disable users
Jerome Walter
walter+SP at M.efrei.fr
Mon Sep 1 03:18:06 EDT 2003
maro wrote:
> hi everybody,
> i have a problem and here it is.
> We have windows 2000 domain and a kerberos realm hosted on unix. in
> active directory we have user accounts mapped to kerberos principals.
> users choose the kerberos realm to login to windows machines and
> supply their credentials for kerberos realm. usernames are the same
> in active directory and on unix,passwords are different.
> the problem is that when i disable a user account in active
> directory,the user can still login to kerberos realm. this should not
> happen because when the user is logging to a windows machine active
> directory is queried.
> does anybody have an idea about that?
What about setting their default shell to /bin/false in the NIS or LDAP
account of the unix user ? I think most of the Unix sysadmin would take
this solution...
Sincerely,
Jerome Walter
More information about the Kerberos
mailing list