Charles Hedrick via FreeIPA-users wrote:
> One of my staff made a typo in his shell in “ipa user-mod —shell” It can be 
> hard to recover from, since you can’t login.
> Is there a way to restrict what they can use? Traditionally only shells in 
> /etc/shells were valid.

There is no way currently.

Note that part of the problem is which /etc/shells to use? Remember that
IPA is centralized and users may be using a number of different
operating systems. This is why the default shell is /bin/sh, because it
is nearly universal.

It probably isn't a ton of work to add a new config option to provide a
set of valid shells so feel free to file an RFE I just don't know that
this sort of thing would be prioritized.

We could probably help if you want to contribute something.

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to