This section describes items you should consider when upgrading CA ControlMinder on UNIX endpoints.
The default installation location has changed in r12.0 and is as follows:
/opt/CA/AccessControl
This release of CA ControlMinder uses CAPKI 4.1.2 instead of ETPKI 3.2. The upgrade is automatic and keeps the ETPKI 3.2 libraries on your computer if they are used by other components. To determine whether other components are using ETPKI 3.2, CAPKI uses an internal reference count. When this count equals 0, ETPKI 3.2 uninstalls on upgrade.
The SYSTEM_AAUDIT_MODE property in the SEOS class specifies the default audit mode for users and enterprise users (systemwide audit mode). When you upgrade to CA ControlMinder r12.5 SP1 or later, CA ControlMinder sets the value of the SYSTEM_AAUDIT_MODE property to the value of the DefaultAudit configuration setting in the [newusr] section of the lang.ini file.
Note: The default value of both the SYSTEM_AAUDIT_MODE property and the DefaultAudit configuration setting is Failure LoginSuccess LoginFailure.
CA ControlMinder takes into account resource group ownership when checking user authorization to a resource. This behavior was introduced in r12.0. In earlier releases, the authorization process considered only the resource's owner.
For example, you define a FILE resource with a default access of none and no owner that is a member to a GFILE resource with a named owner. In CA ControlMinder r12.0 and later, the named group owner has full access to the file. In earlier releases, nobody has access to the file.
The following syslog messages have been reduced to informational priority (INFO rather than ERROR):
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|