Users with /bin/false shell are shown as having access, despite allow-disabled-shell set to false
Login services that provide shells will not allow access to the host if a user has a /bin/false loginShell. These (Unix disabled) users can still though be allowed through services like ftp where no shell is required. Hence, they will show up as having access (in the output from 'vastool list users-allowed').
However, with the 'allow-disabled-shell' option set to 'false' in vas.conf it should disallow users having /bin/false loginShell from logging through any service (even where no shell is required). With this setting applied, the output from 'vastool list users-allowed' should not display the Unix-disabled users.
Tested this, but it failed.
* applied the setting in /etc/opt/quest/vas/vas.conf:
allow-disabled-shell = false
* running 'vastool list users-allowed' still showed the user account with /bin/false login shell
# vastool list users-allowed | grep remote
Product Defect ID CR0231602 (Bug # 14023) has been logged and submitted to Development, for considering fix in a future release.
This is fixed in version 4.x of Authentication Services.