On 6/2/22 13:36, Jim Kinney wrote:
It seems if valid ssh keys exist, the expired account status doesn't block login with ssh keys.
I believe that's because *users* don't expire. *Passwords* do. If you aren't authenticating with passwords, then password expiration doesn't affect the account.
This is one of the reasons that users should consider using Kerberos, or SSH certificate systems, rather than SSH keys.
https://smallstep.com/blog/use-ssh-certificates/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
