LFCS Question #184: Real Exam Question with Answer & Explanation

The correct answer is A: ad. To enable pam_ldap to change user passwords within an Active Directory environment, the pam_password parameter must be set to ad. This instructs pam_ldap to use Active Directory's specific password modification protocol.

Submitted by jian89· Apr 18, 2026User and Group Management

Question

In order for pam_ldap to be capable of changing a user's password in Active Directory, the pam_password parameter must be set to

Options

Aad
Bwin
Cactive_directory
Dldap

Explanation

To enable pam_ldap to change user passwords within an Active Directory environment, the pam_password parameter must be set to ad. This instructs pam_ldap to use Active Directory's specific password modification protocol.

Common mistakes.

B. win is not a recognized or documented value for the pam_password parameter in pam_ldap for Active Directory integration.
C. While conceptually correct, active_directory is not the specific keyword used for the pam_password parameter; ad is the correct, recognized abbreviation.
D. Setting pam_password to ldap would instruct pam_ldap to use the generic LDAP password change operation, which is typically incompatible with Active Directory's specific password modification protocol.

Concept tested. pam_ldap Active Directory password changes

Reference. https://linux.die.net/man/8/pam_ldap

Topics

#PAM#LDAP#Active Directory#Password Management

Community Discussion

No community discussion yet for this question.

Full LFCS Practice Browse All LFCS Questions