On 6/2/22 13:36, Jim Kinney wrote:
It seems if valid ssh keys exist, the expired account status doesn't block login with ssh keys.
I believe that's because *users* don't expire. *Passwords* do. If you aren't authenticating with passwords, then password expiration doesn't affect the account.
This is one of the reasons that users should consider using Kerberos, or SSH certificate systems, rather than SSH keys.
https://smallstep.com/blog/use-ssh-certificates/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
