looks like the real solution is valid_shells in sssd.conf. That will prevent people from damaging themselves.
> On Jan 25, 2018, at 3:12 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > > Charles Hedrick via FreeIPA-users wrote: >> One of my staff made a typo in his shell in “ipa user-mod —shell” It can be >> hard to recover from, since you can’t login. >> >> Is there a way to restrict what they can use? Traditionally only shells in >> /etc/shells were valid. > > There is no way currently. > > Note that part of the problem is which /etc/shells to use? Remember that > IPA is centralized and users may be using a number of different > operating systems. This is why the default shell is /bin/sh, because it > is nearly universal. > > It probably isn't a ton of work to add a new config option to provide a > set of valid shells so feel free to file an RFE I just don't know that > this sort of thing would be prioritized. > > We could probably help if you want to contribute something. > > rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
