Applies to: DirectAuthorize on All Platforms
Question:
How can dzdo be setup to prompt a password for aduser?
Answer:
1. Define the Right in the Zone
Right-click > Definition -> Commands -> General.
Enter a name, e.g.: 'root_any_command', in the 'Attributes' tab set 'Authentication required' and check the box 'User's password'
2. Create a Role Definition in the Zone.
Right-click 'Role Definition' and select 'Add Role', in this example; "test dzdo" (see snapshot 'define-role-dzdo').
Select 'test dzdo' right-click and select 'Add Rights', select 'root_any_command' defined from step 1.

3. Role Assignment
Right-click and select 'Add User' (in this example, 'lroth' is the aduser) and assign a login role and "test dzdo" role.
4. On the *nix host, verify by running the following commands: # adflush -a
( -a removes direct authorize information from the authorization store cache )
# dzdo <aduser>
# dzdo <aduser> -A
Using Putty (or any other tool), test the login to the *nix machine as the <aduser> and run:
$ dzdo vi /etc/shadow
***** Sample test on a *NIX host when ADuser logs in and edits the shadow file, it should prompt for a password. *****
Last login: Tue Jan 8 02:11:34 2013 from 172.27.21.184
lroth@ppai5-ubuntu:~$ dzdo vi /etc/shadow
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password Please:
lroth@ppai5-ubuntu:~$ dzdo vi /etc/shadow
Password Please:
lroth@ppai5-ubuntu:~$ id
uid=121636071(lroth) gid=121636071(lroth) groups=121636071(lroth)
lroth@ppai5-ubuntu:~$