Welcome to the Centrify forums. We apologize for the delay on getting your response.
Note: You are posting in the Express forum, but the question is about the commercial version. Ideally you'd let us know which version you're running (adinfo -v) and the OS version too (uname -a).
The answer is that yes, you should be able to do this. Let's go into high-level implementation steps.
Goal: leverage Centrify and the "deploy" AD user to run commands as the local user wasadmin without being challenged.
Assumption:
- ' deploy' is a valid zone user that can log in to systems in the centrify zone, child zone, computer role or system in question
- 'wasadmin' exists in the local /etc/passwd and it has the poper permissions to do what you need it to do.
Create the equivalent to "deploy ALL=(wasadmin) NOPASSWD: ALL" in DirectAuthorize
1. Create the "run any command as wasadmin" command in the Access Manager console:
(please note that you can use a one-line PowerShell to create this command too, or using adedit).
Now, this command can be assigned to a role and assigned to deploy or added to a role that deploy already has assigned (assuming this is familiar to you)
Let's see it in action
I hope this helps.
R.P