Am Tue, May 18, 2021 at 11:44:57AM +0100 schrieb Dominik Vogt via FreeIPA-users: > Using freeipa from RHEL8.1, we need to set up the ipa-clients in a > way that login is only possible if the ipa-server can be > contacted. Local logi from the cache must be impossible. Is > there a way to achieve this?
Hi, as long as it is only about password authentication you can set 'cache_credentials = False', see man sssd.conf for details. Other methods, e.g. ssh public-key authentication, will still work and currently I do not have an idea how to disable them reliable in this case. bye, Sumit > > Ciao > > Dominik ^_^ ^_^ > > -- > > Dominik Vogt > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
