On 07/20/2010 09:45 AM, Gerrard Geldenhuis wrote: > Hi There is a bugzilla raised concerns users still being able to > login if they have ssh keys even if there ldap account is disabled.
Define "disabled". If your only flag is the userpassword field, you won't find a good solution to this problem, since that field will never be used by an ssh session using keys. I believe you can use pam_access(5) to grant login access only to members of a group in your directory, and remove users from that group when you disable their login access. -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
