# Allow a specific user to be mapped to another user. The variables $HOSTNAME
# and $ZONE contain the machine's current hostname and zone name, and are
# useful for mapping root and other system users to more restricted AD users.
# Note, the target user name must be a Windows (SAMAccount) name, not a zone
# name:
#
# This value is controlled by group policy under
# CentrifyDC Settings->User Map
#
# pam.mapuser.unix_user: windows_target
# pam.mapuser.jdoe: Jane Doe
# pam.mapuser.juser: juser_$HOSTNAME
pam.mapuser.tom1: jerry1
#
# Zone root mapping may be configured by the Windows DirectControl
# Management Console install wizard. To disable, comment the the following line
#
pam.mapuser.root: root_$ZONE
(A) pam.mapuser.unix_user: windows_target
For example:
local user ad user
tom jerry
1. login as ad user (jerry), it can access to /home/tom, and modify all files/directory under this /home/tom folder. That is to say, they are same people.
2. Input ad user's password when login as unix local user (tom).
(B) pam.mapuser.juser: juser_$HOSTNAME
For example:
pam.mapuser.tom1: tom1_rh9
1. Create an ad user named 'tom1_rh9'
2. Hostname = rh9, join this machine to domain, then login as tom1 with ad password.
(C) pam.mapuser.root: root_$ZONE
For example:
pam.mapuser.root: root_$ZONE
1. create one ad user named "root_default"
2. Join machine to default zone, then login as root user with ad password.