You can configure PAM so that any update to a global user password also updates the account in the external security system that PAM uses for password verification. To do this, the external security system needs to be an acquired endpoint in CA IdentityMinder, that is, a managed endpoint.
To configure automatic updates to external security systems, perform the following steps:
endpoint-type=ActiveDirectory endpoint-domain=YOUR_DOMAIN endpoint-name=YOUR_ENDPOINT_NAME
endpoint-type=Windows NT endpoint-domain=YOUR_DOMAIN endpoint-name=YOUR_ENDPOINT_NAME
When a managed endpoint is enabled in this way, any change to a global user password is also applied to the password of the matching account on the indicated endpoint if that account is correlated to the global user. The account password update occurs whether or not password propagation to accounts is requested. It occurs even in cases where password propagation would not have occurred. For example, the update occurs even if password propagation to the endpoint has been disabled or if the global user is marked as restricted. If password propagation to accounts is requested, the global user's other accounts are updated as well.
For Active Directory, a matching account is one whose samAccountName attribute is equal to the global user's name. For Windows NT, a matching account is one whose account name is the same as the global user's name.
|
Copyright © 2013 CA.
All rights reserved.
|
|