This configuration parameter specifies whether single sign-on (SSO) is permitted for local users, or if only zone-enabled Active Directory users are allowed to log in through SSO.
By default, this parameter is set to true, and the user UNIX name is checked against the nss.ignore.user list. If the UNIX name is in the list, the user is considered a local user, and SSO is not allowed. In this situation, the user must enter the local user password to log in.
If this parameter is set to false, local users are allowed to log in through SSO.
For example:
krb5.sso.block.local_user: true
Doc Feedback