Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2914: How to allow only the local users and not Active Directory users to execute the 'passwd' command.

Centrify DirectControl ,  

12 April,16 at 11:10 AM

Applies to: All versions of Centrify DirectControl

Question:
How to allow only the local users and not the Active Directory (AD) users to execute the 'passwd' command to reset their passwords?

Answer:
1. Login  as 'root' user to the UNIX machine where Centrify is installed.

2. cd to the folder /etc/pam.d/
3. Comment out the following line in the /etc/pam.d/system-auth-ac.cdc file
    # password sufficient pam_centrifydc.so try_first_pass
4. Save the file /etc/pam.d/system-auth-ac.cdc.

Now verify executing the 'passwd' command as AD user and local user on the UNIX machine where Centrify is installed:

1. Login in as the AD user. Execute the command 'passwd' . The user will see a message like :
    Changing password for user <AD username>

    passwd: Authentication token manipulation error

This indicates that the command is not executed for the AD user.

2. Login as a local user. Execute the command 'passwd' .

The user should be able to change the password.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles