KB-1323: /etc/security/limits are not being enforced for Centrify zone-enabled users on AIX
Applies to: Centrify DirectControl 4.2.0 on all supported versions of AIX.
Problem: /etc/security/limits are not being enforced for Centrify zone-enabled users.
Cause: adclient should have taken defaults from /etc/security/limits and /etc/security/user, but it does not. Instead it uses its own defaults.
Workarounds: 1) Define these attributes in Active Directory for zoned users via adupdate.
Add, delete, or modify the value of an extended attribute for the user. Typing a plus sign (+) before the attribute name adds the extended attribute if it doesn't exist. Typing a minus sign (-) before the attribute name removes the attribute, if it exists. For example, to set the value of the extended attribute aix.rlogin:
adupdate modify user -X +aix.rlogin=true jae
Once you have finished changing attribute values, run adflush.
Note: Extended attributes are only applicable on AIX computers. You can use adquery with the help keyword to view a list of the supported extended attributes. For example: adquery user --extattr help
2) Specify the defaults in centrifydc.conf. The aix.attr.xxx parameters were not documented, so here are all the parameters that are supported and can be added to centrifydc.conf: