Configuring a password synchronization service
The Centrify Network Information Service must be able to retrieve the current password hash for zone users in order for it to respond to agentless authentication requests from NIS clients. Active Directory, however, does not generate a password hash for users by default. This task is handled by the password synchronization service.Therefore, to generate the password hash for zone users, you first need to install a password synchronization service.
You can install the password synchronization service with the authentication, privilege elevation, and audit and monitoring services or separately using a standalone setup program. Once deployed, it ensures the passwords served by the Centrify Network Information Service are always up-to-date. With a password synchronization service, any time users change their Active Directory password, the corresponding password hash in their user profile is updated to reflect the change. Depending on your environment, you can choose to install one of the following:
- Centrify Password Synchronization program
- Microsoft Windows Services for UNIX Password Synchronization Service
- Microsoft Windows UNIX Identity Management Service
Note: Regardless of the password synchronization service you choose to use, the service must be installed on all domain controllers in the Active Directory domain where you are enabling agentless authentication.