Hello
We are setting up PAM to manage ACF2 accounts via CA LDAP.
PAM Application configuration
Type: LDAP
Server Type: CA LDAP to ACF2
The PAM target account is setup with a second (master) account to change the account. This master ACF2 account has SECURITY role.
The PAM process of changing the target password works on ACF2. However, as a part of the process, the PWDEXP policy is applied to the target account, making it unusable until an end user logs into the mainframe with the target id and changes the password.
What we are trying to understand how to use the PAM Application LDAP configuration "Additional Attributes for Password Modification" to force the NOPWD-EXP policy to be applied to target account in ACF2.