In version 3.5.x of QAS setting a users shell to /bin/false would allow the users attributes to be cached and prevent the user from logging in directly.
In version 4.x the users attributes are not cached.
This is expected by design behavior in 4.x
By default a /bin/false shell means a user isn't allowed access, thus should be hidden.
If there is a requirement to have users whose shell is set to /bin/false be cached on the system the run the following command which will update /etc/opt/quest/vas/vas.conf
/opt/quest/bin/vastool configure vas vas_auth allow-disabled-shell true
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center