Home Centrify Resource Center Active Directory Integration Solutions

Active Directory Integration Solutions for UNIX, Linux and Mac OS

Centrify provides a variety of Active Directory integration solutions for web applications, storage systems, remote access tools, Open Source software, UNIX account migration, and more. In some cases, Centrify provides additional modules or enhanced versions of Open Source software that work seamlessly with DirectControl-managed systems. In other cases, Centrify provides application notes that show how to configure popular third-party applications for Active Directory authentication or other services, along best practice documentation and other resources. You can scroll down this page to view all solutions, or choose from the following drop-down menu to see just the solutions in a particular category.

Show:  

 

(Select from the list to see a specific category.)


Apache HTTP Server

Solution Requirements
Provide Active Directory-based single sign-on for web applications running on the Apache web server.
Resources Provided
Centrify DirectControl for Apache delivers Active Directory-based web single sign-on for both intranet and extranet applications.

Apache Tomcat

Solution Requirements
Provide Active Directory-based single sign-on for applications running on Apache Tomcat.
Resources Provided
Centrify DirectControl for Apache Tomcat delivers Active Directory-based web single sign-on for both intranet and extranet applications.

Apple Remote Desktop

Solution Requirements
In organizations where the IT department must centrally manage a large number of Mac systems, Apple Remote Desktop is commonly used to install software on one or more remote Mac OS systems. Software must be correctly packaged in order to be deployed via Apple Remote Desktop.
Resources Provided
Centrify DirectControl has been packaged for easy deployment using Apple Remote Desktop. Centrify provides an application note with deployment instructions.

Automounted UNIX Home Directories

Solution Requirements
The goal is to build a solution solving the scenario that requires mapping UNIX users' home directories to a remote shared directory on a Windows server leveraging Active Directory.
Resources Provided
This Application Note shows you how to set up Microsoft's products and DirectControl so that these two solutions share the same Active Directory-based identity space for resolving user and group information.

BEA WebLogic

Solution Requirements
Provide Active Directory-based single sign-on for applications running on BEA WebLogic.
Resources Provided
Centrify DirectControl for BEA WebLogic delivers Active Directory-based web single sign-on for both intranet and extranet applications.

Celestial Software AbsoluteTelnet/SSH

Solution Requirements
Celestial Software's AbsoluteTelnet/SSH enables Windows users to remotely access UNIX computers. The requirement is to enable secure, Active Directory-based authentication via AbsoluteTelnet.
Resources Provided
This Application Note provides configuration details to enable secure, Kerberized access to DirectControl-managed systems.

Centralized Mac Home Directories with ExtremeZ-IP

Solution Requirements
The goal is to centralize the storage of Mac user home directories on a Windows server to ensure proper data security and backup policies are applied.
Resources Provided
This application note describes how to configure both DirectControl and ExtremeZ IP to enable users to log in to an OS X system with their Active Directory user ID and password to gain access to their home directory stored on a Windows server.

DirectAudit Reports for Reporting Services

Solution Requirements
Centrify DirectAudit helps you comply with regulatory requirements, perform in-depth troubleshooting, and protect against insider threats for your UNIX and Linux systems. DirectAudit's query-style interface and session-replay features enable IT auditors to search for specific commands and see exactly what changes a user made and what session output occurred. In addition to these querying and real-time monitoring features, IT auditors also need the ability to define reports — for example, a weekly report of activity across a set of computers. DirectAudit stores session data in a SQL Server database, and this open, nonproprietary format enables you to use third-party tools such as Microsoft SQL Server 2005 Reporting Services to easily define reports.
Resources Provided
Centrify provides an Application Note that describes how to use Microsoft SQL Server 2005 Reporting Services to generate several standard reports based on the session data that DirectAudit records. The Application Note is accompanied by a set of Report Definition Files that can be used to set up a set of basic reports. The DirectAudit Reports for Reporting Services package is available free of charge in the Centrify Download Center for customers and for those evaluating Centrify Solutions.

EMC Celerra Network Server

Solution Requirements
EMC Celerra Network Servers enable enterprises to provide a highly available and scaleable data storage service that simultaneously supports multiple client access protocols, including NFS, CIFS and iSCSI. Although multiprotocol support makes it easy for these servers to support different operating systems, it also means that the same user may be logged in to these different operating systems while trying to gain access to files.
Resources Provided
Centrify provides a mechanism for centrally managing the mapping of the user's Active Directory account to an appropriate UNIX identity in order to grant access. This mapping mechanism ensures that users in a multiprotocol environment are granted the proper permissions regardless of how they access files.

Hummingbird Host Explorer

Solution Requirements
Hummingbird Host Explorer enables Windows users to remotely access UNIX computers. The requirement is to enable secure, Active Directory-based authentication via Host Explorer.
Resources Provided
This Application Note provides configuration details to enable secure, Kerberized access to DirectControl-managed systems.

