Novell Privileged User Manager 2.3 Readme

December, 2010

1.0 Documentation

The following sources provide information about Privileged User Manager:

2.0 Installing Privileged User Manager 2.3

Privileged User Manager can be downloaded from the Novell Downloads site.

To obtain the purchased license, log in to the Novell Customer Center and follow the link that allows you to download the software and the license key.

The ISO image contains the following directories and files for Framework Managers, Agents, and the Package Manager.

2.1 AIX

Package
novell-npum-agent-2.3.0-aix-5.1-powerpc.bff.gz
	Agent package for AIX* 5.1
novell-npum-manager-2.3.0-aix-5.1-powerpc.bff.gz
	Framework Manager package for AIX 5.1

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.2 HP-UX

Package
novell-npum-agent-2.3.0-hpux-11.00-hppa.depot.gz
	Agent package for HP-UX 11 and 11i HPPA
novell-npum-agent-2.3.0-hpux-11.23-ia64.depot.gz
	Agent package for HP-UX 11i v2 and v3 Itanium*
novell-npum-manager-2.3.0-hpux-11.00-hppa.depot.gz
	Framework Manager package for HP-UX 11 & 11i HPPA
novell-npum-manager-2.3.0-hpux-11.23-ia64.depot.gz
	Framework Manager package for HP-UX 11i v2 and v3 Itanium

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.3 Linux

Package
novell-npum-agent-2.3.0-linux-2.6-s390x.rpm
	Agent package for Linux on zSeries mainframes with a 2.6 kernel.
novell-npum-agent-2.3.0-linux-2.6-x86_64.rpm
	Agent package for Linux on Intel 64-bit machines with a 2.6 kernel
novell-npum-agent-2.3.0-linux-2.6-intel.rpm
	Agent package for Linux on Intel 32-bit machines with a 2.6 kernel
novell-npum-manager-2.3.0-linux-2.6-s390x.rpm
	Framework Manager package for Linux on zSeries mainframes with a 2.6 kernel
novell-npum-manager-2.3.0-linux-2.6-x86_64.rpm
	Framework Manager package for Linux on Intel 64-bit machines with a 2.6 kernel
novell-npum-manager-2.3.0-linux-2.6-intel.rpm
	Agent package for Linux on Intel 32-bit machines with a 2.6 kernel
novell-npum-manager-2.3.0-linux-2.6-intel.rpm
	Framework Manager package for Linux on Intel 32-bit machines with a 2.6 kernel

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.4 SLES10

Package
novell-pum-2.3.0-22885.i586.rpm
	Agent package on SLES10 32-bit machine
novell-pum-2.3.0-22885.x86_64.rpm
	Agent package on SLES10 64-bit machine
novell-pum-manager-2.3.0-22885.i586.rpm
	Framework Manager package on SLES10 32-bit machine
novell-pum-manager-2.3.0-22885.x86_64.rpm
	Framework Manager package on SLES10 64-bit machine

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.5 SLES11

Package
novell-pum-2.3.0-22885.i586.rpm
	Agent package on SLES11 32-bit machine
novell-pum-2.3.0-22885.x86_64.rpm
	Agent package on SLES11 64-bit machine
novell-pum-manager-2.3.0-22885.i586.rpm
	Framework Manager package on SLES11 32-bit machine
novell-pum-manager-2.3.0-22885.x86_64.rpm
	Framework Manager package on SLES11 64-bit machine

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.6 Solaris

Package
novell-npum-agent-2.3.0-solaris-2.8-intel.pkg.gz
	Agent package for Solaris* 2.8 Intel
novell-npum-agent-2.3.0-solaris-2.8-sparc.pkg.gz
	Agent package for Solaris 2.8 SPARC*
novell-npum-manager-2.3.0-solaris-2.8-intel.pkg.gz
	Framework Manager package for Solaris 2.8 Intel
novell-npum-manager-2.3.0-solaris-2.8-sparc.pkg.gz
	Framework Manager package for Solaris 2.8 SPARC

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

2.7 Tru64

Package
novell-npum-agent-2.3.0-tru64-5.0-alpha.tar.gz
	Agent package for Tru64 v5.x OSF1

For installation instructions, see the following sections in the Novell Privileged User Manager Getting Started Guide:

“Installing the Agents”

2.8 Windows

Package
novell_pum_agent_2.3.0_x86.msi
	Agent package for Windows 32 bits
novell_pum_agent_2.3.0_x64.msi
	Agent package for Windows 64 bits
novell_pum_manager_2.3.0_x86.msi
	Framework Manager package for Windows 32 bits
novell_pum_manager_2.3.0_x64.msi
	Framework Manager package for Windows 64 bits

For installation instructions, see “Installing a Framework Manager” in the Novell Privileged User Manager Getting Started Guide.

