Note: The login is into registered machines that have a Centrify Client running. Login, used in this context, is the login role.
The UNIX and Windows Server login policy dictates how you are authenticated in the system. If you do not have a valid authentication profile set up, you will be denied login. You can disable the MFA requirement for login by setting the parameter
pam.mfa.enabled to false in
To enable MFA for Centrify Client for Linux
- Enroll the Linux/UNIX machine into Privileged Access Service with
agentauthfeature permission enabled. At the command prompt on the Linux/UNIX machine, type the following command:
sudo cenroll --tenant abc0123.my.centrify.net --user email@example.com --features aapm,agentauth -l login -V.
Note: If you want to log in through MFA, you must have the
agent auth permission on the registered machine. This permission can be granted directly, or you can make the user a member of a role with the
agent auth permission granted (for example, one specified by a
cenroll -l option).
- Validate your user by running the
user@user1:~$ getent passwd genericpassword
Note: If you are enabling MFA for a user, that user must have valid
Authentication profile set through the policy and/or role settings in the Admin Portal.