Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2835: DirectAudit 3.x and /etc/nsswitch.conf

Centrify DirectAudit ,  

14 February,17 at 11:22 PM

Applies to:

DirectAudit 3.x on all platforms except AIX

 
Question:
 
Why is "centrifyda" added to the password line in /etc/nsswitch.conf in DirectAudit version 3.x when DirectAudit is enabled?

 
Answer:
 
1) In prior releases, symbolic links were created to enable auditing on a shell-by-shell basis. 
 
2) In DirectAudit version 3.x, a new NSS module was added; centrifyda, so that all the stdin/stdout for the user's login shell can be intercepted. 
 
3) When enabling audit, centrifyda is placed in front of centrifydc in /etc/nsswitch.conf
 
To enable auditing on a UNIX computer:
 
A) Log on as a user with root privileges.
 
B) Run dacontrol with the -e option:
 
  dacontrol -e
 
C) Run dacontrol again to verify that auditing has been enabled.
 
  dacontrol
  DirectAudit NSS module: Active
 
Note: 
 
Be aware of the parameter autofix.nss.conf (set to true) in /etc/centrifyda/centrifyda.conf. 
This specifies whether the dad process fixes /etc/nsswitch.conf automatically if anything goes wrong.
 
true  : Fixes /etc/nsswitch.conf automatically.
false : Leaves /etc/nsswitch.conf as is.
 
If customer would like to disable Centrify DirectAudit from editing /etc/nsswitch.conf file, follow these steps:
  • Edit /etc/centrifyda/centrifyda.conf and set below parameter to ‘false’:
    • autofix.nss.conf: false
  • Save the file, then run 'dareload'
  • Run 'dacontrol -e'
  • Make any additional changes to nsswitch.conf for your environment
  • From this point onwards, the DirectAudit daemon will not monitor and try to modify the file

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles