I want to control access to my machines via public keys. I'm
implanting the private key in a smartcard-like token, and giving the
tokens to people for access. They'll use the tokens like smartcards,
and ssh-agent can use those RSA keys on the tokens.

However, I don't want people to authorize other public keys (ie, not
on physical tokens) after they've logged in.

How do I configure openssh so that it'll permit a public key for a
user, without giving the user the oppertunity to change/add public
keys to the authorized list?

Also, is there a way to have a single file with the authorized keys
for *all* users? Like /etc/shadow, but for public keys rather than