Applies to: Centrify DirectControl 4.4.x on Solaris 10 (using zones)
A Centrify client has been deployed on a Solaris global zone with Centrify OpenSSH.
When building with a local full zone, /usr/bin/scp binary didn't get installed although SUNWsshu had been installed.
This problem is only experienced on the Centrify enabled servers.
It is assumed when installing Centrify SSH into a global zone, Centrify overwrites the Solaris /usr/bin/ssh binaries with the link:
/usr/bin/ssh -> /usr/share/centrifydc/bin/ssh
Therefore when creating a Solaris local zone, Solaris is unable to create the /usr/bin/ssh binary in a local zone because it no longer exists.
How can Centrify OpenSSH coexist with the Solaris SSH client without destroying the Solaris SSH binaries?
bash-3.00# pkgchk -l SUNWsshu|egrep scp
SUNWpcu SUNWscplp SUNWfmd SUNWefcu SUNWtftp
SUNWtnetc SUNWscpu SUNWlibCf SUNWusbccid SUNWless
SUNWpcu SUNWlocalecreatorSUNWtftp SUNWtnetc SUNWscpu
SUNWscpu SUNWlibCf SUNWusbccid SUNWcpcu SUNWfss
bash-3.00# ls -l /usr/bin/scp
/usr/bin/scp: No such file or directory
1) This is very environment-specific: The requirement was to use a Centrify OpenSSH server, but keep using the default SSH client utils. Both Solaris and Redhat needs to be modified.
2) This is Solaris 10 only issue: Renaming and replacing the default ssh client binaries with symlinks pointing to Centrify's own binaries don't get registered these changes in the package manager. This means new zones created after installing cdc-openssh (with -G option) will result in symlinks pointing to null locations.
Customers running into this issue should contact Support for a special build which fixes this issue.
Before installing, run the behavior trigger command:
(For versions prior to 5.1.x)
(For versions 5.1.x and above)
** If the /var/centrifydc/tmp
does not exist, create it manually **
Then install the package as normal.
This is fixed in Centrify DirectControl 5.1