Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

11.4. Enabling and Disabling User Accounts

The administrator can disable and enable active user accounts. Disabling a user account deactivates the account. Disabled user accounts cannot be used to authenticate. A user whose account has been disabled cannot log into IdM and cannot use IdM services, such as Kerberos, or perform any tasks.
Disabled user accounts still exist within IdM and all of the associated information remains unchanged. Unlike preserved user accounts, disabled user accounts remain in the active state. Therefore, they are displayed in the output of the ipa user-find command. For example:
$ ipa user-find
  User login: user
  First name: User
  Last name: User
  Home directory: /home/user
  Login shell: /bin/sh
  UID: 1453200009
  GID: 1453200009
  Account disabled: True
  Password: False
  Kerberos keys available: False
Any disabled user account can be enabled again.
After disabling a user account, existing connections remain valid until the user's Kerberos TGT and other tickets expire. After the ticket expires, the user will not be able renew it.

Enabling and Disabling User Accounts in the Web UI

  1. Select the IdentityUsers tab.
  2. From the Active users list, select the required user or users, and then click Disable or Enable.

    Figure 11.12. Disabling or Enabling a User Account

    Disabling or Enabling a User Account

Disabling and Enabling User Accounts from the Command Line

To disable a user account, use the ipa user-disable command.
$ ipa user-disable user_login
Disabled user account "user_login"
To enable a user account, use the ipa user-enable command.
$ ipa user-enable user_login
Enabled user account "user_login"