Applies to: All versions of Centrify DirectControl
How to allow only the local users and not the Active Directory (AD) users to execute the 'passwd' command to reset their passwords?
1. Login as 'root' user to the UNIX machine where Centrify is installed.
2. cd to the folder /etc/pam.d/
3. Comment out the following line in the /etc/pam.d/system-auth-ac.cdc file
# password sufficient pam_centrifydc.so try_first_pass
4. Save the file /etc/pam.d/system-auth-ac.cdc.
Now verify executing the 'passwd' command as AD user and local user on the UNIX machine where Centrify is installed:
1. Login in as the AD user. Execute the command 'passwd' . The user will see a message like :
Changing password for user <AD username>
passwd: Authentication token manipulation error
This indicates that the command is not executed for the AD user.
2. Login as a local user. Execute the command 'passwd' .
The user should be able to change the password.