This adds the option 'ignore_groups' where a comma separated list of groups of users who should not be considered by pam_krb5 can be provided.
This was added to work around the lack of advanced conditional syntax in macOS where OpenPAM is used vs Linux-PAM. Our specific use case is where pam_krb5 is used with FAST for OTP but there are non-OTP users present on the host.
minimum_uid doesn't help in these cases as these non-OTP users exist in a variety of uid ranges.
This adds the option 'ignore_groups' where a comma separated list of groups of users who should not be considered by pam_krb5 can be provided.
This was added to work around the lack of advanced conditional syntax in macOS where OpenPAM is used vs Linux-PAM. Our specific use case is where pam_krb5 is used with FAST for OTP but there are non-OTP users present on the host.
minimum_uid doesn't help in these cases as these non-OTP users exist in a variety of uid ranges.