Configuring duplicate audit session cleanup

Sometimes the auditing service records duplicate sessions if your auditing installation includes one or more UNIX computers where both of the following situations occur:

  • The DirectAudit agent is installed.
  • A user can log in to the computer from the Admin Portal and the cloud tenant is enabled for auditing.

To avoid this situation, add the following environment variable to your /etc/centrifydc/ssh/sshd_config file:

AcceptEnv centrify_cip_da_data

Note that the above /etc/centrifydc/ssh/ path applies if you're using the Centrify OpenSSH server. If you're using a different SSH server, the file path may be different-- so be sure to update the appropriate SSH daemon configuration file for your system.

With the environment variable set, the agent uses that to verify the SSH public key of the associated tenant. That way the auditing service can determine which sessions are duplicated and remove them. Also, the agent on the UNIX computer will no longer record sessions that originate from the Admin Portal on the same computer.