Ah..ok.
Centrify Express does not require installing any software on the Windows Domain Controller or Windows Administrator's workstations. It also does not require storing any UNIX data in Active Directory since it will dynamically generate the user's UNIX profile from the existing Active Directory user object information. Windows administrators will be very happy that they can manage user accounts for the Mac exactly like they do for Windows systems today.
When the Mac joins Active Directory a Computer Account will be created in Active Directory in the Computers container. This account has a corresponding password which Centrify Express will maintain for the life of the computer by periodically changing the password. This will ensure that the Mac computer accounts do not show up as "stale" accounts in AD, which is something that Administrators will search for when cleaning up Active Directory.
In most environments, users are required to change their password every 90 days or so depending on your security policy. Centrify Express will warn users a week before the password expires so that the user has a chance to change it before it actually expires. When the user does change the password, it will be updated in both Active Directory as well as the Login Keychain so that the user is not challenged for multiple passwords at login (one for AD and one for the Keychain). You can fine tune the configuration of Centrify Express by modifying the configuration file (/etc/centrifydc/centrifydc.conf) adjusting the password expiration warning if desired.
The primary benefit of Centrify Express on Mac OS X is that it provides a more natural upgrade path for IT Administrators who need to get the Macs joined into Active Directory for user authentication and password management where they want to eventually lock down the configuration of the system, centrally managing security settings using Group Policy in the future upon upgrade to Centrify DirectControl (this is accomplished by simply installing administrator tools and licenses in Active Directory, no software changes on the Mac).
-Great suggestion on the table.
Discussion on:
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
