Controlling Password Synchronization in Services for UNIX Using the PasswordPropAllow and PasswordPropDeny Local Groups

ID: Q216639


The information in this article applies to:


SUMMARY

You can control which users' passwords are synchronized to the UNIX pods by the Password Synchronization service. This is done by creating and populating the PasswordPropAllow and PasswordPropDeny local user groups on the Windows NT-based computer that is running the Password Synchronization service.


MORE INFORMATION

The Password Synchronization service uses the PasswordPropAllow and PasswordPropDeny groups to determine whether a user's password change should be propagated to the configured UNIX pods. If a user is in the PasswordPropAllow group and not in the PasswordPropDeny group, the user's password change is propagated to the UNIX pods.

By default, the PasswordPropAllow and PasswordPropDeny groups do not exist, and all users' password changes are propagated. Once one of these groups is created, password changes are propagated only for those users in the PasswordPropAllow group and not in the PasswordPropDeny group.

The PasswordPropAllow group should contain users or user groups for which password changes should be propagated to the UNIX pods.

The PasswordPropDeny group should contain users or user groups for which password changes should not be propagated to the UNIX pods.

Additional query words:


Keywords          : kbenv 
Version           : :; winnt:4.0
Platform          : winnt 
Issue type        : kbinfo 

Last Reviewed: July 29, 1999