Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0656: DirectControl agents and AppArmor on SuSE

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:45 AM


How to get DirectControl agents to work with AppArmor enabled.


AppArmor is an application security tool included with OpenSuSE
10.x that uses profiles to define what resources applications can
access. For DirectControl to work with OpenSuSE 10.x you need to
either disable AppArmor or create a profile. The centrifydc profile is included
with DirectControl 4.0.  For previous versions you will need to create a file called:


with the following contents:

# Copyright (c) 2007 Centrify Corporation. All Rights Reserved.

/var/centrifydc/daemon rw,
/var/centrifydc/daemon2 rw,
/etc/centrifydc/* r,
/proc/*/stat r,

Then the file should be added to the following files:


by adding the following lines:

# DirectControl name service and authentication
#include <abstractions/centrifydc>

Finally, you should restart AppArmor and nscd with the following:

rcapparmor restart
rcnscd restart

- Using root@localhost with ftp

To use root@localhost to log in via ftp to a SuSE Linux 10
computer, the SuSE 10 computer should be running vsftpd, not
pure-ftpd. Pure-ftpd does not support logins by root@localhost.


To check if AppArmor is running or not on the machine, run the command: aa-status

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles