Access rights defined in the UNIX Login role
The predefined UNIX Login role is configured by default to allow users to log on locally with a password, connect remotely to a computer without being prompted for a password, and access the standard shell environment. The UNIX Login role is also configured to allow users to access all PAM-enabled applications in their environment. The UNIX Login role grants access to PAM-enabled applications through a predefined login‑all PAM access right.
For most users and organizations, the default settings in the UNIX Login role make the user experience consistent before and after deploying the Centrify agent and joining an Active Directory domain. Users can log on and use the shell environment and applications in the same way they did before the deployment of the Centrify agent.
The predefined UNIX Login role and predefined login‑all PAM access right are available by default in every zone. Depending on your requirements and policies, you can assign the UNIX Login role to all Active Directory users or to specific Active Directory users and groups. You can also choose whether to assign the UNIX Login role in parent or child zones to control where different groups of users can log on to Linux and UNIX computers.
Users must have both a complete identity profile and at least one role assignment that grants access before they can log on to any Centrify-managed computer. If you don’t use the UNIX Login role, you must create at least one custom role definition that provides similar functionality.