They are authenticated using CRYPT passwords. i.e. Even after a user is disabled in ipa, it's entry is still visible in ypcat passwd on the clients.
On Wed, Jan 13, 2016 at 4:17 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: > >> I think I've solved this. I don't know what or who enabled it, but for >> some >> reason the original NIS service (ypserv) was running on the server. That >> was taking precedence over ipa's fake NIS, and causing problems. I have >> now >> deleted the maps and commented them out in the Makefile so that it doesn't >> get enabled accidentally again. >> >> I do see another problem though. In an attempt to clean up a lot of old >> users, I have disabled them in the webui. This works for ipa clients and >> access is denied, but the users can still log in on the old NIS clients. >> Is >> this a known limitation ? >> > How they are authenticated on the NIS clients? FreeIPA does not provide > shadow map. > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project