SafeNet Agent for Pluggable Authentication Module CRN
Product Description
The SafeNet Agent for Pluggable Authentication Module (PAM) is a Two-Factor Authentication (2FA) solution to authenticate Linux users before granting system access. The SafeNet Agent for PAM can be easily configured for any number of Linux systems to provide a secure mechanism for protecting console or remote (SSH) login sessions.
By taking advantage of our industry-leading authentication solution, coupled with the flexibility of PAM, organizations can prevent their Linux systems from unauthorized access. Requiring a second factor of authentication, in addition to a valid username and password, is a critical measure for information security.
Resolved and Known Issues
Issue Severity and Classification
The following table serves as a key to the severity and classification of the issues listed in the Resolved Issues table and the Known Issues table, which can be found in the sections that follow.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists |
| H | High | Reasonable workaround exists |
| M | Medium | Medium-level priority problems |
| L | Low | Low-level priority problems |
Release Description
Release Summary – SafeNet Agent for Pluggable Authentication Module 1.2.0
The SafeNet Agent for Pluggable Authentication Module v1.2.0 release introduces the following significant features.
Note
Due to a known UI discrepancy in Ubuntu 22.04, we recommend to enable SSH for Ubuntu 22.04.
Added Operating System Support
SafeNet Agent for PAM is now compatible with Ubuntu 22.04 and RHEL 8.10.
Number Matching
The agent now supports MobilePASS+ push with number matching feature, which secures push authentications to protect against MFA fatigue or push bombing attacks.
Number matching gives control to the user for every login request, because they must select the number in the push notification on their MobilePASS+ application as is displayed on the login screen.
For more details, refer to Running the Agent section in SafeNet Agent for Pluggable Authentication Module: Installation and Configuration Guide.
Note
This feature is available on SAS PCE/SPE 3.20 (and above).
Release Summary – SafeNet Agent for Pluggable Authentication Module 1.1.0
The SafeNet Agent for Pluggable Authentication Module v1.1.0 release introduces the following OS support, enhancement, and resolves a customer-reported issue. The support for Cent OS is deprecated in this release and onwards.
Added Operating System Support
SafeNet Agent for PAM is now compatible with the RHEL 8.6 version.
**Enhancements **
SafeNet Agent for Pluggable Authentication Module (PAM) is re-designed with Thales branding. For more details, refer to SafeNet Agent for Pluggable Authentication Module: Installation and Configuration Guide
Resolved Issues
This release resolves a customer-reported issue. Please find below the details of the issues fixed in this release.
| Severity | Issue | Synopsis |
|---|---|---|
| H | SASNOI-16182 | Summary: The agent is not able to authenticate with the PUSH OTP on Ubuntu. This issue is now fixed. |
Release Summary – SafeNet Agent for Pluggable Authentication Module 1.0.2
The upgrade from any earlier release is not supported officially in this release. The earlier version, v1.0.1 was released using RPM (RedHat Linux and CentOS) and DEB (Ubuntu) files. The following issue was resolved in this release.
Resolved Issues
This release resolves some customer-reported issues. Please find below the details of the issues fixed in this release.
| Severity | Issue | Synopsis |
|---|---|---|
| H | SASNOI-10451 | Summary: The SafeNet Agent for PAM cannot authenticate successfully with the PUSH OTP on RHEL. |
Release Summary – SafeNet Agent for Pluggable Authentication Module 1.0.1
For better package management, the SafeNet Agent for PAM v1.0.1 is now released using RPM (RedHat Linux and CentOS) and DEB (Ubuntu) files. The earlier version, v1.0.0 was released using a TAR file. In addition, the following issues were resolved in this release.
Resolved Issues
This release resolves some customer-reported issues. Please find below the details of the issues fixed in this release.
| Severity | Issue | Synopsis |
|---|---|---|
| H | SASNOI-9762 | Summary: The SafeNet Agent for PAM cannot authenticate successfully with PUSH OTP. |
| SASNOI-9683 | Summary: Spelling error in the logs. |
Release Summary – SafeNet Agent for Pluggable Authentication Module 1.0.0
The SafeNet Agent for Pluggable Authentication Module 1.0.0 is a new, scalable authentication solution with native support for GrIDSure, PUSH and SMS tokens. The agent solution delivers the following additional features:
**Enhanced Security **
The AES-GCM encryption algorithm is used to provide faster and a more secure way to protect data exchange between the SafeNet Agent for Pluggable Authentication Module and the SAS solution. Enabled by enhanced security, the agent delivers a robust, and dependable authentication experience. A secure key standard, like AES-GCM, can also help you comply with your organization's security policy requirements.
Support for Transport Layer Security v1.2
Support for Transport Layer Security (TLS) v1.2 protocol is added.
Note
The following features of the SafeNet authentication will be supported with future releases:
- Password Reset on First Use
- Password Reset
Exception
If AutoLogin feature is enabled on a Linux system for a user, the SafeNet OTP functionality will not be invoked.
System Requirements
| Environment | Description |
|---|---|
| Tokens | All tokens supported by the SafeNet server. |
| SAS Releases | SAS PCE/SPE 3.16 (and above) SAS Cloud Edition |
| Operating Systems | RHEL 8.10 Ubuntu 22.04 |
Product
The following documentation is available:
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.
Support Contacts
For more information see Support Contacts.
