Centrify Express 2014

Centrify-Enabled Open Source Tools

Centrify provides free, enhanced versions of popular open source tools to help you be more productive and accelerate you deployment of Centrify solutions. Our packaged and tested versions of the following open source tools have been recompiled to work out-of-the-box with Centrify-managed systems, taking the pain out of your integration efforts. They include an installation program that sets all needed configuration parameters and documentation to help you get up to speed quickly. The Centrify Express Community also features how-to videos for installing our OpenSSH and Samba solutions, among others.

Centrify-Enabled Samba


Samba enables Windows users to access file shares on a UNIX or Linux server using native Windows SMB protocols. However, setting up Samba to authenticate Windows users to Active Directory can be a complex and time-consuming exercise. The Centrify-enhanced version of Samba takes the pain out of deploying Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems. Centrify also delivers WinSCP as a convenience.

By leveraging this Centrify-enabled version of Samba, IT staff can centrally control user identities, authentication and access to the UNIX file system for both interactive access as well as remote file system access. Benefits include:

  • Active Directory user identities are mapped to consistent UNIX identities to ensure proper access controls.
  • Users gain single sign-on access to Samba shares through Kerberos/NTLM via integration to Active Directory.
  • Administrators centrally control users' access rights to Samba shares through Centrify Zones and Active Directory group memberships.
  • Administrators can also get Samba up and running in minutes by leveraging Centrify's pre-packaged Samba binaries on a wide range of platforms, as well as a number of Centrify-supplied installation utilities and enhancements.

Centrify-Enabled OpenSSH


SSH has become the de facto standard for administrators and users needing remote access to UNIX and Linux systems. OpenSSH is a popular open source SSH solution whose current versions now support secure connections via Kerberos. However, configuring OpenSSH for a Kerberos connection to a UNIX or Linux system joined to Active Directory can be time-consuming and problematic. The Centrify Express package for each UNIX and Linux system will install our Centrify-enabled OpenSSH service on the target machine and configure it for silent Active Directory authentication to that system. In other words, Centrify has compiled the standard OpenSSH distribution unmodified, but in the compile process we linked OpenSSH with the DirectControl Kerberos libraries to ensure that single sign-on works seamlessly as expected in an Active Directory environment.

Another advantage of the Centrify-enabled OpenSSH is you get a consistent and more up-to-date version of OpenSSH across your heterogeneous systems that are invariably running different versions of OpenSSH, including versions that may not have the latest security enhancements. Centrify provides Centrify-enabled OpenSSH as a convenience to you, but if you want to use the SSH provided by the OS vendor, or use a commercial SSH vendor, Centrify Express fully supports that too. For example, here's a how to video on how to use Centrify Express with stock SSH. Using our supplied OpenSSH is simply an installation choice, and not a requirement, and we have fully tested all the choices you can make and want.

Enterprises that need to globally control OpenSSH configuration and security settings can do so using our Group Policy for UNIX, Linux and Mac feature that is found in the full-featured version of DirectControl. Enterprises that need to control who can access systems using SSH should consider our Centrify DirectAuthorize solution for centralized, role-based privilege management


Centrify-Enabled PuTTY


PuTTY is a popular open source Windows utility that lets you log in to remote UNIX and Linux computers. However, the baseline PuTTY utility does not support Kerberos authentication. Centrify delivers a packaged and tested version of PuTTY that has been recompiled with the DirectControl Kerberos libraries, thereby enabling PuTTY to connect securely via SSH (Secure Shell) to DirectControl-managed systems and ensuring that PuTTY works seamlessly with UNIX and Linux systems that have been joined to Active Directory using Centrify Express.

Enterprises that need to globally control PuTTY configuration and security settings can do so using our Group Policy for UNIX, Linux and Mac feature that is found in the full-featured version of DirectControl.

Centrify-Enabled Kerberos Tools

Centrify provides packaged and tested versions of FTP and Telnet for use with UNIX and Linux systems that have been joined to Active Directory using Centrify Express. The separate Kerberos Tools package includes an installer that automatically updates the correct configuration files for Kerberized access to the system.