William Wingert

Centrify and Qualys authentication

Discussion created by William Wingert on Apr 8, 2015
Latest reply on Apr 13, 2015 by Martin Walker

Thought I'd share this as I've spent the last few days tracking down why authentication was not working the way we expected.

 

Our organization uses Centrify to manage privileged authentication and use it for access to AIX and various flavors of Linux. Our Linux authentication worked, AIX didn't. It turns out that Centrify replaces sudo with dzdo so the "sudo su -" that Qualys uses to elevate itself when authenticating, especially in Policy Compliance scans, fails because sudo no longer exists.

 

We "fixed" it by linking dzdo to sudo with "ln -s /usr/bin/dzdo /usr/bin/sudo"

 

If someone else has a better method, please share, but hopefully this will help someone else out who runs into this issue.

 

Bill W.

Outcomes