Red Hat Linux, CentOS, Oracle Linux, HP-UX, AIX, SUSE Linux, Ubuntu
Centrify Infrastructure Services
How To Configure PAS Automatic Password Reconciliation for Local Accounts?
Question: How To Configure PAS Automatic Password Reconciliation for Local Accounts?
1. Go to Resources -> Resources Profiles -> Add Profile
Note: Scripting option is based on your scripting preference, attached to this KB is a example of such a script. For more details about using a custom script, please check our product documentation site https://docs.centrify.com/Content/Infrastructure/resources-add/writing-custom-script.htm. Please be aware that custom scripts are not supported by Centrfiy Support.
2. Go to System -> Add System and make sure to point the System Type to a resource profile that was created previously.
3. A local administrative account is required to be set in the Unix system
4. It is required to enable automatic maintenance on the Unix system in PAS.
5. Run a report to make sure the local account is being managed by PAS (optional) Go to Reports and create a custom report that checks if local account is being managed successfully. Below is the sql query that can be used to create this custom report. SELECT VaultAccount.User, VaultAccount.Status, VaultAccount.IsManaged, VaultAccount.LastChange, VaultAccount.MissingPassword, VaultAccount.NeedsPasswordReset, VaultAccount.PasswordResetLastError, VaultAccount.PasswordResetRetryCount FROM VaultAccount
6. Test the login with a local user for that Unix system.
7. Set the local root account as an Admin Account in case the password reconciliation goes out of sync for the local accounts
In activity, it will show the confirmation message that root account is not set up as Admin Account
Base on preference, if you decide to switch to a different local account as Admin Account, this can be done by selecting Clear as Admin Account and Set As Admin Account with a different local account.
Below are the operating systems and shells that are supported right now.