Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

PAM - local policy enforcement

Occasional Visitor

PAM - local policy enforcement

Hi All,


My question is how  to bind the local policy to LDAP user that override remote LDAP server control?






P.S.This thread has been moved from HP-UX>System Administration to HP-UX > security- HP Forums Moderator

Honored Contributor

Re: PAM - local policy enforcement

What specific things you wish to override?


If the LDAP server is enforcing password quality and/or aging, and you're using native LDAP rather than NIS emulation, the client essentially sends the username and password to the server and receives an "OK" or "Not OK" as a response. The only way the client could say "OK" on its own if the server says "Not OK" would be if the client actually had a copy of the password hash stored locally... which means the user account is local.