URL:
https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: edited
Changed field: body
Original value:
"""
This is a straightforward patch for denying access to a user when the user is not
permitted to access their account due to logonHours restrictions.
This matches the default behaviour for domain-joined Windows machines. When outside the
logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it
is appropriate to put this check inside the PAM "account" rules.
"""