This section describes known issues for CA ControlMinder for UNIX.
Valid on Linux 64-bit Server
Install Ncurses 32-bit before installing CAWIN on Linux 64-bit servers.
Valid on VMware vCenter 4.0 u2
When CA ControlMinder is installed on VMware vCenter version 4.0 u2, the following occurs when the serevu daemon is running:
To work around this issue, do the following:
/etc/pam.d/
account required pam_per_user.so /etc/pam.d/login.map auth required pam_per_user.so /etc/pam.d/login.map password required pam_per_user.so /etc/pam.d/login.map session required pam_per_user.so /etc/pam.d/login.map
password sufficient pam_seos.so auth optional pam_seos.so account optional pam_seos.so session optional pam_seos.so
password sufficient pam_seos.so auth optional pam_seos.so account optional pam_seos.so session optional pam_seos.so
Valid on Linux
Currently, you cannot configure a JBoss JDBC password consumer on LInux.
Valid on AIX
If the PAM_login flag is not enabled, CA ControlMinder cannot detect the Active Directory user account correctly.
To work around this problem, enable the PAM_login flag in the log in program (LOGINAPPL) you set. Verify that seosd daemon accepts log in requests from PAM modules by setting the PamPassUserInfo token to 1 in seos.ini under the [pam_seos] section.
You can use the following command to set the login flags:
er LOGINAPPL SSH loginflags(pamlogin)
Valid for Keyboard Logger
CA ControlMinder does not record user sessions when a user logs in with a shell that is not defined in /etc/shells.
When PAM is activated, segrace is not called automatically for a grace login to FTP and SSH services.
To work around this issue on FTP, change the value of the LOGINFLAGS property to nograce in the LOGINAPPL record for the FTP service.
To work around this issue on SSH, do not call segrace from PAM. Instead, call segrace from the user or operating system startup script.
Valid on HPUX, and AIX
If UNAB is installed on the CA ControlMinder endpoint, CA ControlMinder PAM does not invoke the 'sepass' utility to reset the account password when the user password grace period expires.
This problem affects login applications that use loginflags(pamlogin), for example, SSH login, rlogin, FTP, and Telnet. SSH login is not recognized as a login action by CA ControlMinder on HPUX and AIX. To work around this problem, use loginflags(none) for SSH login applications.
Run the following command to set the token:
er LOGINAPPL SSH loginflags(none)
CA ControlMinder on Solaris does not bypass network events (bypass type PBN of SPECIALPGM records) for processes that start before CA ControlMinder starts.
File access check on a stat system call with the STAT_intercept token set to “1” is not supported on AIX systems.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|