Applies to: All versions of Centrify DirectControl
Is it possible to enforce AD/Windows password rules for local accounts? How does pam.mapuser work?
Yes it is possible by making use of the pam.mapuser configuration parameter. Once the parameter is set, the local
user is expected to type the mapped AD user's password during login. If the local password needs to be used, the
pam.allow.override parameter can be used. Once pam.allow.override is configured, the local user needs to use the
username localaccount@localhost ( note: use localhost, do not replace it with hostname ) and their local password to login.
Both these methods are discussed with examples in the attachment at the end of this KB..