /etc/sudoersThese lines will be appended to to sudoers file (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above).