If the Centrify Agent can successfully connect to an Active Directory domain controller, it performs a series of key tasks to complete the join operation. For example, during the join operation, the adjoin program completes the following tasks:
- Starts the Centrify Agent for *NIX adclient process.
- Checks whether a computer account already exists for the local computer in Active Directory. It creates a new Active Directory computer account for the local computer, if needed.
- Sets the password on the Active Directory computer account to a randomly-generated password. The password is encrypted and stored locally on the UNIX host to ensure that only the Centrify Agent has control of the account.
- Updates the Kerberos service principal names used by the host computer, generating new a Kerberos configuration file and krb5.keytab entries, and generating new service keys for the host and http services.
- Synchronizes the local computer’s time with Active Directory to ensure the timestamps for Kerberos tickets are accepted for authentication.