[Freeipa-users] k5login loophole even account is disabled on FreeIPA
Thomas Lau
tlau at tetrioncapital.com
Fri May 12 06:19:33 UTC 2017
Folks,
let's say I am user thomas, and user "temp1" already marked as "disabled"
on FreeIPA, but thomas at DOMAIN.COM is on /home/temp1/.k5login list, how come
I could still "sudo su - temp1"? It seems skip the checking on FreeIPA even
account is disabled. Did I miss any setting or it's normal?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170512/3ced834c/attachment.htm>
More information about the Freeipa-users
mailing list