Currently the app works in such a fashion that it accepts the username and turns it into an email. Should block certain usernames such as root to prevent automated attacks from bots looking for low hanging fruit.
@oxr463:
It should check local users. The lookups for that are done by libnss_aad.
@neverrend:
@oxr463:
See: https://github.com/CyberNinjas/pam_aad/issues/54