This configuration parameter specifies the full path to a script that is executed each time the dzdo command is run. The script is run synchronously under the user’s Active Directory name.

The dzdo command always runs the /usr/share/centrifydc/sbin/dzcheck script before it executes the command specified. However, the distribution package does not include a dzcheck script.

You do not need to create a dzcheck script to use dzdo. You only need to create a script if you want to modify dzdo behavior—for example, to prompt the user to enter some information before executing the command. To incorporate your modification, you would write the script, name it dzcheck and put it in /usr/share/centrifydc/sbin.

Use the dzdo.validator command only if you need to specify a different path or file name. (If you name your script dzcheck and store it at the default location, you do not need to use dzdo.validator.) For example, if the script was named myvalidator and it was in the /etc/centrifydc directory, you would add the following command in centrifydc.conf:

dzdo.validator: /etc/centrifydc/myvalidator

The dzdo command sets three environment variables:

  • DZDO_USER: the Active Directory name of the user invoking dzdo
  • DZDO_COMMAND: the command
  • DZDO_RUNASUSER: the user name that the command will be run as

The script should return one of the following values:

  • 0 Success. dzdo will continue and run the command.
  • non-zero Failure: dzdo will not run the command. In this event, dzdo does NOT show a message on the console. If you want to notify the user of the failure, include the message in the script.

When the logging level is set to DEBUG, the call to the script and the return value are logged in var/log/centrifydc.log. If DEBUG is off, the call to the script and return value are logged in /val/log/messages.