pam

The [pam] section contains tokens that UNAB uses to interact with the PAM module.
capamsc141
The [pam] section contains tokens that UNAB uses to interact with the PAM module.
  • debug_mode_for_user
    Defines whether the PAM module can print messages to the user screen during login.
    Options
    : yes, no
    Default
    : yes
  • home_directory_permission
    Specifies the default file permissions that are assigned to the user home directory.
    Values
    : 0-7
    Default
    : 700
    Example
    : 700indicates that each user has read, write, and execute permissions to their home directories only.
  • pam_ad_password_only
    Defines the PAM module behavior when the mapped user logs in with a local password.
    Options
    : yes, no
    Default
    : yes
  • pam_delete_user_ccache
    Defines whether the pam_uxauth module deletes the Active Directory user credentials cache upon login completion.
    Values:
    Yes (Delete the AD user credentials after login), no (The credentials cache is not changed)
    Default:
    No
  • pam_exit_on_deny
    Defines the PAM module behavior if the login was denied due to enterprise or local policy settings or Active Directory account state.
    Options
    : yes (The PAM module closes the sequence and prevents other PAM modules from authenticating the user), no (The PAM module does not close and enables other PAM modules to authenticate the user. The no value allows the login server to retry the PAM sequence call)
    Default:
    yes
  • pam_receive_timout
    Specifies the time, in seconds, that the PAM module waits for the UNAB agent (uxauthd) to respond.
    Limits
    : any positive integer.
    Default
    : 10
  • user_minimal_uid
    Defines the minimal UID for the local storage to authenticate in the Active Directory.
    Values
    : any positive number.
    Default
    : 101