Updates to Novell SecureLogin 6 sp1 6.0.111

This document (5007340) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

File	Product	Status	Patch
NSL6.0.110.zip	SecureLogin 6.0.1	Obsolete	Novell SecureLogin 6.0.110 patch 6.0.110

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: No

Priority: Recommended

Distribution Type: Public

http://download.novell.com/Download?buildid=BSkmnrdzjBg~

document

Revision: 8

Document ID: 5007340

Creation Date: 2007-12-06 11:39:34

Modified Date: 2008-05-14 17:49:08

abstract

NSL6.0.111 contains all updates to NSL6sp1 since the release of Sp1.

details

Overview:
Post SP1 fixes for Novell SecureLogin 6 sp1. Supersedes NSL6.0.110.

System Requirements:
NSL6sp1

Installation:
This update requires SP1 for SecureLogin version 6.0 to be installed on the workstation prior to this installation. If you own SecureLogin and desire a full release of this update that can be installed on a workstation that is not already running SecureLogin version 6.0, then please consult your normal Novell sales channel.

To install this update execute the file NSL_6_0_111_Update_20071204_07_05.exe

Uninstalling:
Novell SecureLogin can be uninstalled from Control Panel, Add / Remove programs

Fixes new to this release:

1. NSL product version shows incorrectly in registry (338586).
2. SSO.NPM dated 9-17-07 does not reflect appropriate version information (332211).
3. Secureworkstation network policy does not take effect using NMAS server v 3.1.2 (340954).
4. Corporate redirected applications are not viewable through iManager (208160).
5. Self-enrollment process does not work (291624).
6. SecureLogin SSO.NPM is showing duplicate logins for users (309403).
7. Issue with logging in to NSL offline mode using 6.0-Datastore version (298966).
8. SSO.NPM dated 9-17-07 does not allow the deletion of credentials (332214).
9. AlwaysClearUsername registry setting not working (293286).
10. Not able to re-authenticate to NSL offline using either password (or) passphrase (341225).
11. Slproto is shutdown on Citrix PS4 server when ANY published app that launched it is closed (310098).
12. NSL 6.0.110 queries for Public Key every two seconds (341203).

Fixes carried forward from NSL6.0.110:

