On Wed, Apr 15, 2015 at 02:35:08PM +0200, Olivier wrote:
Thanks Michael,
> Note that password policy response controls can only be used when sssd
actually tries to verify the user's password with a LDAP (simple)
> bind request. Obviously this won't work if you completely disabled
passwort authc in sshd_config.
that is my fear. Since it sounds to me that sshd bypass the user password
verification when authenticate over ssh key,
I'm curious to see if those options will be relevant in my case. I'll let
you know.
As Lukas said, SSSD also checks the password expiration during LDAP
access control.
I share Michael's sentiment about this being a bit of a misfeature,
since the password controls should only apply to password operations,
but many users requested this feature. It's not enabled by default btw.