Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1323: /etc/security/limits are not being enforced for Centrify zone-enabled users on AIX

Authentication Service ,  

12 April,16 at 11:06 AM

Applies to: Centrify DirectControl 4.2.0 on all supported versions of AIX.

Problem:
/etc/security/limits are not being enforced for Centrify zone-enabled users.

Cause:
adclient should have taken defaults from /etc/security/limits and /etc/security/user, but it does not. Instead it uses its own defaults.

Workarounds:
1) Define these attributes in Active Directory for zoned users via adupdate.

Add, delete, or modify the value of an extended attribute for the user. Typing a plus sign (+) before the attribute name adds the extended attribute if it doesn't exist. Typing a minus sign (-) before the attribute name removes the attribute, if it exists. For example, to set the value of the extended attribute aix.rlogin:

adupdate modify user -X +aix.rlogin=true jae

Once you have finished changing attribute values, run adflush.

Note: Extended attributes are only applicable on AIX computers. You can use adquery with the help keyword to view a list of the supported extended attributes. For example: adquery user --extattr help

OR

2) Specify the defaults in centrifydc.conf. The aix.attr.xxx parameters were not documented, so here are all the parameters that are supported and can be added to centrifydc.conf:

aix.user.attr.admin
aix.user.attr.admgroups
aix.user.attr.daemon
aix.user.attr.rlogin
aix.user.attr.su
aix.user.attr.sugroups
aix.user.attr.tpath
aix.user.attr.ttys
aix.user.attr.umask
aix.user.attr.fsize
aix.user.attr.core
aix.user.attr.cpu
aix.user.attr.data
aix.user.attr.rss
aix.user.attr.stack
aix.user.attr.nofile

Once you set these parameters in centrifydc.conf; run adreload. The support for the above parameters is included in DirectControl 4.2 and later.

Resolution:
This will be fixed in future release of Centrify DirectControl.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III