This configuration parameter specifies whether or not Centrify DirectControl Agent is allowed to automatically edit the NSS and PAM configuration files on the local computer.
The parameter value is set to true to allow the files to be edited, or false to prevent the files from being edited. The default value is true.
In most cases, this parameter should be set to true to allow Centrify DirectControl Agent to maintain configuration files automatically. If you set this parameter to true, you can further control the specific individual files to be automatically edited in different operating environments through additional configuration parameters. For example, you can use the adclient.autoedit.nss to enable or disable automatic editing of the nsswitch.conf file or the adclient.autoedit.pam to enable or disable automatic editing of the PAM configuration file. These additional configuration parameters are ignored in the adclient.autoedit parameter is set to false.
If you set the adclient.autoedit parameter to false, you must manually edit the appropriate configuration files to enable Centrify DirectControl Agent. For example, if you set this parameter to false, you should manually edit the nsswitch.conf and /etc/pam.d/system-auth or /etc/pam.d files to include configuration information for Centrify DirectControl Agent or authentication through Active Directory will fail and you may disable login access entirely.
If you want to manually edit the configuration files, you should first make a backup copy of the existing files. After you make a backup copy of the files, you can use the following examples to manually update the files with the configuration information for Centrify DirectControl Agent.
Note that this setting would not take effect until Centrify DirectControl Agent restarts.
This policy modifies the adclient.autoedit setting in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Adclient |
Value Name | adclient.autoedit |
Value Type | REG_SZ |
Enabled Value | true |
Disabled Value | false |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Adclient |
Value Name | {number} |
Value Type | REG_DWORD |
Default Value |