If we run the CLI commands using these user accounts, will the commands be considered "login" activities and prevent the users from getting disabled by the global setting?
Release : Any PAM release as of July 2019.
Component : PRIVILEGED ACCESS MANAGEMENT
Running a remote CLI command is considered a login activity and will prevent a user from getting disabled as inactive.
This implies that a remote CLI command will fail if the user is disabled in PAM already.