Chat now with support
Chat with Support

Safeguard Authentication Services 4.2.2 - Release Notes

One Identity Authentication Services 4.2.2

One Identity Authentication Services 4.2.2

Release Notes

December 2019

These release notes provide information about the One Identity Authentication Services 4.2.2 release.

About this release

Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate Unix identities with Active Directory Windows accounts.

Authentication Services 4.2.2 is a minor release that includes:

  • Starling enhancements
  • Cloud service platform support

New features

The following new features are now available with Authentication Services 4.2.2:

  • Starling enhancements (797136)

    The administrator can set up a proxy url from Quest Authentication and use Starling two-factor authentication to log in. Any phone number or email attribute can be selected. The default time can be changed. Messaging includes the hardware being authorized.

    The feature is available on multiple platforms including running Starling on Oracle Solaris 10 x86_64 and on AIX 7.1/7.2.

  • Cloud Service platform support
    • Google Cloud Platform Managed Service for Microsoft Active Directory
    • AWS Directory Service for Microsoft Active Directory (also called AWS Managed Microsoft AD)

Resolved issues

The following is a list of issues addressed in Authentication Services 4.2.2.

Table 1: General resolved issues
Resolved Issue

Issue ID

vastool: Fix incorrect option to user checkaccess.


vastool: Fix symlink issue on Linux PPC64LE during configure pam.


vastool: When unconfiguring passwd on Solaris 11, remove added use_first_pass.


smartcard: Better handle smartcards with multiple slots.


vgp: Validate sudoers file before attempting to modify it.


vastool: During join, if the computer password failed to set properly, stop there instead of continuing the join.


packaging: During uninstall, suppress unconfigure selinux messages.


vastool: Better handle cross domain / forest starling detection and caching.

804042 and 804045

scripts: Add version check to on Solaris 10 for 8/11 (Update 10).


krb5: Fix joining to domains with a lot of DCs on AIX and Solaris.


vastool: On Solaris 11.4, configure a 64-bit libsudo_vas library to match the new 64-bit sudo binary.


vastool: When running vastool starling check with debug, add --debug-verbose to the call to starling.


vastool: Fix configure selinux issue on RedHat 6.x.


vasd: vas_ccache_renew was filling up /tmp/ duplicating files on renewing.


status: Add additional check for users.starling before checking Starling configuration / status.


vastool: During join, set msDS-SupportedEncryptionTypes to 524319 from 31 to disable Resource SID Compression, to help with cross domain/forest group memberships in mixed domain functional level situations.


krb5: Update Heimdal to the latest version, 7.7.0.


Known issues

The following is a list of issues known to exist at the time of release.

Table 2: Known Issues
Known Issue Issue ID
auth: Cross forest user with child domains can fail to log in. There is a workaround using capaths, see KB 54961. 802683
vgp: Setting smb-dialect-range to include 3+ triggers downloading of files to fail. 804186
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating