[Freeipa-users] k5login loophole even account is disabled on FreeIPA

[Thomas Lau]

Folks,

let's say I am user thomas, and user "temp1" already marked as "disabled"
on FreeIPA, but thomas at DOMAIN.COM is on /home/temp1/.k5login list, how come
I could still "sudo su - temp1"? It seems skip the checking on FreeIPA even
account is disabled. Did I miss any setting or it's normal?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170512/3ced834c/attachment.htm>