Control how Centrify DirectControl Agent responds if a user logs on with an Active Directory account and either the Active Directory user name or Active Directory UID conflicts with a local user account.
The purpose of detecting a duplicate user name or duplicate UID is to prevent an Active Directory user from signing on and receiving privileges to modify files created by a different local user.
If you select Enabled for this group policy, you can choose one of the following options:
- ignore: Do not report duplicate user names or UID conflicts. If detected, log the conflict at the info level if logging is enabled.
- warn: Warn the user of the user name or UID conflict after s successful login. Log the conflict at warning level if logging is enabled. This is the default value.
- error: Report UID conflict to user after user name is entered. Don't accept password. Don't allow log in. Log conflict at error level.
On Mac, this setting only applies to user name conflicts. System will deny any login for UID conflicts automatically.
The default value is warn.
This group policy modifies the pam.uid.conflict setting in the Centrify DirectControl configuration file.
NOTICE:
Make sure the OpenSSH version is supported. Setting this
property on an unsupported version will render the OpenSSH
server unable to start.