maro wrote: > hi everybody, > i have a problem and here it is. > We have windows 2000 domain and a kerberos realm hosted on unix. in > active directory we have user accounts mapped to kerberos principals. > users choose the kerberos realm to login to windows machines and > supply their credentials for kerberos realm. usernames are the same > in active directory and on unix,passwords are different. > the problem is that when i disable a user account in active > directory,the user can still login to kerberos realm. this should not > happen because when the user is logging to a windows machine active > directory is queried. > does anybody have an idea about that?
What about setting their default shell to /bin/false in the NIS or LDAP account of the unix user ? I think most of the Unix sysadmin would take this solution... Sincerely, Jerome Walter ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
