Recently started deploying/testing CentOS 7.5 Linux Desktops with Horizon agent configured. Obviously the existing options SSO options don't specify Centrify as an option but I was wondering if there was any way to utilize the existing Centrify configuration to perform SSO or run something alongside Centrify that won't impact either applications operation on the system.
Minus the lack of SSO, the agent running in CentOS performs fantastic.
Thanks
Hello RogueRouter,
I started rolling out CentOS 6 and 7 desktops for testing purposes in a Horizon 7.5 environment and also needed to tie them into our Centrify environment. After some digging around, I was able to find some success with SSO by modifying the gdm-vmwcred file in the /etc/pam.d directory. I followed the directions outlining how to add SSO support with Smartcards and just replaced the pam_pkcs11.so line with the correct Centrify pam_centrifydc.so configuration line:
auth requisite pam_vmw_cred.so
add this line --> auth sufficient pam_centrifydc.so try_first_pass
After adding the line and rebooting the desktop, the session was able to successfully login with SSO. Your mileage may vary because my initial tests were using 1810 builds of CentOS 7 and SSO was not working. It wasn't until I rolled to an older build (1511) when SSO start working. CentOS 6.10 though did work as expected in Horizon 7.5 with the gdm-vmwcred config changes. Hope things start working for you!
Hello RogueRouter,
I started rolling out CentOS 6 and 7 desktops for testing purposes in a Horizon 7.5 environment and also needed to tie them into our Centrify environment. After some digging around, I was able to find some success with SSO by modifying the gdm-vmwcred file in the /etc/pam.d directory. I followed the directions outlining how to add SSO support with Smartcards and just replaced the pam_pkcs11.so line with the correct Centrify pam_centrifydc.so configuration line:
auth requisite pam_vmw_cred.so
add this line --> auth sufficient pam_centrifydc.so try_first_pass
After adding the line and rebooting the desktop, the session was able to successfully login with SSO. Your mileage may vary because my initial tests were using 1810 builds of CentOS 7 and SSO was not working. It wasn't until I rolled to an older build (1511) when SSO start working. CentOS 6.10 though did work as expected in Horizon 7.5 with the gdm-vmwcred config changes. Hope things start working for you!
FOSS598,
Thanks for the information. I had tried something similar without success with gdm-vmwcred file but didn't have the exact syntax/order for PAM that you listed below. I was able to get it running on CentOS 7.5.1804 and successful SSO using the Horizon Client.
Thanks again!