I have some questions regarding the use of CentrifyDC-openssh vs. stock ssh with Centrify Express 2016.1 on a CentOS 6.8 system:
1. I noticed that if I install the CentrifyDC-openssh package, new ssh keys are created in /etc/centrifydc/ssh. Does that mean existing stock ssh keys in /etc/ssh are not used by CentrifyDC-openssh? I'm trying to avoid annoying users with the "man in the middle attack" message if they have already accepted stock ssh keys.
2. Does CentrifyDC-openssh have support for tcp_wrappers-enabled xinetd?
3. If I decide to use the stock sshd package in CentOS 6.8, is there a way to enable SSO?
4. If I decide to use the stock sshd package in CentOS 6.8, is AllowGroups and/or AllowUsers the best way to restrict access to ssh logins?