Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2691: Is it possible to use Centrify's SSH package without overwriting Solaris binaries?

Centrify DirectControl ,  

12 April,16 at 11:08 AM

Applies to: Centrify DirectControl 4.4.x on Solaris 10 (using zones)
 
Question:
 
A Centrify client has been deployed on a Solaris global zone with Centrify OpenSSH. 
 
When building with a local full zone, /usr/bin/scp binary didn't get installed although SUNWsshu had been installed. 
This problem is only experienced on the Centrify enabled servers. 
 
It is assumed when installing Centrify SSH into a global zone, Centrify overwrites the Solaris /usr/bin/ssh binaries with the link:
 
  /usr/bin/ssh -> /usr/share/centrifydc/bin/ssh
 
Therefore when creating a Solaris local zone, Solaris is unable to create the /usr/bin/ssh binary in a local zone because it no longer exists. 
 
How can Centrify OpenSSH coexist with the Solaris SSH client without destroying the Solaris SSH binaries? 
 
Additional info:
 
bash-3.00# pkgchk -l SUNWsshu|egrep scp
       SUNWpcu        SUNWscplp      SUNWfmd        SUNWefcu SUNWtftp
       SUNWtnetc      SUNWscpu       SUNWlibCf      SUNWusbccid SUNWless
       SUNWpcu        SUNWlocalecreatorSUNWtftp     SUNWtnetc SUNWscpu
 
Pathname: /usr/bin/scp
       SUNWscpu       SUNWlibCf      SUNWusbccid    SUNWcpcu SUNWfss
 
bash-3.00# ls -l /usr/bin/scp
/usr/bin/scp: No such file or directory
 
bash-3.00#
 
Answer:
 
1) This is very environment-specific: The requirement was to use a Centrify OpenSSH server, but keep using the default SSH client utils. Both Solaris and Redhat needs to be modified.
 
2) This is Solaris 10 only issue: Renaming and replacing the default ssh client binaries with symlinks pointing to Centrify's own binaries don't get registered these changes in the package manager. This means new zones created after installing cdc-openssh (with -G option) will result in symlinks pointing to null locations.
 
 
Customers running into this issue should contact Support for a special build which fixes this issue. 
 
Before installing, run the behavior trigger command:

(For versions prior to 5.1.x)
touch /var/tmp/CENTRIFY_KEEP_ORG_SSH
 
(For versions 5.1.x and above)
touch /var/centrifydc/tmp/CENTRIFY_KEEP_ORG_SSH
touch /etc/centrifydc/CENTRIFY_KEEP_ORG_SSH
 
** If the /var/centrifydc/tmp does not exist, create it manually **
Then install the package as normal. 
 
This is fixed in Centrify DirectControl 5.1
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.