Privileged Access Suite for Unix solves the inherent security and administration issues of Unix-based systems (including Linux and Mac OS X) while making satisfying compliance requirements easier. It unifies and consolidates identities, assigns individual accountability, and enables centralized reporting for user and administrator access to Unix. The Privileged Access Suite for Unix combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire Unix environment.
Achieve unified access control, authentication, authorization, and identity administration for Unix, Linux, and Mac OS X systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows resources to become part of the AD trusted realm, and extends AD’s security, compliance, and Kerberos-based authentication capabilities to Unix, Linux, and Mac OS X. See www.oneidentity.com/products/authentication-services/ for more information about the Active Directory Bridge product.
The Privileged Access Suite for Unix offers two different approaches to delegating the Unix root account. The suite either enhances or replaces sudo, depending on your needs.
By choosing to enhance sudo, you will keep everything you know and love about sudo while enhancing it with features like a central sudo policy server, centralized keystroke logs, a sudo event log, and compliance reports for who can do what with sudo.
See www.oneidentity.com/products/privilege-manager-for-sudo/ for more information about enhancing sudo.
By choosing to replace sudo, you will still be able to delegate the Unix root privilege based on centralized policy reporting on access rights, but with a more granular permission and the ability to log keystrokes on all activities from the time a user logs in, not just the commands that are prefixed with "sudo." In addition, this option implements several additional security features like restricted shells, remote host command execution, and hardened binaries that remove the ability to escape out of commands and gain undetected elevated access.
See www.oneidentity.com/products/privilege-manager-for-unix/ for more information about replacing sudo.
Privileged Access Suite for Unix offers two editions: Standard edition and Advanced edition. Both editions include the Management Console for Unix, a common mangement console that provides a consolidated view and centralized point of management for local Unix users and groups; and Authentication Services, patented technology that allows organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac OS X platforms and enterprise applications. In addition:
One Identity recommends that you follow these steps:
Deploy client software to remote hosts.
Depending on which Privileged Access Suite for Unix edition you have purchased, deploy one of the following:
Privilege Manager for Unix software (that is, Privilege Manager Agent packages)
The Authentication Services Upgrade Guide is intended for Windows, Unix*, Linux, and Macintosh system administrators, network administrators, consultants, analysts, and any other IT professionals who will be upgrading Authentication Services from a previous release. This guide walks you through one simple approach to upgrading Authentication Services, highlighting the changes and enhancements associated with installing and configuring Authentication Services using Management Console for Unix.
Of course, you can upgrade and install Authentication Services without using Management Console for Unix. You can find those instructions in the Authentication Services Installation Guide.
These are the basic Authentication Services upgrade steps:
* The term "Unix" is used informally throughout the Authentication Services documentation to denote any operating system that closely resembles the trademarked system, UNIX.
One Identity Authentication Services is patented technology that enables organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac OS X platforms and enterprise applications. It addresses the compliance need for cross-platform access control, the operational need for centralized authentication and single sign-on, and enables the unification of identities and directories for simplified identity and access management.
You can upgrade Authentication Services from any existing supported version of the product by installing Authentication Services on the computer where the old version was installed.
To upgrade Authentication Services, you must have local administrator rights to:
Note: Have your license available for the Setup wizard.
NOTE: Authentication Services 4.2 is stricter about following the default_etypes setting in vas.conf. If the domain is set up to only accept AES encryption types, prior to upgrading: