12 April,16 at 11:30 AM
Question:
Do zones have any impact on the Kerberos realm structure that AD uses? Are the UNIX systems segregated from a Kerberos perspective from the other clients in the forest?
Answer:
A Centrify DirectControl zone is similar to an Active Directory domain or an NIS domain. Zones allow you to organize the computers in your organization in meaningful ways to simplify
system management and the migration of account information
Zones are nothing but simply a logical grouping of UNIX systems so that user’s local settings can be logically applied based on the Zone that a computer belongs to and the UNIX user’s profile defined for that particular Zone. Zones are not used for any part of the Kerberos environment, which is setup as a client to Active Directory where the AD Domain will control the Kerberos realm.
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
KB-3925: How to add Centrify parameter to a group policy
KB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out?
KB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal?
[Basics] Understanding how Active Directory Functional Levels affect Centrified Systems
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
KB-6040: How to change the license type in use after adclient successful joined to the AD?
Walk-through of procedures for joining *NIX systems to a domain, using Centrify - part 1
[Security Corner] The Sarbanes-Oxley Act and Centrify Server Suite