DocumentationRelease Notes
Documentation

Shared libraries | EPM-UL

When configured with Kerberos, SSL, LDAP, or PAM, EPM-UL requires the appropriate third-party libraries. The installation includes Kerberos, SSL, LDAP, and PAM libraries that are designed to work with EPM-UL.

We recommend you install these third-party libraries.

ℹ️

The shared libraries for the following operating systems are not currently supported:

  • NCR
  • IRIX
  • OSF
  • QNX

Kerberos

These settings are related to the shared libraries that are needed for Kerberos in EPM-UL.

sharedlibkrb5dependencies

  • Version 5.0.4 and earlier: sharedlibkrb5dependencies setting not available.
  • Version 5.1.0 and later: sharedlibkrb5dependencies setting available.

The libraries are listed in the order they are loaded (dependencies first). This setting should be used in either of the following circumstances:

  • The kerberos setting is set to yes, the pam setting is set to yes, and PAM uses Kerberos
  • The ssl setting is set to yes and the SSL libraries that are listed in the sharedlibssldependencies setting are dependent on the Kerberos libraries

By default, the shared libraries that are listed for this setting are the ones that are shipped with EPM-UL. However, you can replace them with libraries that are used by the PAM or SSL services that are installed on the EPM-UL host computer.

Example

sharedlibkrb5dependencies /usr/lib/beyondtrust/pb/libcom_err.so.3 /usr/lib/beyondtrust/pb/libk5crypto.so.3.1 /usr/lib/beyondtrust/pb/libkrb5.so.3.3 /usr/lib/beyondtrust/pb/libgssapi_krb5.so.2.2

Default

No default value

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

loadkrb5libs

  • Version 5.2 and earlier: loadkrb5libs setting not available.
  • Version 6.0 and later: loadkrb5libs setting available.

The loadkrb5libs setting determines whether the libraries that are listed in the sharedlibkrb5dependencies setting are loaded at runtime even if the value of the kerberos setting is no. This setting is ignored when kerberos is set to yes.This setting is useful in certain cases where the operating system is configured to use Kerberos and the EPM-ULsubmitconfirmuser() function returns false even when the correct Kerberos password is supplied.

Example

loadkrb5libs yes

Default

loadkrb5libs no

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

SSL

The following setting is related to the shared libraries needed for SSL use.

loadssllibs

  • Version 6.2.5 and earlier: loadssllibs setting not available.
  • Version 6.2.6 and later: loadssllibs setting available.

The loadssllibs setting determines whether the libraries that are listed in the sharedlibssldependencies setting are loaded at runtime even if the value of the ssl setting is no. This setting is ignored when ssl is set to yes.This setting is useful in certain cases where the operating system is configured to use SSL and we need to force EPM-UL to load the SSL libraries.

Example

loadssllibs yes

Default

loadssllibs no

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

sharedlibssldependencies

  • Version 5.0.4 and earlier: sharedlibssldependencies setting not available.
  • Version 5.1.0 and later: sharedlibssldependencies setting available .

The libraries are listed in the order they are loaded (dependencies first). This setting should be used in either of the following circumstances:

  • The ssl setting is set to yes
  • LDAP is used in the policy or by PAM and the LDAP libraries that are listed in the sharedlibldapdependencies setting are dependent on the SSL libraries

By default, the shared libraries listed for this setting are shipped with EPM-UL. However, you can replace them with libraries that are used by the SSL service that is installed on the EPM-UL host computer.

Example

sharedlibssldependencies /usr/lib/beyondtrust/pb/libcrypto.so.3 /usr/lib/beyondtrust/pb/libssl.so.3

Default

No default value

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

LDAP

The following setting is related to the shared libraries that are needed for LDAP use.

loadldaplibs

  • Version 6.2.5 and earlier: loadldaplibs setting not available.
  • Version 6.2.6 and later: loadldaplibs setting available.

The loadldaplibs setting determines whether the libraries that are listed in the sharedlibldapdependencies setting are loaded at runtime even if policy LDAP functions are not used. This setting is useful in certain cases where the operating system is configured to use LDAP and we need to force EPM-UL to load the LDAP libraries.

Example

loadldaplibs yes

Default

loadldaplibs no

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

sharedlibldapdependencies

  • Version 5.0.4 and earlier: sharedlibldapdependencies setting not available.
  • Version 5.1.0 and later: sharedlibldapdependencies setting available .

The libraries are listed in the order they are loaded (dependencies first). This setting should be used in either of the following circumstances:

  • LDAP is used in the EPM-UL policy
  • The pam setting is set to yes and PAM is using LDAP

By default, the shared libraries that are listed for this setting are shipped with EPM-UL. However, you can replace them with libraries that are used by the LDAP service that is installed on the EPM-UL host computer.

Example

sharedlibldapdependencies /usr/lib/beyondtrust/pb/liblber.so.2.0.200 /usr/lib/beyondtrust/pb/libldap.so.2.0.200

Default

No default value

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

Shared library directory location for AIX

For AIX, the directory for installing third-party libraries must be in one of the following locations:

  • /usr/lib/symark/pb
  • /usr/lib
  • /lib
  • /usr/local/lib

If any other directory is specified, then it is rejected with an error message stating that you must use one of these four directory locations.

Shared library file name for AIX

The notation that is used on AIX to specify some libraries (Kerberos and LDAP) is different from other platforms. On AIX for third-party libraries that are archives, you also need to specify the shared object that is a member of the archive and add it to the file name.

Example

If libcom_err.a.3.0 is an archive and shr.0.3.0 is the actual shared object, then the file specification for the member of the archive is:

libcom_err.a.3.0(shr.0.3.0)
ℹ️

For SSL, because the library is not an archive, it is not necessary to alter the file name.

PAM

The following are the shared libraries needed for PAM use.

libpam

  • Version 5.2 and earlier: libpam setting not available.
  • Version 6.0 and later: libpam setting available.

libpam is a user-defined PAM library that EPM-UL uses as a first option in case the system does not use the standard default PAM libraries. The notation used for AIX to specify the OS-provided PAM library is the following:

/usr/lib/libpam.a(shr.o)

Example

libpam /lib/libpam.so.1

Default

No default value

Used on

  • Policy server hosts
  • Submit hosts
  • Run hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

Updated 10 days ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.