Welcome to the Centrify forums.
I would make sure the VNC server is configured to use the proper PAM modules.
Looking at http://tigervnc.org/doc/Xvnc.html it seems there's a parameter:
−pam_service name, −PAMService name
As a courtesy, here's an article from the KB (refers to a different VNC server, but looks promising)
KB-0495: Configure Enterprise VNC to authenticate with Centrify DirectControl
Centrify DirectControl ,
12 April,16 at 10:57 AM
Question:
How to implement VNC for Unix?
Answer:
Enterprise VNC for Unix from RealVNC is implemented using the Unix authentication option; it can use PAM for Authentication.
In Enterprise VNC, the option, PamApplicationName, specifies the PAM application policy to use. By default, its value is vncserver.
To enable Enterprise VNC to do authentication with Centrify DC, it can be done by one of the following options:
How to implement VNC for Unix?
Answer:
Enterprise VNC for Unix from RealVNC is implemented using the Unix authentication option; it can use PAM for Authentication.
In Enterprise VNC, the option, PamApplicationName, specifies the PAM application policy to use. By default, its value is vncserver.
To enable Enterprise VNC to do authentication with Centrify DC, it can be done by one of the following options:
- Set PamApplicationName to "other" by setting the option in VNC config file in /etc/vnc/config, or by applying the command option --PamApplicationName=other
- Edit vncserver entries in the pam config file to contain Centrify pam modules.
E.g. Edit lines in pam.conf to contain the Centrify pam modules for system such as HP-UX, and Solaris. Or copy /etc/pam.d/system-auth as /etc/pam.d/vncserver for systems such as Redhat Linux
We encourage you to share your results with the community to benefit future readers.
R.P