adclient.local.account.manage.strict

This configuration parameter applies enforcement mode for local account management. The default is false and it is defined as not strict.

The following are sub-parameters for this configuration parameter:

  • adclient.local.account.manage.strict.passwd: false
  • adclient.local.account.manage.strict.group: false

When enabled in strict mode for user (except user with UID 0) any unmanaged local user's password entry is removed from /etc/passwd. If /etc/shadow file exist, shadow entry is removed as well. If user's extended attributes exist, those are removed.

When enabled in strict mode for group (except user with GID 0), any unmanaged local group entry is removed from /etc/group. If group's extended attributes exist, those are removed as well.

After switching to strict enforcement of local account management, switching back to non strict local account management does not restore the unmanaged local user or group.