This policy lists PAM applications for which multi-factor authentication should be ignored. For example, if you have a role with the login-all PAM application right and have selected the "Multi-factor authentication required" system right, you can use this group policy to bypass multi-factor authentication for programs that don't support it. You can also add program names to this list to skip multi-factor authentication when you want to make specific exceptions to the MFA requirement.
By default, programs which are known to be unable to support multi-factor authentication are included in the list.
This group policy modifies the pam.mfa.program.ignore setting in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Pam |
Value Name | |
Value Type | REG_DWORD |
Default Value | {60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{F8A0B131-5F68-486c-8040-7E8FC3C85BB6} |