Specify programs for which multi-factor authentication is ignored

Specify which PAM applications are exempt from multi-factor authentication.

For example, if you have a role with the login-all PAM application right and have selected the “Multi-factor authentication required” system right, you can use this group policy to bypass multi-factor authentication for programs that don’t support it. You can also add program names to this list to skip multi-factor authentication when you wan to make specific exceptions to the MFA requirement.

By default, programs which are known to be unable to support multi-factor authentication are included in the list. For example, multi-factor authentication is ignored by default for the xscreensaver and vsftpd programs.

Note:   Program names must be separated by a space.

This group policy modifies the pam.mfa.program.ignore setting in the agent configuration file.