On 1.4.2015 11:43, Prashant Bapat wrote: > Hi Jan, > > Thanks for your response. But my problem is AmazonLinux does not support > ipa-client or sssd. No binaries available, lots of dependency issues > compiling from source. > > So the route I have taken is to use FreeIPA on Fedora21. And use authconfig > to enumerate users/groups. And have a SSH command to lookup the keys.
Interesting. Please complain to Amazon support about this, it will improve situation for others too. Petr^2 Spacek > Thanks. > --Prashant > > On 1 April 2015 at 11:06, Jan Cholasta <[email protected]> wrote: > >> Hi, >> >> Dne 1.4.2015 v 07:09 Prashant Bapat napsal(a): >> >> Hi , >>> >>> Is there a way of making the nsAccountLock attribute (User >>> enable/disable) to be anonymously readable ? >>> >>> I'm trying to implement a SSH key lookup sshd authorized key command >>> script. Based on this attribute the user will be allowed to login. I >>> need this to be anonymously readable. >>> >>> Tried setting the permissions but it does not work. >>> >>> Any other ideas on this ? >>> >> >> If your SSH server is a properly configured IPA host (i.e. you had run >> ipa-client-install or ipa-server-install on it), rejecting locked user >> login should work automatically, without having to configure anything. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