IBM WebSphere

Solution Requirements
Provide Active Directory-based single sign-on for applications running on IBM WebSphere.
Resources Provided
Centrify DirectControl for IBM WebSphere delivers Active Directory-based web single sign-on for both intranet and extranet applications.

Identity Management & Provisioning Systems

Solution Requirements
When evaluating enterprise software solutions, IT organizations that have invested in Identity Management Systems must carefully examine the ease with which the new software can be integrated. Centrify DirectControl complements Identity Management Systems, and readily integrates with both Agent-based and Agentless architectures. Using DirectControl reduces the provisioning complexity associated with databases and web servers, and Centrify's patent-pending Zone technology simplifies management of UNIX, Linux and Mac computers.
Resources Provided
Centrify's "Integrating Centrify DirectControl with Identity Management Systems" white paper provides specific examples of how to integrate Centrify DirectControl with commercial off-the-shelf Identity Management Systems. It demonstrates how to handle common Identity Management events and discusses how DirectControl can simplify provisioning tasks and strengthen security when used in an environment that includes LDAP-based systems, databases, and portal servers.

JBoss AS

Solution Requirements
Provide Active Directory-based single sign-on for applications running on JBoss Application Server (JBoss AS).
Resources Provided
Centrify DirectControl for JBoss AS delivers Active Directory-based web single sign-on for both intranet and extranet applications.

Kerberos Tools

Solution Requirements
The MIT Kerberos Tools are Open Source utilities that enable administrators to securely access remote UNIX systems.
Resources Provided
Centrify provides a version of the MIT Kerberos Tools that have been recompiled so that they work seamlessly with DirectControl-managed systems. The download package also contains an Application Note with instructions.

Microsoft Active Directory Federation Services (ADFS)

Solution Requirements
Leverage Microsoft ADFS to provide web single sign-on (SSO) to non-Microsoft server platforms.
Resources Provided
DirectControl for Microsoft ADFS provides a web SSO agent that extends ADFS services to applications running Apache and popular J2EE web servers, including IBM WebSphere, BEA WebLogic, JBoss, and Tomcat.

Microsoft Identity Integration Server (MIIS)

Solution Requirements
MIIS provides a robust, rules-based identity provisioning and synchronization service that can be used to automate the account creation, management and removal process for new employees. Customers using DirectControl for user authentication on non-Windows systems will want to integrate DirectControl into MIIS so that a user can be provisioned automatically for access to all systems and applications throughout the environment.
Resources Provided
DirectControl Extensions for MIIS provides a Management Agent that enables MIIS to programmatically provision a user's UNIX identity within a DirectControl Zone, which is stored within Active Directory. DirectControl will auto-create a user's home directory on first login, which enables centralized account management and access control without having to connect to the remote UNIX system prior to user login. By combining MIIS with DirectControl, you can automate the provisioning of a user's access to Windows and UNIX systems as well as provide a secure environment in which the user will have only one account, one password, one place to manage their password, enforce a common AD based password policy and in most cases provide single sign-on access to these UNIX systems. The DirectControl Extension for MIIS is licensed as part of the DirectControl SDK. It is available to customers and those evaluating DirectControl who have a login account for the Centrify Download Center.

Microsoft Services for NFS

Solution Requirements
Microsoft Services for NFS enables UNIX clients to access Windows file shares. The goal is to provide Active Directory-based access through DirectControl.
Resources Provided
This Application Note shows you how to set up Microsoft's products and DirectControl so that these two solutions share the same Active Directory-based identity space for resolving user and group information.

Network Appliance (NetApp) Filers

Solution Requirements
NetApp storage systems help enterprises to provide a highly available and scaleable data storage service that delivers a higher level of data protection at a much lower cost of ownership. However, in a mixed environment where both Windows and UNIX systems need to access common files or directories, there is a need for a common security model to control access.
Resources Provided
Centrify DirectControl provides an identity mapping mechanism centrally managed within Active Directory that links a user's Windows account to a UNIX profile containing the user's UNIX account attributes. This mapping can then be used by the NetApp server to provide consistent ownership and access rights to files and directories accessed by the user.

Network Information Service (NIS)

Solution Requirements
The Centrify DirectControl NIS Service enables UNIX admins to securely store, distribute, and deploy NIS maps through Active Directory, ensuring that all systems within a Zone share a common set of maps. The goal is to enable systems that need specific NIS functionality, such as automount map information, to continue to function but to be serviced through the centralized Active Directory system rather than a separate NIS service infrastructure.
Resources Provided
Documentation that provides detailed instructions on how to set up NIS maps in Active Directory and configure NIS clients to use Centrify DirectControl.

OpenSSH

Solution Requirements
OpenSSH is a popular Open Source utility that enables administrators to access remote UNIX systems.
Resources Provided
Centrify provides a version of OpenSSH that have been recompiled so that it works seamlessly with DirectControl-managed systems. The download package contains an installer and documentation.

