[Freeipa-users] Adding an IPA user that can't SSH?
I need to add a few users that can authenticate with IPA (LDAP, in some cases, kerberos in others), but can't SSH into hosts. I'm guessing the best option is to use some sort of group restriction on the SSH /host side, vs anything else in IPA? Thanks! ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding an IPA user that can't SSH?
On Fri, Jan 25, 2013 at 10:43 AM, Dmitri Pal d...@redhat.com wrote: AFAIK there is also some kind of no shell capability in SSH which might be useful in this case but I am not a specialist in this area. You can do this a few ways, but the easiest (IMO) is something like this in sshd_config: Match User limited-user ForceCommand echo 'This is a non-interactive account' This will cause that message to display if someone tries to log in with that account. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users