we using LAM (ldap-account-manager) to manage users. For "pam_check_host_attr" we use the "ldapns.schema". This is working fine.
But when you have servers with home mounted on nfs, and the user send his/her sshkey to the homedirectory the user is alway able to login
even if the access was blocked with the "pam_check_host_attr".

Is there a way to disable sshlogins with keys too when the login via this schema is locket?

LDAPserver is on Ubuntu 16.04. Clients also Ubuntu 16.04.

Thanks and best Regards