Creating classic zones

Classic zones do not support inheritance or overrides and have other limitations in how they support role-based access rights. For example, in classic zones, authorization is disabled by default, and must be consciously enabled on a zone-by-zone basis before any role-based access rights or privileges can be configured or assigned.

You should only create new classic zones if your organization has any of the following requirements:

  • You must support older versions of the Centrify Agent for *NIX.
  • You have a user population with very few or no identity attribute conflicts.
  • You have little or no need to centrally manage access rights and privileges.

If you are using classic zones, you cannot use the local account management feature as described in Managing account profiles and identity attributes

You can configure multi-factor authentication for access to Centrify-managed Linux and UNIX computers and for privileged command execution in classic zones. However, the implementation is slightly different than in hierarchical zones, so some of the steps differ depending on the type of zone where you want to use multi-factor authentication. For details about configuring multi‑factor authentication, see "Preparing to use multi-factor authentication" and the Multi-factor Authentication Quick Start Guide.