We have a special server with a running program that needs to be shared locally between multiple users one at a time. A thought I had as this is doable in Linux, is to authenticate as their AD user, but map to a special user on this server upon login.
Requirements:
- Only one user could be logged in at a time
- We need RBAC logins
- The program is running as a specific user
- The program can never be shutdown
- None of the users can login directly to the program's user account
- We cannot use RDP or VNC-like
Another way to say this is: I have an AD group that I would like to impersonate a single user. Anyone in this group can log in one at a time and not kill the running session and program.
Unfortunately, the software cannot be modified and does not have a web ui.
Is there a way to map users this way?