When we create any local user by selang
AC> eu username native password(xxxxx)
it does not take the password set by OS, how can we create such users which should take the default password policy set by OS
Control minder : 12.8
AC is ignorant of the local OS' password policy.
What you can do instead is to create another password policy in AC which is as strict or even stricter than the OS one.
How this is done is explained here:
Configure Password Quality Checking
Account Passwords set in selang would then match both the OS and the AC password policy.
Setting password policy in AC is good idea, but if the user changes his password with passwd command then, new password will not comply with AC policy.
How can we meet this requirement ?
Are you saying we need to create password policy on OS level and AC level both ?
Please see our documentation
quoting here for your convenience:
"We recommend that you use sepass instead of the operating system's passwd command and sesu instead of the su command. To do this, you need to save the original system binaries and replace them with symbolic links to sepass and sesu respectively. Once this is done, you need to make sure you can always use these utilities.”
Regarding your concern - once you have PIM implemented accordingly it would basically overrule the OS Password Policy so that this would not come into effect (as long as it is equally or less strict than the PIM pwd policy).