Operating system, hardware, and network upgrades can affect your installation. Before making any changes to your system, contact a BeyondTrust Technical Support representative to review any corresponding changes that might be needed for your installation. We also strongly recommend that you run pbbench before and after making system changes. If you are making changes to a policy server host, then we also recommend pbcheck.
Operating System and Hardware Upgrades
Privilege Management for Unix and Linux must be reinstalled when making operating system or hardware upgrades. In the case of hardware upgrades, it may also be necessary to request a new license string from your BeyondTrust sales representative. If the unique machine ID generated by pbadmin --info --uuid for a primary license server host changes, then your current license string becomes invalid and Privilege Management for Unix and Linux no longer works.
Changes to the network environment may make it necessary to change the Privilege Management for Unix and Linux configuration. The specific actions required to configure Privilege Management for Unix and Linux during a network upgrade vary with the items that are installed or modified.
Add NIS, NIS+, and Netgroups
The NIS services maps must be updated if NIS, NIS+, or netgroups is configured after Privilege Management for Unix and Linux installation. Any superdaemons (inetd or xinetd) must also be restarted so that the new or updated port information is read from NIS.
If Kerberos is configured after Privilege Management for Unix and Linux installation, the Kerberos settings in the settings file need to be updated:
- Change the existing kerberos setting from no to yes.
- Check the keytab setting to see if it is relevant.
- Ensure that all of the principals and other Kerberos artifacts are added as appropriate.
For more information, please see keytab.
When mounting file systems across different platforms, ensure that the correct platform executable files are available for each platform and that the PATH environment variable points to the correct executable files for that platform.
Remember that Privilege Management for Unix and Linux daemon error logs, event logs, and I/O logs on remote mounted file systems are not supported.
When using DNS to resolve unqualified host names, run nslookup to verify a host name exists and resolves properly.
In all cases, remember to do the name and reverse lookup. Both must work correctly for Privilege Management for Unix and Linux to function.
Add a Firewall
If your installation needs to be updated to work through a firewall, then specific entries need to be updated or added in the /etc/pb.settings file.
Entries need to be updated or added in the /etc/pb.settings file if your Privilege Management for Unix and Linux installation needs to be updated to work with SSL.