Applies to: All version of Centrify DirectAudit
On Solaris 11.x or above, there is a shell called pfbash located in /bin, if users set this shell as their default shell, they will fall into emergency shell during login as this shell is not listed in /etc/shells.
Solaris does not have /etc/shells by default and it is generated by Centrify.
Centrify Direct Audit calls the OS function getusershell() if it exists. In most cases, it just returns the entries in /etc/shells.
However, note the following special implementation of getusershell() in Solaris:
If /etc/shells does not exist, the following locations of the standard system shells are used in its place:
Centrify DirectAudit checks if the file returned from the function exists or not, pfbash is NOT in this list and therefore, /etc/shell will not include this shell for auditing.
- Disable audit by running: dacontrol -d
- Manually append the /bin/pfbash into /etc/shells file
- Enable audit by running: dacontrol -e
- Once done, check if /bin/cdax/pfbash is created
- If so, try login as the affected user again