Security
cancel
Showing results for 
Search instead for 
Did you mean: 

PAM - local policy enforcement

iisawwai
Occasional Visitor

PAM - local policy enforcement

Hi All,

 

My question is how  to bind the local policy to LDAP user that override remote LDAP server control?

 

 

thanks!

 

 

P.S.This thread has been moved from HP-UX>System Administration to HP-UX > security- HP Forums Moderator

1 REPLY
Matti_Kurkela
Honored Contributor

Re: PAM - local policy enforcement

What specific things you wish to override?

 

If the LDAP server is enforcing password quality and/or aging, and you're using native LDAP rather than NIS emulation, the client essentially sends the username and password to the server and receives an "OK" or "Not OK" as a response. The only way the client could say "OK" on its own if the server says "Not OK" would be if the client actually had a copy of the password hash stored locally... which means the user account is local.

MK