Specify User Names to Ignore

You can enter the list of local user names that aren't stored in Active Directory and separate each name with a space. The service will then use this list to disable looking up Active Directory account information for the specified users. Ignoring this list of users results in faster name lookups for system user accounts, such as tty and disk.

You can also specify a file that lists the usernames by entering the file: keyword and a file location. For example:

file:/etc/centrifydc/user.ignore

When you enable this policy, you can select the location where the user name list is populated. The default setting is "Populate user names to centrifydc.conf".

If you select "Populate user names to centrifydc.conf", this group policy modifies the nss.user.ignore and pam.ignore.users settings in the DirectControl configuration file (centrifydc.conf).

If you select "Populate user names to user.ignore", this group policy modifies the nss.user.ignore and pam.ignore.users settings in centrifydc.conf as "file:/etc/centrifydc/user.ignore", and populates all configured user names to the user.ignore file. If you enter the file: keyword and a file location instead of the list of user names, this group policy restores the ignore file /etc/centrifydc/user.ignore with the local list.

The selection of the populating location was added after DirectControl Agent version 5.6. If you're using version 5.5 or earlier, the agent ignores the population location setting and populates the user names to centrifydc.conf.