Chat now with support
Chat with Support

Safeguard Authentication Services 5.1.1 - Release Notes

Safeguard Authentication Services 5.1.1

Safeguard Authentication Services 5.1.1

Release Notes

05 April 2023, 14:50

These release notes provide information about the Safeguard Authentication Services 5.1.1 release. For the most recent documents and product information, see Safeguard Authentication Services - Technical Documentation.

About this release

Safeguard Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate Unix identities with Active Directory Windows accounts.

Safeguard Authentication Services 5.1.1 is a minor release that includes various bug and stability fixes. See Resolved issues for a list of fixes included in this release.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021. For definitions of support, see the Software Product Support Lifecycle Policy.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.


The following is a list of enhancements implemented in Safeguard Authentication Services 5.1.1.

Table 1: General enhancements
Enhancement Issue ID

The Samba Configuration policy has been updated to support all options of Samba version 4.13.17.

So far the Samba Configuration policy has made possible the setting of about 335 configuration variables in smb.conf. The policy has been updated to support all 496 configuration variables of Samba version 4.13.17.


SQLite has been upgraded to version 3.40.0.


Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in version 5.1.1
Resolved Issue Issue ID

From now on, the msds-supportedencryptiontypes attribute of new computer and service objects in AD are configurable.

vastool join, vastool create computer and vastool service create have a new -m option which makes it possible to configure the msds-supportedencryptiontypes attribute of computer and service objects in AD.


From now on, the existence of daemon user is checked less frequently. If no daemon user exists, do not force to change the current user.


Now on Linux systems tools link with libtinfo version 6 which have caused linker issues on older systems having version 5 only. This scenario is now detected during package install and a symlink will be created.


The vastool list user command does not return an error on HP UX.


Fixed an issue where systemd services like vasd have been disabled on package update or install.

This issue affected systemd-based Linux systems where chkconfig has also been installed. When upgrading, or newly installing and joining to domain, the vasd process is left running but the vasd.service is marked disabled. If the system is then rebooted, without explicitly enabling the vasd.service, the service is not automatically restarted on system startup.


Heimdal has been updated to version 7.8.0, fixing several vulnerabilities including CVE-2022-3437 (Overflows and non-constant time leaks in DES and arcfour).


vastool was not prepared for the interruption of communication with KDC. After the fix, such cases will be handled appropriately.


The vgptool apply command will not crash when used with debug level 5 or higher.


The /var/opt/quest/vas/vasd/.vasd_ipv4 file's permissions (666) were different from the permissions (644) of other files created by vasd in the same directory.

After the fix, .vasd_ipv4 will have the same permissions as other files.


vastool user getgroups should not have required a kerberos principal when it returned the group information from the local cache.

By default, vastool user getgroups returns the group information from the local cache. The -l option changes this behaviour so that vastool directly uses LDAP searches. In the first case, vastool should not have required a kerberos principal, but it did. After the fix, vastool user getgroups will require kerberos principal only when the -l option is used.


Getting group information will be served from the cache if the DC is not available.

If the Domain Controller can not be reached, user and group information will be served from the cache after the communication timeout.


Control Center crashed during startup when the Management Console for Unix Configuration fields were filled in.


Control Center started up several seconds slower if the Active Directory had a lot of Group Policy Objects. This issue has been fixed.

The regression only affected version 5.1.0.


Packages no longer ship the sysv init script on distributions where systemd is used.

Previously, One Identity shipped both sysv and systemd service files. This change has been introduced to avoid issues observed on SUSE and SLES where systemd-sysv compatibility is enforced and broken on default installations, preventing the service from being enabled.


Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 3: Known issues
Known Issue Issue ID

Upgrading vasgp to 5.1.1 on a Linux system may result in a warning. For more information, see KB 4370885.


Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating