Centrify for Red Hat Linux

Red Hat Linux Integration with Active Directory

Centrally secure and manage Red Hat Linux systems with Active Directory authentication, access control, policy enforcement, privilege management and auditing

Red Hat Enterprise Linux is a Linux distribution that has been widely deployed for enterprise-class applications. Red Hat provides support and certified training programs for Enterprise Linux. For more information, see the product page on the Red Hat web site and the Wikipedia article.

Red Hat Linux was a popular Linux distribution provided by Red Hat and discontinued in 2004. Since then, Red Hat has turned its attention to developing, distributing and supporting the Red Hat Enterprise Linux line of Linux distributions as well as the Fedora project. More information can be found on the Wikipedia site.

Using Active Directory as an identity and authentication repository for platforms is technically sound and can provide real benefits for end users and administrators.


The Centrify Suite centrally secures and manages Red Hat Linux systems — along with 450 other versions of Linux and Unix — by integrating them with your existing Microsoft Active Directory services. With the Centrify Suite you can:

  • Reduce operational and helpdesk costs by centralizing account management within Active Directory, enabling standardization on a single set of tools and processes.
  • Strengthen security by centrally managing access rights and privileges, and enforcing consistent security policies across heterogeneous systems.
  • Simplify compliance reporting for PCI, SOX, FISMA and other regulations by linking all access rights and privileges to a single, definitive Active Directory identity.

Built on a common architecture, the Centrify Suite of solutions has been chosen by over 5,000 enterprise customers worldwide for its quick-to-deploy, easy-to-manage next-generation technology. The Centrify Suite consists of Centrify DirectControl, Centrify DirectAuthorize, and Centrify DirectAudit, and is packaged in several editions depending on your needs.

Smart Card Support

DirectControl for Red Hat Smart Card Edition provides full smart card support on for all CAC, CACNG, and PIV smart cards. This includes the Oberthur ID One 128 v 5.5 Dual Smart Card, bringing Red Hat systems into compliance with HSPD-12. No special user configuration is required on the local system because all authentication and access control data is stored in Microsoft Active Directory. DirectControl supports both online and offline login with smart cards. This would enable an organization to, for example, require users logging on to a Red Hat laptop on an airplane to authenticate using their smart card.

To streamline deployment of smart card-protected systems, DirectControl automates the configuration of the system to support smart card login as well as to ensure that the system trusts the root certificate authorities that are trusted by Active Directory when a Red Hat system joins the domain. Active Directory enforces smart card access to Windows systems through the Account option "Smart card is required for interactive logon" policy. DirectControl enforces this policy on Red Hat systems as well, giving you the ability to enforce smart card access consistently across your organization.

DirectControl also provides Group Policies to enable centralized management of smart card login. These Group Policies can be used to require a Red Hat system to go into screen lock or to force a logout when the smart card is removed from the reader during a session. This policy enforcement on Red Hat systems enables organizations to easily enable the secured usage of Red Hat systems within their Windows environments leveraging the same tools, procedures and policies that they are already familiar with today.

Centrify Suite Features

Centrify DirectControl: Centralized Identity & Access Management

  • Consolidate and eliminate redundant identity stores by adopting Active Directory as your centralized directory
  • Provide administrators and end-users with a single sign-on account for systems.
  • Use Centrify's unique Zone-Based Access Controls to apply granular access controls to logical groups of systems.
  • Enforce consistent security and configuration policies across heterogeneous systems using Group Policy for UNIX, Linux and Mac, including desktop lockdown policies for Linux systems running GNOME .
  • Provide end-users with a single sign-on account for SAP, web applications, and databases running on Centrify-managed systems.

Centrify DirectAuthorize: Role-Based Access Controls & Privilege Management

  • Set time windows when a role can access a system, and time periods when a role assignment is active.
  • Lock down sensitive systems with fine-grained controls that set who can access a system and how.
  • Grant users rights to execute commands with elevated privileges, eliminating the need for access to privileged accounts and passwords.
  • Assign users a Restricted Environment with access only to a specific "whitelist" of commands.

Centrify DirectAudit: Detailed User Activity Auditing

  • Capture detailed audit logs of user activity, including commands entered and system responses.
  • Report on user sessions, linking activity to a single, definitive Active Directory account
  • Monitor for suspicious activity
  • Replay sessions visually to aid in forensic auditing and IT troubleshooting

Supported Versions of Red Hat Linux

The following table shows all Red Hat Linux versions supported by the Centrify Suite Standard Edition. Click the Show Details tab for a detailed of each version, including upcoming versions.

Centrify DirectControl Supported Operating Systems

Show More DetailSupported Supported   Recent Addition Recent Addition   Early Access Early Access   
Operating System Version 32-bit 64-bit
Red Hat Enterprise Linux
Desktop 5, 6 x86 Supported
Desktop 5, 6, 7 x86_64 Supported
AS/ES/WS 3, 4, 5, 6 x86 Supported
AS/ES/WS 3, 4, 5, 6, 7 x86_64 Supported
AS/ES/WS 3, 4, 5, 6 PPC Supported Supported
AS/ES/WS 4, 5 Itanium Supported
AS/ES/WS 5, 6 S/390x Supported

Next Steps