PuTTY

Solution Requirements
PuTTY is a Windows-based application that enables administrators to access remote UNIX systems. The goal is to provide Active Directory-based single sign-on.
Resources Provided
Centrify provides a version of PuTTY that have been modified so that it works seamlessly with DirectControl-managed systems. The download package contains an installer and documentation.

Quest ActiveRoles Server

Solution Requirements
Quest ActiveRoles Server supports provisioning and administration of Active Directory accounts and other resources such as Exchange mailboxes and home directories.
Resources Provided
DirectControl Extensions for Quest ActiveRoles Server provides the required interface extensions to enable ActiveRoles Server to properly manage access permissions, delegation and audit trails for UNIX profiles that are managed within Active Directory. The extension fully supports users who may have multiple UNIX profiles defined for different Zones of UNIX computers. By integrating DirectControl with ActiveRoles Server, you extend its management functions to include UNIX, Linux and Mac platforms. The DirectControl Extension for Quest ActiveRoles Server is licensed as part of the DirectControl SDK. It is available to customers and those evaluating DirectControl who have a login account for the Centrify Download Center.

Samba

Solution Requirements
Samba is a popular Open Source product that enables Windows users to access file shares on a UNIX server by binding to Active Directory in order to authenticate. Since Samba does not have a centrally managed UNIX identity management solution, this results in a situation where users are assigned different settings for attributes such as their UID, from one server to the next.
Resources Provided
DirectControl for Samba centrally controls user identity mapping across all servers that are joined to the Active Directory domain to ensure proper file system access controls.

SecureCRT

Solution Requirements
SecureCRT from VanDyke Software enables Windows users to access remote UNIX systems. The need is to provide Active Directory-based access through DirectControl.
Resources Provided
This Application Note guides you through the configuration of SecureCRT in order to seamlessly access a DirectControl-managed UNIX system using Kerberos and SSH.

SSH Tectia

Solution Requirements
Tectia from SSH enables secure system administration, secure file transfer and secure application connectivity with centralized management throughout the internal and external network. DirectControl enables Active Directory-based authentication for single sign-on through SSH.
Resources Provided
Centrify provides a version of OpenSSH that have been recompiled so that it works seamlessly with DirectControl-managed systems. The download package contains an installer and documentation.

UNIX Migration Planning Resources

Resources Provided
The following technical videos and white papers will help you understand the issues and the various options that DirectControl provides for storing this information in Active Directory.

UNIX Generic and Service Account Management with Active Directory

Solution Requirements
Generic accounts are commonly used to enable UNIX administrative staff to log on to a computer system and perform specific operations using the account identity and permissions of the generic account. While using generic accounts is a simple way to manage specific services, they represent a significant risk in terms of both access control and IT auditing. There is no easy way to manage who can access these accounts or to provide an audit trail showing which administrator used the account to take a specific action.
Resources Provided
Centrify provides an application note that shows how Centrify DirectControl and Active Directory can be used to control both the password of generic accounts and an administrator's access to a specific computer system or group of systems. It shows how administrators can be granted the appropriate permissions to execute the privileged operations normally run by the generic account without requiring generic accounts to exist.

UNIX Namespace Rationalization with DirectControl’s adfixid Command

Solution Requirements
The adfixid tool enables administrators to change the UNIX namespace used within the file system of a UNIX computer joined to Active Directory. This command aligns the UNIX namespace on that computer with a centrally defined and typically globally unique UNIX namespace (often referred to as a rationalized namespace) as represented by the DirectControl profile within Active Directory.
Resources Provided
The adfixid command changes the ownership of local files and directories to match the user and group namespace defined by the DirectControl Zone that the computer has joined. This tool compares the local password database with the password entries managed within the Zone to find user accounts with conflicting UID and GID assignments. It can report on files that need to be changed, or it can update the ownership of files as required and also track the changes made to the file system. The adfixid command also provides the ability to roll back changes that it has made to the file system if required. It is included in the DirectControl system Agent installation packages, which are available to customers and those evaluating DirectControl who have a login account for the Centrify Download Center.

Web Application Single Sign-On Fundamentals

Resources Provided
This technical video will give you a solid understanding of what it takes to authenticate non-Microsoft web platforms via Microsoft Active Directory. It also covers Microsoft's ADFS technology for federated identity management.

WRQ Reflection for Secure IT

Solution Requirements
Reflections for Secure IT from AttachmateWRQ enables Windows users to access remote UNIX systems. The need is to provide Active Directory-based access through DirectControl.
Resources Provided
Centrify and SSH have tested and verified interoperability of their respective solutions on all platforms they share in common. This Application Note provides more details concerning this interoperability.

WRQ Reflection for UNIX

Solution Requirements
Reflections for UNIX from AttachmateWRQ enables Windows users to access remote UNIX systems. The need is to provide Active Directory-based access through DirectControl.
Resources Provided
This Application Note guides you through configuring and connecting to a DirectControl-managed UNIX computer using Reflections for UNIX from a Windows computer.