Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-44113: Logging in to a Centrify Client Machine When the Tenant is Unreachable

Privileged Access Service ,  

4 December,20 at 05:05 PM

Question: In the event that a Centrify tenant is unreachable or during an internet/WAN outage, what does Centrify recommend to keep a Centrify Client (CClient) available for login?


Answer: If a tenant is unreachable, the Centrify Client for Windows can still be accessible via the offline OTP. In order to generate the offline OTP, users must have "Offline Rescue" permissions on the system. OTP would protect all system logins, even for local accounts. For local accounts this can be turned off with a registry setting.

On Linux (Centrify Client for Linux) there is no OTP, users just have to be in the local system cache. For Linux machines, if the tenant went off line, the root account would have to disable MFA and then users in the cache can login with password only. When the tenant is back on-line, root would have to re-enable MFA. The command to disable MFA is the following:


# cedit -s pam.mfa.disabled:true

Then restart cclient (# service cagent restart)