Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.6 - Installation Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Installing and configuring Safeguard Authentication Services Installing and joining from the Unix command line Getting started with Safeguard Authentication Services Troubleshooting Enterprise package deployment

Restarting services

  1. The method for restarting services varies by platform:
    1. To restart Safeguard Authentication Services on Linux or Oracle Solaris, enter:
      /etc/init.d/vasd restart
    2. To restart Safeguard Authentication Services on HP-UX, enter:
      /sbin/init.d/vasd restart
    3. To restart Safeguard Authentication Services on AIX, enter:
      stopsrc -s vasd
startsrc -s vasd

Note: Due to library changes between the Safeguard Authentication Services 4.1 and 4.2, the system may need to be rebooted before all processes load the new libraries.

Uninstalling the agent packages

To uninstall the Safeguard Authentication Services agent packages

  1. Log in and open a root shell.
  2. Run the following commands to remove the packages.

    See Additional configuration information that follows the table.

    Table 32: Agent uninstall commands
    Package Command
    RPM # rpm -e vasclnt
    DEB # dpkg -r vaslcnt
    Oracle Solaris # pkgrm vasclnt
    HP-UX # swremove vasclnt
    AIX # installp -u vasclnt
    macOS

    /<mount>/Uninstall.app/Contents/MacOS/Uninstall' --console --force vasclnt

    FreeBDS

    pkg delete <package name>

Additional configuration information
  • Linux: The rpm –e vasclnt and the dpkg -r vaslcnt commands run scripts that halt the daemon, unconfigure Safeguard Authentication Services, flush, and delete the Safeguard Authentication Services cache before finally removing the files.
  • HP-UX: The swremove vasclnt command does not clean up the empty directories that the vasclnt package used. In order to clean these up, manually remove the /opt/quest directory after you uninstall.

Oracle Solaris 10 zones/containers support

Zones (or containers) were introduced in Oracle Solaris 10. Zones is a partitioning technology used to virtualize operating system services and provide an isolated and secure environment for running applications. There are two types of non-global zone root filesystem models:

  • sparse root
  • whole root

The sparse root zone model optimizes the sharing of objects while the whole root zone model provides the maximum configurability. Additional information on Oracle Solaris 10 and Zones can be found at www.sun.com.

Safeguard Authentication Services and Oracle Solaris 10 Zones installation guidelines

To install Safeguard Authentication Services in a Oracle Solaris 10 Zones configuration

  • In Oracle Solaris 10 Zones, only the global zone is permitted to do time synchronization. Therefore, if you want to run Safeguard Authentication Services in any Oracle Solaris Zone configuration, you must timesync the Global Zone with Active Directory. Time synchronization is a requirement of the Kerberos protocol and since Safeguard Authentication Services is built on Kerberos, Safeguard Authentication Services also has this requirement.
  • The same version of Safeguard Authentication Services should be installed in any combination of global, whole root, and sparse root zone configurations.
  • To disable time synchronization for Safeguard Authentication Services on the sparse zone, run the below command: 
    vastool configure vas vasd timesync-interval 0
  • The following symlinks must exist in the global zone in order for the sparse zones to work correctly:
    • /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
    • /usr/lib/security/sparcv9/pam_vas3.so | /opt/quest/usr/lib/security/sparcv9/pam_vas3.so
    If /usr is shared, you need the following symlinks in the global zone pointing to counterpart files in /opt/quest/lib:
    • /usr/lib/nss_vas4.so.1 | /opt/quest/lib/nss/nss_vas4.so.1
    • /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
    In such a scenario, you do not need Safeguard Authentication Services joined to a domain in the global zone in order for sparse zones to work, but the symlinks must exist.

Each zone must have its own unique copy of /etc and /var because Safeguard Authentication Services stores zone-specific information in those locations. Sharing /etc and /var with the global zone is not a supported configuration.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating