[Freeipa-users] nsAccountLock attribute
Prashant Bapat
prashant at apigee.com
Wed Apr 1 09:43:46 UTC 2015
Hi Jan,
Thanks for your response. But my problem is AmazonLinux does not support
ipa-client or sssd. No binaries available, lots of dependency issues
compiling from source.
So the route I have taken is to use FreeIPA on Fedora21. And use authconfig
to enumerate users/groups. And have a SSH command to lookup the keys.
Thanks.
--Prashant
On 1 April 2015 at 11:06, Jan Cholasta <jcholast at redhat.com> wrote:
> Hi,
>
> Dne 1.4.2015 v 07:09 Prashant Bapat napsal(a):
>
> Hi ,
>>
>> Is there a way of making the nsAccountLock attribute (User
>> enable/disable) to be anonymously readable ?
>>
>> I'm trying to implement a SSH key lookup sshd authorized key command
>> script. Based on this attribute the user will be allowed to login. I
>> need this to be anonymously readable.
>>
>> Tried setting the permissions but it does not work.
>>
>> Any other ideas on this ?
>>
>
> If your SSH server is a properly configured IPA host (i.e. you had run
> ipa-client-install or ipa-server-install on it), rejecting locked user
> login should work automatically, without having to configure anything.
>
>
>
>> Thanks for your help.
>>
>> --Prashant
>>
>>
>>
> --
> Jan Cholasta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150401/e3c2de50/attachment.htm>
More information about the Freeipa-users
mailing list