One Identity Management Console for Unix 2.5.3
These release notes provide information about the One Identity Management Console for Unix 2.5.3 release.
About this release
One Identity Management Console for Unix is a web-based console that delivers a consolidated view and centralized point of management for local Unix users and groups, including:
- Local Unix user and group management
- Centralized reporting
- Pre-migration readiness assessment for integrating with Active Directory
- Remote client-agent deployment
- Secure local Unix accounts with Active Directory authentication
Key features and capabilities of the management console:
- Local Unix user and group management
- Active Directory integration
- Privilege Manager integration
- Remote agent deployment
- Role-Based Access Control
- Securing Local Unix accounts with Active Directory authentication
- Web services
This release is a minor release that includes various bug and stability fixes. See Resolved issues for a list of fixes included in this release.
End of support notice
After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.
As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.
The following is a list of issues addressed in One Identity Management Console for Unix 2.5.3.
Table 1: Resolved issues
|Some QPM RPMs blocked on dependencies.
|Licensing requirements and reports are removed from MCU in this version.
|MCU is updated to include to Jetty 9.4.34.v20201102.
|MCU now supports FreeBSD.
|After profiling QPM version numbers occasionally contained extra strings, for example: 188.8.131.52 license.
|MCU could not install QAS 5.0 on a macOS.
|A vasgp upgrade issue was reported, when upgrading from verion 4.1.x to 4.2.x with dpkg.
|MCU could not install software on macOS 10.15.
|MCU did not recognize the new dnsupdate name. It should recognize both dnsupdate and quest-dnsupdate.
MCU now more easily detects QPM software folders.
It was not possible to activate certain policy servers in MCU due to issues caused by SSH key length.
For example, to configure the default RSA key length to 1024, specify -DQuestRSAKeyLength=1024. Expected values are 768, 1024 and 2048. The default value is 2048.
|MCU showed incorrect date and time for events.
The default questusr password can now be set to different lengths. An ability to choose from a configurable set of characters is added in this version.
For example, to configure the default password length to 12 (minimum 9), in the custom.cfg file, specify -DQuestUsrPwdLength=12 .
|Attempting to open a QPM4U 6.1 policy caused it to open and suddenly close. It was only possible to open the policy in text mode.
|MCU did not recognize newer QAS packages.
|Support is added for MCU for Microsoft Windows Server 2016 and 2019.
|After upgrading to MCU 2.5.2, the version in Help | About showed old version.
|Using MCU to upgrade to QPM 6.1 or 7.0 appeared to fail but then looked fine after re-profiling.
The following is a list of issues known to exist at the time of release.
Table 2: Known issues
Management Console for Unix does not support Security-Enhanced Linux (SELinux).
When multiple people are editing the same policy file, the last saved version of the policy overwrites the other's changes.
!= comparison operator is not working for "Find" filters.
Workaround: Use PowerShell cmdlets to search for objects.
Windows browser on same host as server
Internet Explorer and Edge running on the same Windows host as the server do not connect.
Workaround: Run Internet Explorer or Edge on other hosts, or use Chrome or Firefox.
The ? button shows built-in 2.5.1 documentation, not 2.5.3.
Workaround: https://support.oneidentity.com/authentication-services/technical-documents links to the current online documentation.
Getting Started tab shows nothing
After logging in the Getting Started tab may show none of its content.
Workaround: Use the browser's Refresh button.
Before installing Management Console for Unix 2.5.3, ensure that your system meets the following minimum hardware and software requirements for your platform.
NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.
One Identity Management Console for Unix Web Server
Table 3: System requirements
Can be installed on the following configurations:
- Windows x86 (32-bit)
- Windows x86-64 (64-bit)
- Unix/Linux systems for which Java 8 is available
The Management Console for Unix server requires Java 8 (also referred to as JRE 8, JDK 8, JRE 1.8, and JDK 1.8).
|Managed Host Requirements
Click www.oneidentity.com/products/authentication-services/ to view a list of Unix, Linux, and Mac platforms that support Authentication Services.
Click www.oneidentity.com/products/privilege-manager-for-unix/ to review a list of Unix and Linux platforms that support Privilege Manager for Unix.
Click www.oneidentity.com/products/privilege-manager-for-sudo/ to review a list of Unix, Linux, and Mac platforms that support Privilege Manager for Sudo.
NOTE: To enable the Management Console for Unix server to interact with the host, you must install both an SSH server (that is, sshd) and an SSH client on each managed host. Both OpenSSH 2.5 (and higher) and Tectia SSH 5.0 (and higher) are supported.
NOTE: Management Console for Unix does not support Security-Enhanced Linux (SELinux).
NOTE: When you install Authentication Services on Solaris 10 (SPARC - 32/64-bit), the Solaris 10 packages are installed.
|Default Memory Requirement:
NOTE: See JVM memory tuning suggestions in the One Identity Management Console for Unix Administration Guide for information about changing the default memory allocation setting in the configuration file.