To enable a service user account running a script on a client computer to access the password for a service user account on a server, you must add the client service user account to the list of accounts that have access to the system or to a role with the Agent Auth permission to enable that service user to authenticate using the Centrify Client.
To add the client service user and set the permissions:
- Open the administrative portal from the account name menu.
- Click Resources > Systems to select the server system (centos-6) with the account—such as the local root account—the client service user (sles12$) needs to access.
- Select the local account for the server system.
For example, select the root account for the centos-6 computer to display the account details.
Click Permissions, then click Add to add the service user that needs to check out the password for the account on the system.
Type a search string to locate the client service user account.
For example, if the service user for client computer where the script will run is email@example.com, you might type sl to find the account.
Select the appropriate account in the results, then click Add.
Select the Checkout permission to allow this account to retrieve the stored password.
For details about the command‑line options for the cgetaccount command, type --help as a command-line option or display the man page.