Safeguard Authentication Services 5.1.3
Safeguard Authentication Services 5.1.3
Release Notes
16 November 2023, 16:45
These release notes provide information about the Safeguard Authentication Services 5.1.3 release. For the most recent documents and product information, see Safeguard Authentication Services - Technical Documentation.
About this release
Safeguard Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate UNIX identities with Active Directory Windows accounts.
Safeguard Authentication Services 5.1.3 is a minor release that includes various bug and stability fixes. For a list of fixes included in this release, see Resolved issues.
End of support notice
After careful consideration, One Identity ceased the development of Management Console for Unix (MCU). Therefore, MCU entered limited support for all versions on 01 April 2021, with support for all versions reached end of life on 01 November 2021. For the definitions of support, see the Software Product Support Lifecycle Policy.
As One Identity retired the MCU, its feature set has been built into modern platforms, starting with Software Distribution and Profiling. Customers that use MCU to deploy Safeguard Authentication Services and Safeguard for Sudo can now use the One Identity Ansible collections for those products. For the Ansible collections, see Ansible Galaxy.
The following is a list of issues addressed in this release.
Table 1: General resolved issues in version 5.1.3
Previously, vas_snapshot.sh failed if either username-attr-name or groupname-attr-name was set in vas.conf. After the fix, vas_snapshot.sh will not fail even if either of the mentioned configuration variable is set. |
435511 |
install.sh can now import One Identity endpoint public key on distributions using the RPM Package Manager.
Some Linux distributions, for example, SLES, enforce package signature verification if the package is signed, so install.sh failed to install the packages until the One Identity endpoint public key was not imported. From now on, in interactive or simple mode during a package install or update, install.sh will ask if package signature verification is needed. In unattended mode, it will import the public key automatically unless the --disable-public-key-import argument is specified. |
435702 |
Added support for djoin files generated on Windows Server 2022.
Previously, djoin files contained the Offline Domain Join credentials during an unattended join (see the vastool join -j option). If this file was generated on Windows Server 2022, Safeguard Authentication Services failed to parse it. |
416786 |
Fixed an issue where the database process sometimes crashed during groups caching on HP-UX systems. The issue was fixed by using a different method to create the SQL statement string. |
438364 |
Fixed an issue where if Safeguard Authentication Services failed to reach a cross forest domain controller during schema cache update, it stored the schema cache without the information about that forest, and defaulted to Windows 2003 R2. Since this schema information change also triggered a flush, it lost the user and group cache of that forest if it was operating schemaless.
The issue is now fixed. |
428006 |
Previously, vastool flush srvinfo failed to remove invalid entries from the srvinfo cache. After the fix, vastool flush srvinfo removes all entries. |
428081 |
Fixed an issue where the state of authselect could not be restored during package removal or a full deconfiguration. This caused PAM modules to be modified outside of authselect. |
432119 |
Fixed an issue where old filesets remained installed after an update if the new package was built for a different AIX version.
The fileset names in AIX packages will not contain the AIX version anymore. During update, old filesets get marked as obsolete, and if the update is successful, they are removed. |
198246 |
The Safeguard Authentication Services 5.1.2 version shipped bad builds for Linux ppc64le and aarch64. This caused exception handling to not work, resulting in several potential crashes, for example, when applying a group policy.
The issue is now fixed. |
437559 |
Previously, asdcom crashed on AIX when vasd daemon was not running. The vasd daemon also crashed occasionally.
These issues are now fixed. |
438253 |
Fixed an issue where vasd child processes logged all unexpected signals at debug level 2.
This issue was fixed by making sure unexpected signals are logged at error level. |
438282 |
The following table provides a list of supported UNIX and Linux platforms for Safeguard Authentication Services.
|
CAUTION: In Safeguard Authentication Services version 5.1.3, the following platforms and architectures are no longer supported:
|
Table 2: UNIX agent: Supported platforms
Alma Linux |
8, 9 |
x86_64, AARCH64, PPC64le, s390x |
Amazon Linux |
AMI, 2, AL2022 |
x86_64 |
Apple MacOS |
11.3 and above |
x86_64, ARM64 |
CentOS Linux |
6, 7, 8 |
s390x, PPC64, PPC64LE, x86, x86_64, AARCH64 |
CentOS Stream |
8, 9 |
x86_64, AARCH64, PPC64LE, s390x |
Debian |
Current supported releases |
x86_64, x86, AARCH64 |
Fedora Linux |
Current supported releases |
x86_64, x86, AARCH64, PPC64LE |
FreeBSD |
12.x, 13.x |
x86_64 |
HP-UX |
11.31 |
IA-64 |
IBM AIX |
6.1 TL9, 7.1 TL3, TL4, TL5, 7.2, 7.3 |
Power 4+ |
OpenSuSE |
Current supported releases |
x86_64, x86, AARCH64, PPC64LE, s390x |
Oracle Enterprise Linux (OEL) |
6, 7, 8, 9 |
x86_64, AARCH64 |
Oracle Solaris |
10 8/11 (Update 10), 11.x |
SPARC, x64 |
Red Hat Enterprise Linux (RHEL) |
6, 7, 8, 9 |
s390x, PPC64, PPC64LE, x86, x86_64, AARCH64 |
Rocky Linux |
8, 9 |
x86_64, AARCH64, PPC64LE, s390x |
SuSE Linux Enterprise Server (SLES)/Workstation |
12, 15 |
s390x, PPC64, PPC64LE, x86, x86_64, AARCH64 |
Ubuntu |
Current supported releases |
x86_64, x86, AARCH64 |
Before installing Safeguard Authentication Services 5.1.3, ensure that your system meets the minimum hardware and software requirements for your platform. The operating system patch level, hardware, and disk requirements vary by UNIX, Linux, and Active Directory platform, and are detailed in the One Identity Safeguard Authentication Services Administration Guide.
NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.