Chat now with support
Chat with Support

Privilege Manager for Unix 6.1 Common Documents - Release Notes

Deprecated features

Updated platform support:

  • Privilege Manager for Unix clients: Some older platforms have been deprecated as they are removed from the mainstream support by the vendor. See Supported platforms for a list of currently supported platforms.

Resolved issues

The following is a list of issues addressed in this release.

Table 3: General resolved issues
Resolved Issue Issue ID

Reported event times offset

Reported event times may be offset if the MCU console server and policy servers are not set to use the same time zones.

0004606

Time restriction interpretation

In the profile-based policy, the time restriction specified in the pf_restrictionhours profile variable is interpreted against the local time configured on the policy server that is evaluating the request, rather than the local time on the client host.

0004639

Incompatible linux-ppc64 packages

The linux-ppc64 packages now work on modern ppc64 systems.

784390

Retired policy server may re-appear in servers list on client

In a policy group with two or more policy servers, if one of the secondary policy servers in not configured, the plugin host may still have a reference to the unconfigured server. The output of the pmpluginloadcheck command may include the unconfigured server.

 784399

pmsrvconfig now displays a descriptive error message if there is a syntax error in the policy.

784401

Resource limit support for Linux systems

Commands run using pmrun now have their resource limits updated based on the limits.conf file on Linux systems when the pam_limits PAM module is configured.

790157

If the user configuring the product has the number of files resource limit set to unlimited, the pmsrvconfig, pmjoin, and pmplugininfo commands will fail or take up to five minutes to complete. 798228

Fix for locale error when running the pmpolicy command

If the LC_CTYPE, LC_ALL, or LANG environment variable was set to an unsupported value, the pmpolicy command would fail.

798918

SELinux support for Privilege Manager for Unix

Privilege Manager for Unix will now set the SELinux security context to the run user when executing commands when SELinux support is configured using pmjoin.

799821

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 4: General known issues
Known Issue Issue ID

AlertRaised events not logged to the eventlog

AlertRaised events are not logged to the eventlog. However, pmlocald will still terminate the current session if an alert is raised and alertkeyaction is set to reject.

0004005

Handshake failed message

Improperly configured clients may display a Connection timed out or Handshake failed message. This may be caused by an incorrect pmlocaldOpts setting in the pm.settings file.

Workaround: This can be resolved by removing the pmlocaldOpts setting and restarting the pmserviced daemon.

0004336

System requirements

Before installing Privilege Manager 6.1, ensure that your system meets the following minimum hardware and software requirements.

Table 5: Hardware and software requirements
Component Requirements
Operating systems

See Supported platforms to review a list of platforms that support Privilege Manager clients.

Disk space

80 MB of disk space for program binaries and manuals for each architecture.

NOTE: At a minimum, you must have 80 MB of free disk space. The directories in which the binaries are installed must have sufficient disk space available on a local disk drive rather than a network drive. Before you install Privilege Manager, ensure that the partitions that will contain /opt/quest have sufficient space available.

  • Sufficient space for the keystroke logs, application logs, and event logs. The size of this space depends on the number of servers, the number of commands, and the number of policies configured.

    NOTE: The space can be on a network disk drive rather than a local drive.

  • The server hosting Privilege Manager must be a separate machine dedicated to running the pmmasterd daemon.
SSH software

You must install and configure SSH client and server software on all policy server hosts.

You must enable access to SSH as the root user on the policy server hosts during configuration of the policy servers. Both OpenSSH 4.3 (and later) and Tectia SSH 6.4 (and later) are supported.

Processor Policy Servers: 4 cores
RAM Policy Servers: 4GB
Upgrade and compatibility

Privilege Manager for Unix supports a direct upgrade installation from version 6.0. The Privilege Manager software in this release is provided using platform-specific installation packages. For more information on upgrading, see the One Identity Privilege Manager for Unix Administration Guide.

One Identity recommends that:

  • You upgrade your policy server (Master) systems before agents, and that a policy server is run at the same or higher level than agents.
  • All policy server systems and agents are upgraded to the latest version to take advantage of all new features.

NOTE: The upgrade process will create symbolic links to ensure that your existing paths function correctly.

NOTE: Use of the Privilege Manager clients (pmrun and pmshells) with a policy server in Sudo policy mode is not supported.

Related Documents