Configure Third-Party Libraries
When Endpoint Privilege Management for Unix and Linux is configured with Kerberos, SSL, LDAP, or CURL, it requires the appropriate third-party libraries. The Endpoint Privilege Management for Unix and Linux installation provides Kerberos, SSL, LDAP, or CURL libraries that are designed to work with Endpoint Privilege Management for Unix and Linux. It is recommended that you install the Endpoint Privilege Management for Unix and Linux third-party libraries. However, you do have the option of using your own third-party libraries.
Shared libraries can be adversely affected when both interactive and packaged Endpoint Privilege Management for Unix and Linux installations are present on the same computer. For more information, see Installation Preparation.
Use Endpoint Privilege Management for Unix and Linux Third-Party Libraries
If you have your own Kerberos, SSL, LDAP, or CURL libraries but wish to use Endpoint Privilege Management for Unix and Linux third-party libraries, you should do one of the following:
- Remove your libraries from /usr/lib or /lib and point to the Endpoint Privilege Management for Unix and Linux third-party libraries in /usr/lib/beyondtrust/pb or /usr/lib/symark/pb in pb.settings.
- Replace your third-party libraries with the Endpoint Privilege Management for Unix and Linux third-party libraries in /usr/lib or /lib and specify this directory in pb.settings.
Third-Party Library File Names and Locations
If you are installing Endpoint Privilege Management for Unix and Linux shared libraries, the following files are installed:
- Kerberos:
- llibcom_err.so.3.0
- libk5crypto.so.3.1
- libkrb5support.so.0.1
- libkrb5.so.3.3
- libgssapi_krb5.so.2.2
- SSL:
- libcrypto.so.1.1
- libssl.so.1.1
- LDAP:
- liblber-2.5.so.0.1.7
- libldap-2.5.so.0.1.7
- CURL:
- libcurl.so.4.8.0
Shared Library Directory Location for AIX and HP (PA RISC)
For AIX and HP (PA-RISC), the directory for installing third-party libraries must be in one of the following locations:
- /usr/lib/beyondtrust/pb
- /usr/lib
- /lib
- /usr/local/lib
If any other directory is specified, it is rejected with an error message that instructs you to use one of these directory locations.
Shared Library File Name for AIX
The notation used on AIX to specify LDAP libraries is different from other platforms. On AIX, for archived third-party libraries, you need to specify the shared object that is a member of the archive and add it to the file name.
The notation for default LDAP libraries is:
- /usr/lib/beyondtrust/pb/liblber-2.5.a(liblber-2.5.so.0)
- /usr/lib/beyondtrust/pb/libldap-2.5.a(libldap-2.5.so.0)
For example, if libcom_err.a.3.0 is an archive and shr.0.3.0 is the actual shared object, the file specification for the member of the archive is libcom_err.a.3.0(shr.0.3.0).
For SSL and Kerberos, it is not necessary to alter the file name because the library is not an archive.
Use Your Own Third-Party Libraries
If you have chosen to configure Endpoint Privilege Management for Unix and Linux with Kerberos, SSL, or LDAP, and do not load Endpoint Privilege Management for Unix and Linux built-in third-party libraries, you must specify your own shared library file names. If you have Kerberos, SSL, or LDAP libraries of your own in /usr/lib or /lib and you are using them for other applications, you need to use your libraries for Endpoint Privilege Management for Unix and Linux as well and not use any of the libraries in /usr/lib/beyondtrust/pb or /usr/lib/symark/pb. During the Endpoint Privilege Management for Unix and Linux installation, specify no for the install option Install BeyondTrust built-in libraries, and then enter the appropriate shared library directory and filename.
For more information about the installation instructions, see Advanced Installation Instructions Using pbinstall.
Install Third-Party Libraries in Future Installations
If you do not enable the third-party libraries during the Endpoint Privilege Management for Unix and Linux installation and in the future you decide to enable Kerberos, SSL, or LDAP in your Endpoint Privilege Management for Unix and Linux policy, then you must do the following:
- Install Endpoint Privilege Management for Unix and Linux third-party libraries or your own third-party libraries.
- In the pb.settings file, do one of the following:
- If you are using the Endpoint Privilege Management for Unix and Linux third-party libraries, specify the directories to install the operating system third-party libraries in by setting the following keywords to specify the full path and library file names:
- sharedlibkrb5dependencies
- sharedlibssldependencies
- sharedlibLDAPdependencies
- sharedlibcurldependencies
- If you are using the Endpoint Privilege Management for Unix and Linux third-party libraries, specify the directories to install the operating system third-party libraries in by setting the following keywords to specify the full path and library file names:
If you are using your own third-party libraries, then perform the following actions.
- Specify the Kerberos library setting and provide the full path and library file names.
- Specify the SSL library setting and provide the full path and library file names.
- Specify the LDAP library setting and provide the full path and library file names.
- Specify the CURL library setting and provide the full path and library file names.
- Ensure that your libraries are listed in the correct order. For example, if lib1 is dependent on lib2, you must list lib2 first, followed by lib1.
