Preliminary Notes:
You have to setup a Cloud Tenant from Centrify by registering an email with Centrify or Centrify Authorised Reseller.
Once the Tenant has been setup, the login link should have been sent to the email you have provided.
You will need to setup the 2FA Connector VM on premise. The recommended specification of the connectors. Port 443 should be opened for the VM.
- 4 Core; 8GB RAM; 100 GB HDD; Windows 2016 or later
At the Active Directory
- Create UNIX computer group in AD if not already created
- Add the UNIX computers that will require 2FA to the UNIX group
- Create a UNIX Users group if not already created
- Add Users that will require 2FA to the UNIX user group
- Add the IWA root CA Certificate to the Centrify GPO. The IWA Certificate can be downloaded from the Centrify cloud but the connector needs to be setup first before we can download the IWA Certificate.
At the CentOS Server
Copying the IwaTRustRoot.pem Certificate to CentOS Linux Server
- Change the extension of the IWA certificate that was downloaded from .cer to .pem
- For CentOS, please copy the certificate to this location /etc/pki/ca-trust/source/anchors/ in the test server.
- Copy the cert to /var/centrify/net/certs as well
Configure the SSH settings
# vim /etc/ssh/sshd_config# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes
Restart the SSHD Services
# systemctl restart sshd.serviceRestart the Centrifydc services
# /usr/share/centrifydc/bin/centrifydc restartActive Directory Flush
# adflush -fCentrify Access Manager
At Centrify Access Manager, do add the MFA Users to require MFS for Login and UNIX Login in the required Computer. See Pix
Further notes:
The Linux Cluster 