Hello fellows, happy Easter! I run into a security issue this morning here and tried to look for a solution. We use OpenLDAP for all "regular users" login on hosts and web services. Authentication is required from some cloud/moodle services via LDAP, but some users not having any homedirectory on any machine within the domain will still be allowed to login, even if the home dir is not present. They get loged in onto the root of the filesystem, when login via SSH.
Is there a way to prohibit login if homedir isn't present? Can you point me to the right place (PAM or something, pam_env isn't available on FreeBSD)? If this is a trivial issue and caused by lack of my personell knowledge, please excuse. Kind regards, O. Hartmann
