Specify which PAM applications are exempt from multi-factor authentication.
For example, if you have a role with the login-all PAM application right and have selected the “Multi-factor authentication required” system right, you can use this group policy to bypass multi-factor authentication for programs that don’t support it. You can also add program names to this list to skip multi-factor authentication when you wan to make specific exceptions to the MFA requirement.
By default, programs which are known to be unable to support multi-factor authentication are included in the list. For example, multi-factor authentication is ignored by default for the xscreensaver and vsftpd programs.
Note: Program names must be separated by a space.
This group policy modifies the
pam.mfa.program.ignore setting in the agent configuration file.