Authorizing password check out
To enable a service user account running a script on a client computer to access the password for a service user account on a server, you must add the client service user account to the list of accounts that have access to the system or to a role with the Agent Auth permission to enable that service user to authenticate using the Centrify Client.
To add the client service user and set the permissions:
- Open the administrative portal from the account name menu.
- Click Resources > Systems to select the server system (centos-6) with the account—such as the local root account—the client service user (sles12$) needs to access.
- Select the local account for the server system.
For example, select the root account for the centos-6 computer to display the account details.
-
Click Permissions, then click Add to add the service user that needs to check out the password for the account on the system.
-
Type a search string to locate the client service user account.
-
For example, if the service user for client computer where the script will run is sles12$@cpubs.net, you might type sl to find the account.
-
Select the appropriate account in the results, then click Add.
-
Select the Checkout permission to allow this account to retrieve the stored password.
-
Click Save.
For details about the command‑line options for the cgetaccount command, type --help as a command-line option or display the man page.