Safeguard Authentication Services 5.1.2
Release Notes
22 September 2023, 10:24
These release notes provide information about the Safeguard Authentication Services 5.1.2 release. For the most recent documents and product information, see Safeguard Authentication Services - Technical Documentation.
About this release
Safeguard Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate UNIX identities with Active Directory Windows accounts.
Safeguard Authentication Services 5.1.2 is a minor release that includes various bug and stability fixes. For a list of fixes included in this release, see Resolved issues.
End of support notice
After careful consideration, One Identity ceased the development of Management Console for Unix (MCU). Therefore, MCU entered limited support for all versions on 01 April 2021, with support for all versions reached end of life on 01 November 2021. For the definitions of support, see the Software Product Support Lifecycle Policy.
As One Identity retired the MCU, its feature set has been built into modern platforms, starting with Software Distribution and Profiling. Customers that use MCU to deploy Safeguard Authentication Services and Safeguard for Sudo can now use the One Identity Ansible collections for those products. For the Ansible collections, see Ansible Galaxy.
The following is a list of enhancements implemented in Safeguard Authentication Services 5.1.2.
Table 1: General enhancements
|
Safeguard Authentication Services now supports systems where authselect is present but it is not in use.
As of version 1.4.0, authselect users who do not want to use authselect to manage their nsswitch and PAM configuration can opt-out by calling authselect opt-out. |
403530 |
The following is a list of issues addressed in this release.
Table 2: General resolved issues in version 5.1.2
| Previously, the Active Directory Config Wizard license screen title showed an incorrect product version number (4.2). This issue is now fixed. |
425093 |
|
The tool ktutil does not depend on libncurses/libtinfo any more.
On aarch64 and ppc64le architectures, ktutil could not find the missing libncurses/libtinfo shared objects on systems newer than version 6.0. On the x86 platform, having systems older than version 6.0 has already been addressed by creating a compatibility symlink at package install time.
After the fix, every package contains a ktutil, which is statically linked to libncurses and does not depend on the system version any more. |
423517 |
|
Fixed a vasd process crash which could occur on AIX during some of the login sessions. |
422720 |
|
Fixed a bug where sometimes vasd would keep trying to connect to unreachable DCs, causing memory leaks. |
422070 |
|
Fixed a significant slow down which occurred during group cache flush in case the AD contains a lot of users/groups (>10.000). This also caused a vastool flush or an upgrade of the vasclnt package to take several minutes. |
419704 |
|
Previously, due to a regression, kinit (kerberos TGT request) and logins involving at least 3 domains failed, unless there were explicit [capaths] rules set up for multi-hop traversal in vas.conf.
These issues are now fixed. |
418309 |
|
Fixed an issue where the Safeguard Authentication Services upgrade would fail to run flush.
During upgrade, the package script usually restarts vasd, then runs flush. However, the script only waited for the vasd dispatcher to run. If the vasd dispatcher was not connected to an Active Directory deployment, flush failed.
The issue was fixed by making sure that the script only runs after vasd is initialized and is connected to an Active Directory deployment. |
414528 |
|
A new keytab can now be created if the previous one is corrupted. |
404592 |
|
RPM package signatures now use the stronger SHA256 hash algorithm instead of SHA1. |
413943 |
|
Fixed an issue where the vascert script would fail if the default shell (/bin/sh) was not bash compatible. |
413944 |
|
Fixed an issue in the vasgp package upgrade affecting all Linux systems. The upgrade was successful but with error messages: _pp_systemd_cmd: command not found and vasd has not been restarted during the process. |
413357 |
|
References to Management Console for Unix (MCU) have been removed from Control Center.
One Identity ceased the development of Management Console for Unix (MCU). Support for all versions reached end of life on 01 November 2021. However, some references to the MCU could still be found on the Control Center. These outdated references are now removed. |
407357 |
The following table provides a list of supported UNIX and Linux platforms for Safeguard Authentication Services.
|
|
CAUTION: In Safeguard Authentication Services version 5.1, support for the following Linux platforms and architectures has been deprecated:
-
Linux platforms
-
CentOS Linux 5
-
Oracle Enterprise (OEL) Linux 5
-
Red Hat Enterprise Linux (RHEL) 5
-
Suse Linux Enterprise (SLES) 11
-
Linux architectures
Make sure that you prepare your system for an upgrade to a supported Linux platform and architecture, so that you can upgrade to Safeguard Authentication Services version 5.1 when it is released. |
Table 3: UNIX agent: Supported platforms
|
Alma Linux |
8, 9 |
x86_64, AARCH64, PPC64le |
|
Amazon Linux |
AMI, 2, AL2022 |
x86_64 |
|
Apple MacOS |
10.15, 11.x, 12.x, 13.x |
x86_64, ARM64 |
|
CentOS Linux |
6, 7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
|
CentOS Stream |
8, 9 |
x86_64 |
|
Debian |
Current supported releases |
x86_64, x86, AARCH64 |
|
Fedora Linux |
Current supported releases |
x86_64, x86, AARCH64 |
|
FreeBSD |
12.x, 13.x |
x32, x64 |
|
HP-UX |
11.31 |
PA, IA-64 |
|
IBM AIX |
6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3 |
Power 4+ |
|
OpenSuSE |
Current supported releases |
x86_64, x86, AARCH64 |
|
Oracle Enterprise Linux (OEL) |
6, 7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
|
Oracle Solaris |
10 8/11 (Update 10),
11.x |
SPARC, x64 |
|
Red Hat Enterprise Linux (RHEL) |
6, 7, 8, 9 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
|
Rocky Linux |
8, 9 |
x86_64, AARCH64 |
|
SuSE Linux Enterprise Server (SLES)/Workstation |
12, 15 |
Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64 |
|
Ubuntu |
Current supported releases |
x86_64, x86, AARCH64 |
