What is nvuauth ? (4290626)

Nvuauth is added by Authentication Service.  Its purpose is for self enrollment of mapped users. 

Authentication Services provides a feature called "mapped user" where you can map local Unix user accounts to Active Directory user accounts. Self-enrollment extends the mapped user feature to allow any user to log on to a Unix/Linux system using the same account (identity) that they have always used for authentication (local, NIS, LDAP, or any kind of account), while at the same time consolidating password management/reset/policy enforcement in Active Directory. enable-self-enrollment creates a link (or mapping) between the local/NIS/LDAP/etc account and the AD account provided. Further authentication attempts using the newly mapped account name are redirected to Active Directory. 

 Nvuauth means non-vas auth, we don’t configure it with our pam module so a user trying to self-map can be authenticated without auth loops.  QAS needs a method of authenticating a local user that does not interact with the QAS pam libraries. To do this, during pam configuration, vastool join ( or configure pam, which join calls ) adds a new pam service named nvauth, and doesn’t put the QAS pam libraries in it’s stack. The file / section is removed at uninstall / unjoin / unconfigure ( they all call the same base code to do the removal ). It is usually made by copying off the login file / section, or other, depending on OS, and is otherwise unmodified from the source file.