Sun Solaris installation notes

This section describes the unique characteristics or known limitations that are specific to using authentication service on a computer with the Solaris operating environment.

Changing the local user password on Solaris

On Solaris, the passwd command is designed to update the databases listed in the nsswitch.conf file or the specific repositories you indicate with the -r option. Therefore, by default, you can use passwd command without any command line options to update your password wherever necessary.

Once you install authentication service and join the domain, however, Active Directory becomes the primary repository for user account information and changing the password for any local user account you need to maintain outside of Active Directory requires you to explicitly specify the repository to update with the -r option.

For example, if you want to change the password for a local user account in /etc/passwd, you must specify the files repository when you run the passwd command:

passwd -r files user

If you want to update the password for an Active Directory user account, you can use the passwd command without the repository option on Solaris 10. For example:

passwd adusername

If you are using an earlier version of the Solaris operating environment, however, you must use the adpasswd command that is installed with authentication service to update the password for Active Directory user accounts. For information about using adpasswd, see the adpasswd man page or the Administrator’s Guide for Linux and UNIX.

Installing authentication service packages into Solaris 10 zones

All zones should be up and running during an upgrade from a previous release of Centrify Authentication Service and its add-on packages (for example Centrify sudo or Centrify for Web Applications) should not be installed directly into a sparse zone, they should be installed from the global zone only.

Installing authentication service packages into Solaris 11 child zones

You need to install SVR4 packaging tools in the child zone before authentication service can be installed.

To check if the SVR4 package has been installed, run

$ pkg info svr4

If it is not installed yet, run the following to install it:

$ pkg install pkg:/package/svr4

Note that the command above may need internet connection (depends on how the IPS repository is configured in the zone).

Creating a home directory for new users on Solaris

In most operating environments, when new users log on successfully, authentication service will automatically create the user's home directory. On Solaris, however, the home directory is typically automounted over NFS, so the option to automatically create a new home directory for new users is off by default. You can turn on this feature, if suitable to your environment, by adding the following to /etc/centrifydc/centrifydc.conf:

pam.create.homedir: true

With this flag, the first time a user logs in the home directory will be created. The user will see the message "Failed to create home directory", but this can be ignored.

In Express mode use auto.schema.homedir to specify the home directory for users. Use %{user} as a placeholder for a user's name.

For example:

auto.schema.homedir: /export/home/${user}