|
On macOS, some code signature-related files remained on the file system after uninstalling the product.
This issue is now fixed, and the files get removed. |
322269 |
|
On newer Linuxes (such as RHEL 9.2), the vasclnt package required installing the libxcrypt-compat package to work.
This dependency is not present anymore. |
426583 |
|
On macOS, PolicyRefreshRate did not work as described in the documentation, policy refresh was called more frequently.
PolicyRefreshRate now works as described in the documentation on macOS. |
387219 |
|
vas_status.sh has been extended with new checks.
From now on, the permissions on directory /bin and file /bin/sh will be checked. vas_status.sh will report failure if the permissions are not acceptable. |
435016 |
|
Fixed an issue where the vastool timesync command did not list the time zone when showing the current time and date. |
435698 |
|
From now on, vasd logs a message when the grent or pwent flush takes a long time. |
436715 |
|
So far, the UNIX account import wizard tool has not picked a group name consistently while importing groups from a NIS server.
From now on, the tool will choose the shortest group name. If there is no single shortest name, it will choose the first one in lexicographical order. |
437925 |
|
Logging messages in pam_vas has been improved.
Previously, several error messages were logged at level debug. From now on, error messages will be logged at level err. |
436717 |
|
Previously, AIX version numbers sometimes had a 5-digit FixLevel value, which is considered invalid according to the AIX system documentation.
This issue is now fixed, the FixLevel value in the AIX version number has only 4 digits. |
416547 |
|
The vastool status command now issues a warning if default_etypes is only configured to insecure encryption algorithms, or smb-dialect-range limits Samba to use the old protocol. |
438260 |
|
The version number of the pamdefender package now follows the version of Safeguard Authentication Services. |
438315 |
|
When the Control Center was not able to bind an object in AD (for example, QAC), it displayed an error message that lacked any details.
From now on, the error message will contain the LDAP URL of the object. |
440174 |
|
From now on, Safeguard Authentication Services can handle if a computer object account is reset in Active Directory, just like a Windows client.
This issue was fixed by making sure that Safeguard Authentication Services changes the computer account's password as soon as it discovered that the password has been reset to its default value. |
440695 |
|
Fixed an issue where if pam_access.so is being used in a PAM file, vasd may be blocked from working properly.
vastool status now checks if pam_access.so is being used in any PAM file, and vas_snapshot.sh grabs files related to pam_access. |
443124 |
|
The existence of /usr/bin/startsrc will be checked only on AIX, therefore it will not interfere with optionally installed extra packages on non-AIX systems. |
444151 |
|
New vasclnt installs on Solaris 10 now add a user-override configuration line, which overrides the home directories of AD users stored under /export/home/<username>.
In previous versions, this override configuration was only created on Solaris 11. |
438524 |
|
/var/opt/quest/vas/vasd/.vasd_ipv4 and .vasd_ipv6 files should have been created by vasd with the same owner as the other files in the same directory. However, they were always created with the owner root.
This issue is now fixed. |
441962 |
|
Fixed an issue where vascert has shown the following exception when running on Oracle Java: java.lang.SecurityException: JCE cannot authenticate the provider BC
Now vascert ships this cryptography extension as a signed jar, so the error should disappear. OpenJDK did not have this requirement, and therefore was not affected. |
442481 |
|
A new vas.conf option was added to control DNS resolve-retries in the case of resolve failures.
The default value is 3, which can be overridden by setting resolve-retries to the libvas section of vas.conf. |
438351 |
|
Previously, the vgptool could not apply script group policies if /tmp has been mounted with the noexec flag, and the script has been requested to run in the name of a specified user.
This issue is now fixed. |
445979 |
|
Fixed an issue where an unnecessary error message was displayed when a GPO containing a login script was applied with vgptool.
This error message is no longer displayed. |
299067 |
|
Fixed an issue where vgptool crashed when the KRB5_CONFIG environment variable was set to an empty string. |
435807 |
|
Previously, when multiple GPOs were configured, only one of them was applied on macOS.
Now all policies are written to file and applied. |
446657 |
|
The vastool status script now uses grep -E instead of egrep if supported, because egrep issues deprecation warnings on newer systems (for example, Fedora 38). |
431444 |
|
Previously, user logins in permanent-disconnected authentication mode could fail if the enrcyption type of the Kerberos ticket did not match the encryption type of the session for the cached material. This happened often if ARCFOUR and AES encryption types are both enabled in the KDC. |
440134 |
|
Previously, the pam_config utility crashed if the PAM configuration's directives specify an infinite recursion (for example, when two configuration files both include the other).
Now the tool reports an error instead. |
445289 |
|
macOS Profile Helper is now started automatically from launchd using spawn constraints to increase security and ensure working on the most recent macOS versions. |
448880 |
|
Fixed a vasd crash on HP-UX that could occur during user login. |
449063 |
|
Updated the error message shown when macOS version requirements are not met. |
434983 |
