> I don't think so. I have had problems with just sshd only when trying do > clever things just because ssh looks up the user before trying to login.
Same here. I don't think this should be too big of a problem. It might not work for a default PAM stack (as John points out in another message) but I think it's fairly easy to make a PAM stack for which it works. Sure there are some things you might not be able to do but it's all a matter of trade-offs. Say you have a breach; All personal data of employees has been leaked and it has been determined this was done by gaining access via a keytab lifted of any one of the 500 desktops in your organisation. Having to explain to the authorities that every desktop has a key (which isn't tied to a unique user) and allows access to personal data of employees isn't a really good sell when your trying to make a case you did your due diligence in order to avoid a fine. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
