On Thu, Feb 19, 2015 at 10:54:21AM +0100, Sumit Bose wrote: > As a side note, when using IPA or AD with passwords already the > authentication fails for expired account and it looks like ssh does not > show PAM messages during the authentication phase, you will only see:
This reminded me that we had a bug a long time ago that insisted on checking the krbPrincipalExpiration attribute during the account phase. I still have the patch in one of my old branches, but it doesn't apply anymore. Would it make sense to merge that code as well now that we're touching the sdap access code at all? _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