2.9 Package Manager

Package
novell-npum-packages-2.3.0.tar.gz
	Zipped file for setting up a local package manager.

For instructions on how to set up either the Framework Manager or an agent to be the local package manager, see “Setting Up a Package Manager” in the Novell Privileged User Manager Getting Started Guide.

3.0 Upgrading from Novell Privileged User Manager 2.2 to 2.3

To upgrade from Novell Privileged User Manager 2.2 to 2.3, you can download the packages from the Novell Customer Center or from Novell Downloads. Then you must add the packages to your Framework Manager and update your system with the Framework patch.You can then update the other packages.

To install new 2.3 agents, you need to download the ISO image from Novell Downloads or from the Novell Customer Center.

4.0 New Features

4.1 Windows Audit

Windows Audit is a service that enables you to view all the real-time and historical user activities on a local or remote Windows system. The user activities are known from the captured event log messages, which show all the user inputs and the resulting processes.

The user inputs are captured to the level of every keystroke and mouse clicks. For example, when the OK button is clicked, an event saying the OK button is clicked is generated and sent to the Windows Audit service.

For detailed information see "Monitoring the User Activities" in the Novell Administration Guide.

4.2 Privileged Account

The privileged account credentials and domain information are stored in domains and credentials. The user can create multiple credentials for a single domain.The credentials are securely stored in an encrypted form

For detailed information see “Privileged Accounts” in the the Novell Administration Guide.

4.3 Remote Desktop Protocol Relay

Remote Desktop Protocol Relay remotely connects you from the manager to a Windows machine without an agent; and, relays the executed commands through a secured connection.

For detailed information see “Remote Desktop Protocol Relay” in the Novell Administration Guide.

4.4 Secure Shell Relay

Secure Shell Relay (SSH Relay) provides the ability to access privileged accounts using a standard SSH client. This feature provides the ability to access Privileged User Manager functionality without a PUM agent on the target host.

SSH Relay allows users to connect to a remote host using secure shell without knowing the privileged account credentials such as password or identity certificate of the user.

For detailed information see “Secure Shell Relay” in the Novell Administration Guide.

4.5 LDAP Group Lookup

The LDAP Group lookup feature can be used to retrieve LDAP group membership information for a user stored in external LDAP directories, such as Novell eDirectory or Microsoft Active Directory. The information fetched can be used to perform external group matching in rules.

For detailed information see "LDAP Group Lookup" in the Novell Administration Guide

5.0 Known Issues

5.1 LDAP server certificate validation is ignored

On Windows and Linux platforms the LDAP server certification validation is ignored at the client side.

5.2 Uninstaller does not remove all PUM files and registry entries

When you uninstall Privileged User Manager, the uninstaller does not remove all the PUM files and registry entries.

To remove the complete Privileged User Manager folder, manually delete the existing files and restart the system.

5.3 RDP Relay related error message

An error message, "This computer cannot connect to the remote computer” is displayed when host name cannot be resolved either from DNS or Hosts file on a machine from where a user is trying to connect to an RDP relay session using RDP relay feature.

To resolve this issue, on the Windows machine from where you are trying to run the RDP relay session, add the hostname resolved to IP address on hosts file.

5.4 Account Domains are not Imported or Exported in Command Control

Account Domains are not imported or exported with the rest of the configuration for Command Control.

5.5 RPM upgrade issues on SLES platform

While upgrading RPM on SLES platforms from version 2.2.2.x to 2.3, new packages such as LDAP agent, SSH relay agent, SSH agent and Privileged Credential manager are unregistered.

To resolve this issue, do one of the following:

Use the unifi regclnt register to re-register the packages to manager.
Use the console to register the packages in hosts console.

5.6 RDP session cannot be connected when a screensaver or lock screen prompts appears

During an RDP session, if a screensaver appears or if the user locks the system, the RDP session cannot be connected.

To resolve this issue, you have to close the active RDP session and reconnect to a new RDP session.

5.7 Package Manager Update Issue

While upgrading from version 2.2.2 to 2.3 using Package Manager, new packages such as Privileged Credential Manager, SSH Relay Agent, SSH Agent are not installed.

To resolve this issue, install the new packages through the host's Install packages option.

6.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.