I have a small IPA domain setup on RHEL 6 server with a FreeIPA server, a
replica and two clients. There are six users setup in the domain. All
users are able
to login over SSH to both client systems. I am not using IPA to control
sudo access. Sudo privilges are granted by group membership
Jakub,
Thanks for the reply. Please see the original post. I included a couple
of snippets from /var/log/secure and pam_sss is being used.
Albert
On Fri, Dec 7, 2012 at 10:16 AM, freeipa-users-requ...@redhat.com wrote:
select users cannot sudo or login at the
console
In our environment we have several systems where users require access to
the system to setup an SSH tunnel but should not have a shell on the
system. Prior to rolling out IPA we accomplished this with the
authorized_keys file as follows:
command=/usr/bin/perl -e '$|=1; print \Tunnel created, use
Albert,
Have you tried putting that command in the public key for the user in
freeipa and setting the user shell to /sbin/nologin or the equivalent?
On 15 December 2012 02:09, Albert Adams bite...@gmail.com
mailto:bite...@gmail.com wrote:
In our environment we have several systems where
.
Albert
On Mon, Dec 17, 2012 at 9:36 AM, Simo Sorce s...@redhat.com wrote:
On Mon, 2012-12-17 at 09:07 -0500, Albert Adams wrote:
Thank you for the responses. I was initially attempting to set this
value via the web UI and if I entered anything other than the hash
value of the user's