[Freeipa-users] nsAccountLock attribute
Petr Spacek
pspacek at redhat.com
Wed Apr 1 12:36:22 UTC 2015
On 1.4.2015 11:43, Prashant Bapat wrote:
> Hi Jan,
>
> Thanks for your response. But my problem is AmazonLinux does not support
> ipa-client or sssd. No binaries available, lots of dependency issues
> compiling from source.
>
> So the route I have taken is to use FreeIPA on Fedora21. And use authconfig
> to enumerate users/groups. And have a SSH command to lookup the keys.
Interesting. Please complain to Amazon support about this, it will improve
situation for others too.
Petr^2 Spacek
> Thanks.
> --Prashant
>
> On 1 April 2015 at 11:06, Jan Cholasta <jcholast at redhat.com> wrote:
>
>> Hi,
>>
>> Dne 1.4.2015 v 07:09 Prashant Bapat napsal(a):
>>
>> Hi ,
>>>
>>> Is there a way of making the nsAccountLock attribute (User
>>> enable/disable) to be anonymously readable ?
>>>
>>> I'm trying to implement a SSH key lookup sshd authorized key command
>>> script. Based on this attribute the user will be allowed to login. I
>>> need this to be anonymously readable.
>>>
>>> Tried setting the permissions but it does not work.
>>>
>>> Any other ideas on this ?
>>>
>>
>> If your SSH server is a properly configured IPA host (i.e. you had run
>> ipa-client-install or ipa-server-install on it), rejecting locked user
>> login should work automatically, without having to configure anything.
More information about the Freeipa-users
mailing list