On Thu, Jan 30, 2014 at 02:35:57PM +0400, Denis Kutin wrote: > Dear friends, > > Using sssd, for a long time, I have come across with a problem recently, > which I would like to solve with your help. > > I provide centralized authentication and authorization service for a huge > heterogeneous network. And in my case it would be "nice and easy" if sssd > used only shells(5). I believe this mechanism is sufficient for > identification of an allowed shell. > > I take a liberty to offer you this tiny patch, which will let use wildcard > (*) in param allowed_shells in sssd.conf > > What do you think about it? Hi, the patch itself looks OK except for lines being over 80 characters, but I don't think I understand the use case well. If a user has a shell specified that is outside /etc/shells he's kicked out anyway. If he does, he's permitted by default..