# README
dmc - Sample program on getting a Delegated Machine Credential (DMC) token
Build sample program
- git clone https://github.com/centrify/platform-sdk
- cd platform-sdk/examples/dmc
- go build ./...
The resulting executable can be found in the current directory. You can also run "go install ./..." afterwards which installs the executable to the target bin directory in your go environment.
Centrify Client requirements
- Install Centrify Client (version 21.5 or later) on the system.
- Enroll Centrify Client to a PAS tenant:
- enable DMC feature by specifying "-F all" or "-F dmc" in cenroll command line.
- specify the DMC scope(s) by specifying -d in cenroll command line.
Example:
cenroll -t ${MY_TENANT_URL} -c ${MY_ENROLLEMNT_CODE} -F dmc -d testsdk:security/whoami
Notes:
- MY_TENANT_URL is an environment variable that has the tenant URL
- MY_ENROLLMENT_CODE is an environment variable that has the enrollment code.
Usage
- You need to run this program as root in Linux or a privileged user in Windows.
- You need to specify a DMC scope using -scope parameter.
Example:
sudo dmc -scope testsdk
Sample Linux shell script
This is a simple Linux shell script that demonstrates how to get a DMC token and use it to send a REST API to PAS.
#!/bin/bash
dmc=/usr/local/bin/dmc
OTOKEN=$(sudo $dmc -scope testsdk)
if [ $? -ne 0 ]
then
echo "Cannot get DMC token"
exit $?
fi
TENANT=$(cinfo -T)
if [ $? -ne 0 ]
then
echo "Cannot get tenant information"
exit $?
fi
curl -H "Authorization:Bearer $OTOKEN" $TENANT/security/whoami
You can customize this script for:
- different locations of this sample program. This script assumes that it is already copied to /usr/local/bin.
- the DMC scope name
- the REST API and payload