Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2499: How to configure Centrify DirectControl to work with Tectia SSH server

Authentication Service ,  

17 January,17 at 05:04 PM

Applies to:
All versions of Centrify DirectControl on RHEL platform.
Is it possible to configure Centrify DirectControl to work with Tectia SSH server using PAM?
Pluggable Authentication Module is an authentication framework used in Unix systems. In SSH Tectia, support for PAM is enabled as a submethod of keyboard-interactive authentication.
When PAM is used, SSH Tectia Server transfers the control of authentication to the PAM library, which will then load the modules specified in the PAM configuration file. Finally, the PAM library tells SSH Tectia Server whether or not the authentication was successful. SSH Tectia Server is not aware of the details of the actual authentication method employed by PAM, only the final result is of interest. 
The PAM authentication can be enabled by creating a PAM configuration for the service ssh-server-g3
Note: Tectia OpenSSH ( is NOT a Centrify product and so customer should contact the vendor on how to install the product and get it running.
Please follow the steps.
a) Please make sure Centrify is connected and Tectia OpenSSH server is running.
b) There is an xml file attached at the end of this KB article. Please download and save it in the /etc/ssh2 folder on the Centrify server running Tectia SSH server.
c) Navigate to /etc/pam.d and copy the ssh file
$ cp /etc/pam.d/sshd to /etc/pam.d/ssh-server-g3
d) Restart the Tectia SSH server and Centrify DirectControl.
e) Attempt login to Tectia SSH server from a Putty client and it should prompt for credentials:
login as: rsriniva
This server is running on an evaluation license.
It will expire after 44 days.
Using keyboard-interactive authentication.
PAM Authentication
From Centrify: Please enter your Windows password: