How the Centrify agent supports authentication

When the Centrify agent is in place, a Linux or UNIX computer that is joined to an Active Directory domain becomes an Active Directory client for authentication, authorization, policy management, and directory services. The Active Directory environment typically consists of a single Active Directory identity store for all Windows and UNIX users.

Centrify for Apache provides an additional library to extend authentication services for applications and web pages hosted on an Apache server. The following figure provides a simplified view of the communications between the Centrify for Apache authentication module, the Apache server, and Active Directory.

The Apache authentication libraries direct standard browser requests for access from the Apache server through to the Centrify agent to Active Directory. The Centrify agent receives the authentication and authorization from Active Directory and returns this information to the Apache server.

Before you can use Centrify for Apache for authentication using Active Directory, you need to:

  • Install the Centrify agent on the Apache server Linux or UNIX host.
  • Add Active Directory accounts for each user on the domain controller. (The accounts do not need to have the Centrify profile properties, for example UID or GID.)
  • Join the Apache server to the Active Directory domain controller.