Hi,
this should work and you don't even have to set the shell to
/sbin/nologin (depends on whether you want the users to be able to login
to the system by other means or not), as the command directive in
authorized_keys takes precedence.
The tricky part is escaping the value correctly (there
Thank you for the responses. I was initially attempting to set this value
via the web UI and if I entered anything other than the hash value of the
user's public key it would get rejected. After thinking about your
response I realize that I really need to determine a method of doing this
via a HB
On Mon, 2012-12-17 at 09:07 -0500, Albert Adams wrote:
> Thank you for the responses. I was initially attempting to set this
> value via the web UI and if I entered anything other than the hash
> value of the user's public key it would get rejected. After thinking
> about your response I realize
Hi,
Is it possible to lock out an user account on a set date?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
An HBAC extension would certainly be appreciated. I'm not sure how other
organizations are setup but in our environment we don't give shell access
unless absolutely necessary and we use a lot of SSH tunneling with target
services bound to localhost. If I can figure out the correct syntax to get
t
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
> Hi,
>
> Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note this: https://fedorahosted.org/freeipa/ticket/3305
It means
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
> On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>> Is it possible to lock out an user account on a set date?
>>
>
> You should be able to set the krbPrincipalExpiration attribute to expire
> an account on a set date.
>
>
On Mon, 2012-12-17 at 19:08 +0100, Sigbjorn Lie wrote:
>
>
> On Mon, December 17, 2012 18:40, Simo Sorce wrote:
> > On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
> >
> >> Hi,
> >>
> >>
> >> Is it possible to lock out an user account on a set date?
> >>
> >
> > You should be able to set t
On Mon, December 17, 2012 19:32, Simo Sorce wrote:
> On Mon, 2012-12-17 at 19:08 +0100, Sigbjorn Lie wrote:
>
>>
>>
>> On Mon, December 17, 2012 18:40, Simo Sorce wrote:
>>
>>> On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
>>>
>>>
Hi,
Is it possible to lock out
>
> Is it possible to lock out an user account on a set date?
>
>
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note this: https://fedorahosted.org/freeipa/ticket/3305
I
On Mon, 2012-12-17 at 11:00 -0800, Brian Cook wrote:
> >
> > Is it possible to lock out an user account on a set date?
> >
> >
>
> You should be able to set the krbPrincipalExpiration attribute to expire
> an account on a set date.
>
> However note this
I know this may be a loaded question, but I am asking it anyways.
Can anyone tell me what the current status and future plan for IPA / Samba
4 is?
---
Steven Santos
Director
Simply Circus, Inc.
86 Los Angeles Street
Newton, MA 02458
P: 617-527-0667
F: 617-934-1870
E: ste...@simplycircus.com
___
On Mon, Dec 17, 2012 at 8:58 PM, Steven Santos wrote:
> I know this may be a loaded question, but I am asking it anyways.
>
> Can anyone tell me what the current status and future plan for IPA / Samba 4
> is?
probably the same as with AD: cross realm trusts.
--
groet,
natxo
___
I'm attempting to install Satellite in my IPA domain. There is a
ridiculous requirement that the group "dba" must not already exist
prior to installing. Red Hat support wanted me to *remove* the DBA
group and then install.
Anyway, I'm trying to play around with filter_groups in sssd, and I
can't
On Fri, September 7, 2012 16:50, Dmitri Pal wrote:
> On 09/07/2012 07:33 AM, Ondrej Valousek wrote:
>
>> That is actually the main benefit of the 'ldap.ADdomain' parameter. It
>> will allow you to simplify configuration and allows easy load
>> balancing/failover functionality. We
>> are paying
On Mon, 2012-12-17 at 14:58 -0500, Steven Santos wrote:
> I know this may be a loaded question, but I am asking it anyways.
>
>
> Can anyone tell me what the current status and future plan for IPA /
> Samba 4 is?
We plan to support setting up trusts with Samba4 just like we do with AD
when Samba
On 12/17/2012 03:11 PM, KodaK wrote:
> I'm attempting to install Satellite in my IPA domain. There is a
> ridiculous requirement that the group "dba" must not already exist
> prior to installing. Red Hat support wanted me to *remove* the DBA
> group and then install.
>
> Anyway, I'm trying to pla
On 12/17/2012 09:36 AM, Simo Sorce wrote:
> On Mon, 2012-12-17 at 09:07 -0500, Albert Adams wrote:
>> Thank you for the responses. I was initially attempting to set this
>> value via the web UI and if I entered anything other than the hash
>> value of the user's public key it would get rejected.
Hi,
When trying to generate a host and nfs principal + keys from the Oracle ZFS
7120/7320 Appliance i get the following error message (note that the
information pasted are from a simulator but i get exactly the same error from
our real Appliances).
I can't generate a key on the IPA server and
On 12/17/2012 07:15 PM, Johan Petersson wrote:
> Hi,
>
> When trying to generate a host and nfs principal + keys from the
> Oracle ZFS 7120/7320 Appliance i get the following error message (note
> that the information pasted are from a simulator but i get exactly the
> same error from our real App
On Tue, 2012-12-18 at 00:15 +, Johan Petersson wrote:
> Hi,
Hi Johan,
see inline.
> When trying to generate a host and nfs principal + keys from the
> Oracle ZFS 7120/7320 Appliance i get the following error message (note
> that the information pasted are from a simulator but i get exactly
OME, success, client=admin@HOME,
> > service=kadmin/server.home@HOME, addr=192.168.0.112, vers=2, flavor=6
> > Dec 17 23:12:05 server.home kadmind[3614](Notice): Unauthorized
> > request: kadm5_create_principal, host/zfs1.home@HOME,
> > client=admin@HOME, service=kadmin/server.home
Hi,
Unfortunately i still get the same error from the Appliance even after having
added both host and nfs principals in the IPA web interface.
"failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error:
43787522 (Operation requires ``add'' privilege)"
I get the impression that the A
Hi,
We are implementing IPA Server and are gong to need to be able to authenticate
properly with a number of Solaris 11 servers.
I have browsed the archives and found a few threads mentioning some problems
with Solaris 11 and IPA Server.
Does anyone know if the issue have been solved?
Johan.
_
24 matches
Mail list logo