Centrify integrates Mac OS X, Linux, UNIX with Microsoft Active Directory

Centrify Corporation, a provider of Microsoft Active Directory-based auditing, access control and identity management solutions for non-Microsoft platforms, today announced that it is delivering the first solution to offer Microsoft Active Directory-based authentication and access control to over 100 versions of UNIX, Linux and Mac platforms.

The latest release of Centrify DirectControl adds over 25 new supported versions of UNIX and Linux, includes enhanced Group Policy-based Apple Mac OS X desktop lockdown capabilities, and delivers the industry’s first solution to leverage Group Policy to enable bulk configuration of distributed OpenSSH deployments. These new capabilities further enhance Centrify customers’ ability to secure and streamline their heterogeneous environments by centralizing identity and policy management within their existing Microsoft Active Directory infrastructure.

“By extending its authentication and access control to the widest range of non-Microsoft operating systems, Centrify has made Microsoft Active Directory an appealing directory in which to centralize identity management in a multi-platform environment,” said Jon Oltsik, Senior Analyst, Enterprise Strategy Group, in the press release.

Centrify DirectControl effectively turns a non-Microsoft server, workstation or device into an Active Directory client, enabling an organization to secure that system using the same authentication, access control and Group Policy services currently deployed for its Windows systems. Centrify DirectControl supports Linux distributions such Red Hat Linux, Novell SUSE Linux, Fedora Core and Debian Linux, as well as UNIX platforms such as Sun Solaris, IBM AIX, HP HP-UX, and Silicon Graphics IRIX, plus VMware ESX and Mac OS X.

With this release, Centrify also further extends DirectControl’s support for Active Directory Group Policy, with well over 200 out-of-the-box policies that enable organizations to globally apply consistent security and configuration settings for UNIX, Linux and Mac computers and users. DirectControl is the first and only solution generally available on the market today to offer Group Policy support for Mac OS X systems as well as UNIX and Linux systems.

This release now also makes Centrify DirectControl the first solution that lets security personnel leverage Group Policy to centrally configure the security settings of the OpenSSH open source network connectivity tool running on UNIX and Linux systems. Examples of new OpenSSH Group Policies include: controlling who is allowed to SSH to a set of computers; controlling the time allowed for a successful login; displaying a security notice at login; and preventing root user login via SSH. DirectControl also adds Group Policies for the PuTTY open source SSH (“Secure Shell”) client for Microsoft Windows. New policies have also been added for the Mac OS X platform, including the ability to control login and logout scripts with Group Policy as well as improved mobile user configuration management capabilities.

This new release of DirectControl also offers enhanced integration with Apple Remote Desktop Administrator as well as Workgroup Manager.

DirectControl’s new platform and Group Policy support is being released on August 15, 2007. More info here.


  1. I really wish Apple had a killer alternative to Active Directory and/or Exchange server. While this middleware is cute, it only solidifies Microsoft’s entrenchment of Active Directory as the backbone allowing them to further lock-in more Windows desktops as the “natural fit” (via Group Policy, SMS, etc) to an AD based directory infrastructure. In comparison, the deployment costs, administrative overhead, and manageability of OpenDirectory just isn’t there yet for a global directory containing millions of directory objects replicating across hundreds/thousands of sites worldwide. Here’s hoping that may one day change…

  2. @JCR

    Yeah, it’s a mixed up world we live in, but what can ya do?

    Steve was oh so right back in that famous keynote back in ’97 bout “thinking differently”. Unfortunately it’s not Apple v M$, so much as do anything, make compromises to get Apple into the enterprise, or back then even just to survive.

    But yeah, it’s a travesty.

  3. I’m with devnull – as much as I wished the Exchange server worked better with my Mac and Entourage when it came to managing calendars and other items for multiple people, I certainly don’t want M$ to be holding all the cards to the backbone of the whole thing.

  4. I agree with some of the sentiment about Macs being controlled via AD being a mixed blessing, but I still think that for now, anything that gets more Macs in the enterprise is a plus, even though this isn’t my ideal way of seeing that happen.

    Now that Leopard is UNIX03 certified, perhaps we will see more Xserves begin to show up. That along with more Macs thanks to AD integration, may eventually lead to more Mac-centric enterprise deployments (and this will take quite some time).

    At least that’s my wishful thinking.

  5. “Microsoft Exchange Server is a messaging and collaborative software product developed by Microsoft. It is part of the Microsoft Servers line of server products and is widely used by enterprises using Microsoft infrastructure solutions. Exchange’s major features consist of electronic mail, calendaring, contacts and tasks, and support for the mobile and web-based access to information, as well as supporting data storage.”


    And then:
    And more:
    And even more:

    There you go Samurai…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.