Hi,
this should work and you don't even have to set the shell to
/sbin/nologin (depends on whether you want the users to be able to login
to the system by other means or not), as the command directive in
authorized_keys takes precedence.
The tricky part is escaping the value correctly
Thank you for the responses. I was initially attempting to set this value
via the web UI and if I entered anything other than the hash value of the
user's public key it would get rejected. After thinking about your
response I realize that I really need to determine a method of doing this
via a
Hi,
Is it possible to lock out an user account on a set date?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
An HBAC extension would certainly be appreciated. I'm not sure how other
organizations are setup but in our environment we don't give shell access
unless absolutely necessary and we use a lot of SSH tunneling with target
services bound to localhost. If I can figure out the correct syntax to get
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note this: https://fedorahosted.org/freeipa/ticket/3305
It means ti
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note
On Mon, 2012-12-17 at 19:08 +0100, Sigbjorn Lie wrote:
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration
On Mon, December 17, 2012 19:32, Simo Sorce wrote:
On Mon, 2012-12-17 at 19:08 +0100, Sigbjorn Lie wrote:
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You
Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note this: https://fedorahosted.org/freeipa/ticket/3305
It means ti will work with krb auth but not with ldap
I'm attempting to install Satellite in my IPA domain. There is a
ridiculous requirement that the group dba must not already exist
prior to installing. Red Hat support wanted me to *remove* the DBA
group and then install.
Anyway, I'm trying to play around with filter_groups in sssd, and I
can't
On Fri, September 7, 2012 16:50, Dmitri Pal wrote:
On 09/07/2012 07:33 AM, Ondrej Valousek wrote:
That is actually the main benefit of the 'ldap.ADdomain' parameter. It
will allow you to simplify configuration and allows easy load
balancing/failover functionality. We
are paying for
On Mon, 2012-12-17 at 14:58 -0500, Steven Santos wrote:
I know this may be a loaded question, but I am asking it anyways.
Can anyone tell me what the current status and future plan for IPA /
Samba 4 is?
We plan to support setting up trusts with Samba4 just like we do with AD
when Samba4
On 12/17/2012 03:11 PM, KodaK wrote:
I'm attempting to install Satellite in my IPA domain. There is a
ridiculous requirement that the group dba must not already exist
prior to installing. Red Hat support wanted me to *remove* the DBA
group and then install.
Anyway, I'm trying to play
On 12/17/2012 09:36 AM, Simo Sorce wrote:
On Mon, 2012-12-17 at 09:07 -0500, Albert Adams wrote:
Thank you for the responses. I was initially attempting to set this
value via the web UI and if I entered anything other than the hash
value of the user's public key it would get rejected. After
Hi,
When trying to generate a host and nfs principal + keys from the Oracle ZFS
7120/7320 Appliance i get the following error message (note that the
information pasted are from a simulator but i get exactly the same error from
our real Appliances).
I can't generate a key on the IPA server and
On 12/17/2012 07:15 PM, Johan Petersson wrote:
Hi,
When trying to generate a host and nfs principal + keys from the
Oracle ZFS 7120/7320 Appliance i get the following error message (note
that the information pasted are from a simulator but i get exactly the
same error from our real
On Tue, 2012-12-18 at 00:15 +, Johan Petersson wrote:
Hi,
Hi Johan,
see inline.
When trying to generate a host and nfs principal + keys from the
Oracle ZFS 7120/7320 Appliance i get the following error message (note
that the information pasted are from a simulator but i get exactly the
IT costs?
www.redhat.com/carveoutcosts/
-- next part --
An HTML attachment was scrubbed...
URL:
https://www.redhat.com/archives/freeipa-users/attachments/20121217/7f262831/attachment.html
18 matches
Mail list logo