I was able to remove this by overwriting the attribute "ipa user-mod --setattr krblastadminunlock= waynev"
grant@ef-idm01:~[20221123-7:50][#1022]$ ipa user-show --all --raw waynev | grep -i krblastadminunlock grant@ef-idm01:~[20221123-7:51][#1023]$
I’ll have the user test and we’ll see if this resolves the 'no ssh login to IPA servers' issue for this user. If it’s a no, I will change his password.
thanx
- grant