Hi Jan, Thanks for your response. But my problem is AmazonLinux does not support ipa-client or sssd. No binaries available, lots of dependency issues compiling from source.
So the route I have taken is to use FreeIPA on Fedora21. And use authconfig to enumerate users/groups. And have a SSH command to lookup the keys. Thanks. --Prashant On 1 April 2015 at 11:06, Jan Cholasta <jchol...@redhat.com> wrote: > Hi, > > Dne 1.4.2015 v 07:09 Prashant Bapat napsal(a): > > Hi , >> >> Is there a way of making the nsAccountLock attribute (User >> enable/disable) to be anonymously readable ? >> >> I'm trying to implement a SSH key lookup sshd authorized key command >> script. Based on this attribute the user will be allowed to login. I >> need this to be anonymously readable. >> >> Tried setting the permissions but it does not work. >> >> Any other ideas on this ? >> > > If your SSH server is a properly configured IPA host (i.e. you had run > ipa-client-install or ipa-server-install on it), rejecting locked user > login should work automatically, without having to configure anything. > > > >> Thanks for your help. >> >> --Prashant >> >> >> > -- > Jan Cholasta >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project