VMware Horizon Community
RogueRouter
Contributor
Contributor
‎02-01-2019 07:52 AM
Jump to solution

SSO with Centrify?

Recently started deploying/testing CentOS 7.5 Linux Desktops with Horizon agent configured.  Obviously the existing options SSO options don't specify Centrify as an option but I was wondering if there was any way to utilize the existing Centrify configuration to perform SSO or run something alongside Centrify that won't impact either applications operation on the system.

Minus the lack of SSO, the agent running in CentOS performs fantastic.

Thanks

0 Kudos
1 Solution

Accepted Solutions
FOSS598
Contributor
Contributor
‎07-02-2019 06:59 AM
Jump to solution

Hello RogueRouter,

I started rolling out CentOS 6 and 7 desktops for testing purposes in a Horizon 7.5 environment and also needed to tie them into our Centrify environment. After some digging around, I was able to find some success with SSO by modifying the gdm-vmwcred file in the /etc/pam.d directory. I followed the directions outlining how to add SSO support with Smartcards and just replaced the pam_pkcs11.so line with the correct Centrify pam_centrifydc.so configuration line:

                  auth requisite pam_vmw_cred.so

add this line --> auth sufficient pam_centrifydc.so try_first_pass

After adding the line and rebooting the desktop, the session was able to successfully login with SSO. Your mileage may vary because my initial tests were using 1810 builds of CentOS 7 and SSO was not working. It wasn't until I rolled to an older build (1511) when SSO start working. CentOS 6.10 though did work as expected in Horizon 7.5 with the gdm-vmwcred config changes. Hope things start working for you!

View solution in original post

0 Kudos
2 Replies
FOSS598
Contributor
Contributor
‎07-02-2019 06:59 AM
Jump to solution

Hello RogueRouter,

I started rolling out CentOS 6 and 7 desktops for testing purposes in a Horizon 7.5 environment and also needed to tie them into our Centrify environment. After some digging around, I was able to find some success with SSO by modifying the gdm-vmwcred file in the /etc/pam.d directory. I followed the directions outlining how to add SSO support with Smartcards and just replaced the pam_pkcs11.so line with the correct Centrify pam_centrifydc.so configuration line:

                  auth requisite pam_vmw_cred.so

add this line --> auth sufficient pam_centrifydc.so try_first_pass

After adding the line and rebooting the desktop, the session was able to successfully login with SSO. Your mileage may vary because my initial tests were using 1810 builds of CentOS 7 and SSO was not working. It wasn't until I rolled to an older build (1511) when SSO start working. CentOS 6.10 though did work as expected in Horizon 7.5 with the gdm-vmwcred config changes. Hope things start working for you!

0 Kudos
RogueRouter
Contributor
Contributor
‎08-28-2019 07:09 AM
Jump to solution

FOSS598,

Thanks for the information.  I had tried something similar without success with gdm-vmwcred file but didn't have the exact syntax/order for PAM that you listed below.  I was able to get it running on CentOS 7.5.1804 and successful SSO using the Horizon Client.

Thanks again!

0 Kudos