Migrating scripts from the CLI Toolkit

The Centrify Client replaces the CLI Toolkit, which was available in previous releases from Privileged Access Service and the Centrify Download Center. If you downloaded and installed the CLI Toolkit from a previous release and have scripts that used the commands included in previous package, you might need to modify the scripts to work with the Centrify Client.

Most of the commands included in the client package are the same as the commands included in the CLI Toolkit, but the options supported by each command might be different. In addition, the client package has two new commands—cenroll and cunenroll—that replace the cjoin and cleave commands in the CLI Toolkit. For details about the options supported for each command, see the man page for that command.

To migrate from the CLI Toolkit to Centrify Client for Linux

  1. Run the cleave command to unregister the Linux computers where you have installed the CLI toolkit.

    You can upgrade the CLI toolkit to the client package without removing it from the computer.

  2. Download and install the appropriate Centrify Client for Linux package as described in Downloading and using the Centrify Client for Linux.

    If there are errors, you can review the operation details logged in the /var/log/centrifycc-install.log file.

  3. Upload a publicly-signed certificate for the Linux computer or configure the Linux computer to trust the Privileged Access Service self-signed certificate.

    The Centrify Client for Linux communicates with the Privileged Access Service through HTTPS, which requires a trusted root certificate to be available. By default, Linux computers will not trust the Privileged Access Service self-signed certificate.

  4. Configure optional client settings, such as a web server proxy using parameters in the /etc/centrifycc/centrifycc.conf file.

  5. Run the cenroll command to re-register the Linux computers in the Privileged Access Service after the upgrade by specifying user credentials or an registration code.

    You must specify either all or aapm for the --feature option during registration to use cgetaccount, csetaccount, and cdelaccount commands.

    You can specify an existing system during registration by using the --system-name option to specify the existing system name you want to reuse. However, reusing a system name requires at least one user with sufficient permissions to take over the system. For details about reusing an existing system, see Taking ownership of an existing system.

  6. Configure permissions after registration.