30 April,20 at 02:01 PM
Applies to: All versions of Centrify DirectControl on RedHat 6.x/7.x platforms
Question:
Does Centrify have any recommendations for the following Redhat Knowledge Base article - System unresponsive after Centrify's authentication suite daemon (adclient) crashes: https://access.redhat.com/solutions/1575493
Is there a way to tell abrt to exclude Centrify adclient from its list?
Answer:
Beginning with RHEL6 a new feature was introduced called abrtd process. This feature was designed to facilitate the collection of debug information and has a known conflict with Centrify's watchdog (cdcwatch) process when it tries to kill adclient with SIGABRT.
It is observed that abrtd inadvertently interferes with Centrify's adclient process before it can create a core dump after the adclient process crashes. Once cdcwatch process exceeds the adclient.watch.death.timeout value (Default is 600), cdcwatch gives up and will not restart the adclient process.
This will cause adclient not to be restarted automatically and manual intervention will be required to restart adclient.
Centrify recommends to do the following:
1. Instruct our NSS module to ignore "abrt"
Add "abrt" to the end of the following files:
/etc/centrifydc/user.ignore
/etc/centrifydc/group.ignore
2. Exclude the DirectControl agent from the abrtd process list:
Add "CentrifyDC" to the parameter "BlackList" (comma separated) in /etc/abrt/abrt-action-save-package-data.conf
If the issue regards CentrifyDA dad daemon crashing, also add "CentrifyDA" to the parameter "BlackList" (comma separated) in /etc/abrt/abrt-action-save-package-data.conf
reload abrtd:
service abrtd restart
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions.