PAM - local policy enforcement (135 Views)
Reply
Occasional Visitor
iisawwai
Posts: 1
Registered: ‎01-21-2013
Message 1 of 2 (135 Views)

PAM - local policy enforcement

[ Edited ]

Hi All,

 

My question is how  to bind the local policy to LDAP user that override remote LDAP server control?

 

 

thanks!

 

 

P.S.This thread has been moved from HP-UX>System Administration to HP-UX > security- HP Forums Moderator

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 2 (115 Views)

Re: PAM - local policy enforcement

What specific things you wish to override?

 

If the LDAP server is enforcing password quality and/or aging, and you're using native LDAP rather than NIS emulation, the client essentially sends the username and password to the server and receives an "OK" or "Not OK" as a response. The only way the client could say "OK" on its own if the server says "Not OK" would be if the client actually had a copy of the password hash stored locally... which means the user account is local.

MK
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.