Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3051: How to force dzdo or sudo to re-authenticate an AD user after re-login?

Authentication Service ,  

12 April,16 at 11:09 AM

Applies to: Centrify DirectControl version 5.1.0 and above on all platforms

Question:

How to force dzdo or sudo to re-authenticate an AD user after a re-login?


Answer:

Starting in DirectControl 5.1.0 release, there are 2 new parameters in /etc/centrifydc/centrifydc.conf that will clear the dzdo/sudo password timestamp on logout if set to true:
 
adclient.sudo.clear.passwd.timestamp: true
adclient.dzdo.clear.passwd.timestamp: true

These 2 parameters can also be applied with the following group policies: 
"Computer Configuration"
-> "Centrify Settings"
  -> "DirectControl Settings"
    -> "Dzdo Settings"
       -> "Force dzdo re-authentication when relogin"

"Computer Configuration"
-> "Centrify Settings"
   -> "DirectControl Settings"
     -> "sudo Settings"
       -> "Force sudo re-authentication when relogin"

Related Articles

 articleKB-3925: How to add Centrify parameter to a group policy