What does the setting uid-check-conflicts do and when should it be used?
To help avoid security problems that result from users sharing UIDs, the pam_vas module will perform a UID conflict check for each VAS user login to ensure that their UID is unique before they are granted access to the system.
In the case that a given Unix system has applications that authenticate users but bypass the pam_authenticate() function call, you can set this option to true, which will cause nss_vas to perform a UID conflict check for users during the getpwnam function. If users have a UID conflict, then their login shell will be set to /bin/false or to the value of the access-denied-shell option.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center