1. Terminal Server Passthrough fails intermittently (206314).
2. Gina to Gina Passthrough Fails unless debugging is enabled on the Citrix Server (207574).
3. WM_Close event not always recognized (210028).
4. NSL changes the behaviour of a Web Application (220416).
5. Need an interface to pass credentials from LDAPAuth to local cache login (225196).
6. Corporate redirected applications not viewable through iManager. (208160).
7. HKLM\Software\Protocom\SecureLogin\ShowPassCacheOption is broken (219387).
8. SSO iManager plugin version does not reflect updated version (217632).
9. Blank error message after deleting gpo files (45676).
10. User gets repudiated if they change their own password (45662).
11. If SSO is not active when screen is locked, on unlock it will become active (45638).
12. Title bar broken in MMC dialog box shown when you don't have sufficient rights (44456).
13. SSO v6.0.100 RDP connection issue (44440).
14. SSO v6 - CTRL command not specific (44282).
15. IE will crash when changing password with a gmail account (45679).
16. Unable to unlock NSL systray icon if logged in Workstation Only. (200019)
17. NSL won't launch while disconnected. (214480)
18. Corrupted mandatory profiles when SL 6.0 is installed. (196265)
19. Onexception statement and subroutine prohibits users from canceling out of the Picklist. (205219)
20. NSL does not detect web login for Novell Access Manager authentication page. (193923)
21. NSL does not detect web login for Novell Access Manager authentication page. (193922)
22. NSL Hangs when running Reports in Explorer for Web App. (194796)
23. Unable to shutdown NSL with /shutdown switch if system tray icon is not present. (218466)
24. Directory user prompted twice to login when offline. NSL installed in LDAP Gina Mode (235105).
25. Cache file directory created in wrong location (235957).
26. JavaSSO error with multiple JREs running (226835).
27. Error administering NSL in standalone mode (244728).
28. Web embedded Java* SSO breaks with upgrade to 6.0.105 (226835).
29. With NSL in eDir mode, passphrases can now be disabled or hidden without SecretStore (243314).
30. Error message displayed referencing an incorrect path to the local cache file presented when a user without local administrative rights executes a Windows password change. (46276)
31. Roaming profile not loading after users change their password (46570).
32. New registry key can now be created and set on any SecureLogin client to specify the permanent deletion of obituary records (46719) (see Registry Keys carried forward from NSL6.0.106 below).
33. Windows group policy containing the SecureLogin SSO application definition not being applied (46798).
34. Errors reading certain web sites. ( 46584)
35. Unlocking the SecureLogin system tray icon fails if password protected - standalone mode (46967).
36. Users are prompted for passphrase after changing their own network password (230932).
37. NSL in LDAP Application mode launchs without authentication prompt (258643).
38. Slproto unloads if SecureWorkstation is active (268233).
39. Volatile key not cleared when Secure Workstation closes connection (268995).
40. Application launched by Post Policy Command closes after inactivity (269000).
41. Close all programs coninues to run after NSL is closed (269039).
42. Need option to specifically log out of NCP or LDAP connection see new registry key. (269041).
43. Have SecureWorkstation inactivity timer go inactive until NSL is (re)launched (269043).
44. Automate ini not handling NMAS options correctly (270214).
45. Installer does not give option to install java components if java 1.6 is the only JRE on the workstation (275363).
46. "PressInput" command not working properly (202220).
47. IESSO causing Java application errors in iManager (223631).
48. Smartcard functionality broken with PKI credentials (233980).
49. SecureLogin client prompts twice for password/passphrase when German (241085).
50. SLCredMan requests directory listing of the profile directory during login (207186).
51. Upgrade to 6.0.105 breaks web embedded Java sso (251357).
52. Passphrase question in Polish displayed incorrectly. (192474)
53. NSL 6.0.109 causes a NWLSCRPT.EXE failure in a Citrix Presentation Server 4 environment. (288553)
54. Unable to instantiate ScriptBroker module; 80080005 error on startup. (290418)
55. NSL does not go to offline seamlessly when network is disconnected. (293390)
56. Imanager SSO snapin showing NullPointerException if any application is created without application description. (293417)
57. Passphrase Invalid error returned when setting NSL to online. (294276)
58. NSL Returns Authentication error in ADAM mode. (295760)
59. Manager does not display the current datastore version. (208154)
60. IE Script runs much slower with NSL6 than it did with NSL3.51. (233051)
61. Add New Login Wizard doesn't correctly list just application definitions. (235519)
62. Unable to add second login to existing application definition. (237089)
63. Login names with / in the name do not display via non-secure connection. (240019)
64. Allow users to backup/restore not enforced on non-English install of NSL. (242649)
65. After setting Pass Phrase with SLAPTOOL you cannot not login if not connected to the network. (247262)
66. Users upgraded from 3.0 don't work with 6.0. (272445)
67. SecureLogin install fails to install Citrx components if ICA client version 10 is present. (272582)
68. Password Protect system tray not unlocking. (282317)
69. Error message: "SecureLogin has detected that a password change has occurred. For security reasons, it is necessary to log out of windows and log back in." (284569)
70. iManager shows data version as 3.5 when version has been changed to 6.0. (285290)
71. Error: "Unable to load %s." (287800)
72. Problem loading user profile on Citrix server after installing Novell SecureLogin. (289703)
73. iManager Data Store version showing incorrectly. (290424)
74. Cannot enter more than one passphrase question in slmanager. (284089)
75. Error when startup script and subsequent application script collide. (46782)
76. In the SLManager, administrators can now set multiple passphrase questions for users to choose. (49349)
77. Syspassword updates handled incorrectly in Active Directory mode when the users display name does not match the login name.
78. Non-English characters not handled correctly when installing Novell SecureLogin in ADAM mode.
79. When smart card support is selected during installation, a PINCACHE registry key is now created automatically and the value is set to 1. This does not change the default behavior of SecureLogin, and has no impact if ActivClient is used with Novell SecureLogin. However, for other middlewares, we recommend that this value be set to zero to enable the middlewares to handle store credentials on the card correctly.

Registry Keys carried forward from NSL6.0.108:

1.A registry key DWORD value called ObituaryRecordsDeletion must be manually created, set to the number of days the obituary records will live and stored in the following location:
HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin

If the new obituary registry key is not present the default value is 90 days, after which time all obituary records will be removed from the directory

2. NSL installation sets the following info depending on the mode of NSL
install(NDS/Ldap):

HKLM\SOFTWARE\Novell\NMAS\MethodData\Secure Workstation\\Policy

If NSL is installed in Novell client mode and SW is selected to be installed
- "UseClient32", a REG_DWORD set to 1
- "UseLDAPAuthClient", a REG_DWORD set to 0

If NSL is installed in Ldap mode and SW is selected to be installed,
- "UseClient32", a REG_DWORD set to 0
- "UseLDAPAuthClient", a REG_DWORD set to 1.

Using this configuration, SW monitors and acts on either the Client32 or the Ldap connection.

Security fixes carried forward from NSL6.0.106:

1. ADSCHEMA utility grants users excess permissions to their own attributes (47624).
2. Security issue with AD password change (248547).

(Note: the above security vulnerabilities occur in Active Directory environments. Novell strongly recommends this patch be applied in any Active Directory environment where NSL is installed, regardless of whether NSL is deployed in eDir or AD mode.)

file contents

Files Included	Size	Date
NSL60111.exe	48.9 MB (51333120)	2007-12-05 06:06:49
readme_5007340.html	N/A	2008-05-14 17:49:09

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.