BladeSystem Forums have moved here
To make BladeSystem information easier to find, we have moved the BladeSystem forums here, to Servers and Operating Systems.
Security
Showing results for 
Search instead for 
Do you mean 

PAM - local policy enforcement

Highlighted
Occasional Visitor

PAM - local policy enforcement

[ Edited ]

Hi All,

 

My question is how  to bind the local policy to LDAP user that override remote LDAP server control?

 

 

thanks!

 

 

P.S.This thread has been moved from HP-UX>System Administration to HP-UX > security- HP Forums Moderator

1 REPLY
Honored Contributor

Re: PAM - local policy enforcement

What specific things you wish to override?

 

If the LDAP server is enforcing password quality and/or aging, and you're using native LDAP rather than NIS emulation, the client essentially sends the username and password to the server and receives an "OK" or "Not OK" as a response. The only way the client could say "OK" on its own if the server says "Not OK" would be if the client actually had a copy of the password hash stored locally... which means the user account is local.

MK