Autocorrect "shell"
> On Nov 25, 2013, at 1:33 PM, "Michael" <[email protected]> wrote: > > Change the users she'll to nologin. > > Mike > > > >> On Nov 25, 2013, at 1:23 PM, "Howard Chu" <[email protected]> wrote: >> >> Viviano, Brad wrote: >>> Hello, >>> I've searched the archives of this list, the web as best I can, and have >>> this same question asked to the sssd-devel mailing list and can not seem to >>> find an answer this my question. I have a RHEL 6.4 server with OpenLDAP >>> 2.4.23-32.el6_4.1 and sssd 1.9.2-129.el6, both installed as standard RPM's >>> from Redhat. I have ppolicy configured in slapd and on another RHEL6.4 >>> system >>> have sssd setup as a client. Everything works fine with password expires, >>> grace periods, etc and sssd, if the user has to enter their password. But, >>> if >>> the user is using an SSH public key, setting the account as locked or the >>> password is expired still allows them to log in. I can't seem to find a >>> good >>> solution that forces the user to change their password before they can >>> login. >> >> Why would you expect anything to validate their password if they are using >> an SSH public key? pam only gets the ppolicy info if it performs an LDAP >> Bind with the user's password. >> >> -- >> -- Howard Chu >> CTO, Symas Corp. http://www.symas.com >> Director, Highland Sun http://highlandsun.com/hyc/ >> Chief Architect, OpenLDAP http://www.openldap.org/project/ >>
