What is the valid syntax for the configuration parameter pam.allow.groups. If an AD group contains a space in it, specifying the AD group for pam.allow.groups may not work.Answer:
This configuration parameter specifies the groups allowed to access PAM-enabled applications. When this parameter is defined, only the listed groups are allowed access. All other groups are denied access. For example, if the domain is arcade.com
and the group is HelpDesk:
But on the other hand if you have spaces in the group name or OU name; For example, if the domain is arcade.com
and group is 'Help Desk'
This KB holds good even for pam.deny.groups