Endpoint Privilege Management for Linux 25.1.1
February 25, 2025
New features
Just-in-time default access
Administrators no longer have to manually assign permissions when adding a new user. Instead, administrators can configure default access rules for single sign-on applications. When new users log in via an identity provider, they'll immediately have access to the site or application they need.
Enhancements
Client Auth: Certificates rotation (renewal)
Certificates generated after running pbactivate on the EPM-L endpoints are now automatically rotated and renewed before the expiry, when pbrun is invoked. At installation, certificates are valid for 365 days. By default, checks for certificate expiration start 30 days before expiry.
The sslcertcheckdays keyword overrides the default. The keyword immediately requests a new certificate if set to a value longer than the lifetime of the certificate being checked (e.g. 370).
Issues resolved
| Description | Resolution |
|---|---|
| On upgrades, pbsvcsched service wasn't starting on cached client. This was due to default values for loadsslibs and loadcurllibs changing to yes in 24.1.4 (on-prem) and 25.1.0 (SaaS). The upgrade was using the previous default value of ‘no’. | Updated the rpm postinstall script created pbcreatesaasclntlinuxpkg.sh.in. |
| When saving the Splunk credentials, the operation could timeout if it was longer than 30 seconds. | Splunk credentials are now saved asynchronously. |