Starting with Centrify DB2 agent 5.2.3, this configuration parameter specifies whether the Centrify DB2 agent checks pam.ignore.users for a list of users to authenticate locally, without first attempting to authenticate those users in Active Directory.

By default, the Centrify DB2 agent authenticates users in Active Directory first. If users do not exist in Active Directory, the Centrify DB2 agent then authenticates users locally.

If you set this parameter to true, users defined in the pam.ignore.users list are authenticated locally only (that is, no attempt is made to authenticate them in Active Directory first). For example:

db2.implement.pam.ignore.users: true

To specify that an Active Directory authentication attempt should be made for all users, and that local authentication be attempted only for users not in Active Directory, set this parameter to false:

db2.implement.pam.ignore.users: false

If you change the setting of this parameter, restart the DB2 instance to activate the new setting.