Showing results for 
Search instead for 
Did you mean: 

PAM - local policy enforcement

Occasional Visitor

PAM - local policy enforcement

Hi All,


My question is how  to bind the local policy to LDAP user that override remote LDAP server control?






P.S.This thread has been moved from HP-UX>System Administration to HP-UX > security- HP Forums Moderator

Honored Contributor

Re: PAM - local policy enforcement

What specific things you wish to override?


If the LDAP server is enforcing password quality and/or aging, and you're using native LDAP rather than NIS emulation, the client essentially sends the username and password to the server and receives an "OK" or "Not OK" as a response. The only way the client could say "OK" on its own if the server says "Not OK" would be if the client actually had a copy of the password hash stored locally... which means the user account is local.