This document describes installation of the Run-time Environment for Sentinel LDK and Sentinel HASP, using DEB under the supported Ubuntu and Debian operating systems. ("Sentinel LDK" is the next generation of the Sentinel HASP system.)
The following topics are discussed:
The following Linux Intel (x86 and x86_64) distributions are supported:
The operating system versions listed in this section were tested by Gemalto and verified to be fully compatible with Sentinel LDK. Older operating system versions are likely to be fully compatible as well, but are not guaranteed. For reasons of compatibility and security, Gemalto recommends that you always keep your operating system up to date with the latest fixes and service packs.
For a list of the virtual environments supported, see "Supported Platforms for End Users" in the Sentinel LDK Release Notes.
The latest Release Notes can be seen at: http://sentinelldk.safenet-inc.com/LDKdocs/RN
Warning: If you downgrade the Run-time Environment to a previous version, license storage may become inaccessible. Licenses may be missing, and commands will fail with the HASP_DEVICE_ERR error. To recover, reinstall the latest Run-time Environment, although this may cause some licenses to be marked as "cloned".
Perform the following steps to install the Run-time Environment for Sentinel LDK or Sentinel HASP:
dpkg -i aksusbd_7.80-1_i386.deb
dpkg -i aksusbd_7.80-1_amd64.deb
Note: At this point, for older HASP HL keys, the firmware on the HL key may be automatically upgraded. During the upgrade process, the key will blink continuously. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center. If the key is not visible, or if the upgrade does not occur, refer to "Upgrading HASP HL Key Firmware" below.
For additional information, see “2.17 - Upgrading Sentinel LDK Run-Time Environment (RTE) Installer” in the Sentinel EMS Configuration Guide.
Do the following if you want to uninstall the Run-time Environment:
sudo dpkg -r aksusbd
Reference | Description |
---|---|
SM-15321 |
The Run-time Environment for Linux Intel now provides native support for both 32-bit and 64-bit architectures. You are no longer required to provide 32-bit support libraries (x86 compatibility packages) for the 64-bit architecture. Be sure to provide both 32-bit and 64-bit customized Vendor libraries with the Run-time Environment installer. |
Reference | Description |
---|---|
SM-12155 | If a customer applies a V2C update from a remote machine that has the Vendor library but no license from the same vendor, the error returned was HASP_UPDATE_TOO_NEW, which was confusing. Now the error returned is HASP_KEYID_NOT_FOUND. |
SM-14373 | When installing the Run-time Environment in a CentOS 7.x Docker, the message "Unsupported Linux distribution" was generated. |
SM-18502 | Defining an excessive number of User Restrictions in Admin Control Center would cause the License Manager Service to fail. |
SM-19981 | hasp_update would return an internal error for an HL Key when the license definition contains empty content in the default memory section. |
SM-26543 | Under certain circumstances, Sentinel License Manager would crash on the REST interface with long packets. |
SM-6477 |
Given the following circumstances:
A license was consumed for each session. (If the Feature is defined to count workstations and not sessions, only one license should have been consumed for a single SSH session from the same workstation.) |
This section describes security issues that may affect Sentinel products and that have been resolved in Sentinel Run-time Environment v.7.80.
For the latest information regarding these issues or any older or newly-discovered issues, see this Web page:
https://sentinel.gemalto.com/technical-support/security-updates-sm/
If you think you have found a security vulnerability, please send it to Gemalto using the links provided on the Web page provided above.
The vulnerabilities listed below affect the License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products. These vulnerabilities are resolved in Sentinel Run-time Environment version 7.80.
This section describes enhancements implemented and issues resolved in the last three major releases of Sentinel Run-time Environment.
Reference | Description |
---|---|
SM-21408 | The Admin Control Center help system was missing information regarding the new “Idle Timeout of Session” configuration parameter. |
SM-23320 | A possible security issue related to License Manager failure due to stack overflow on deep XML data (reported by Kaspersky) has been resolved. |
SM-23402 |
A possible security issue related to buffer overflow (reported by Kaspersky) has been resolved. |
Reference | Description |
---|---|
SM-13505 |
In the past, the timeout for an idle License Manager session was fixed at 12 hours. You can now set the timeout to any value between 10 minutes and 720 minutes (12 hours). The timeout value can be set as follows:
|
SM-14894 |
Admin Control Center now adds the update counter in C2V files in clear text - for example: <update_counter>5</update_counter> |
SM-19483 | Admin Control Center now recognizes the new V2CP format to update protection keys. This supports planned enhancements in Sentinel LDK v.7.8. |
Reference | Description |
---|---|
SM-11734 | When a Licensing API operation was performed repeatedly for an extended period of time with an HL key, the hasp_login function would fail with HASP_DEVICE_ERR=43. (Disconnecting and reconnecting the key would resolve the issue.) |
SM-15922 | Admin Control Center no longer requires the <?xml header in a V2C file. |
SM-17175 |
After system reboot/service restart, an SL AdminMode detached license would disappear from a recipient machine that had no other licenses. |
SM-18502 | In Admin Control Center, defining too many users in the User Restrictions field would cause the License Manager to fail. |
Reference | Description |
---|---|
SM-5318 |
The Run-time Environment now supports the use of the VMType3 clone protection scheme. |
Reference | Description |
---|---|
SM-13945 | The Readme files for earlier releases of Sentinel LDK Runtime Environment Installers for Linux incorrectly listed cases SM-901, SM-942, SM-4237, SM-6102, and LDK-14805 as being implemented or resolved in those releases. These cases are only relevant for Windows platforms. These cases has been removed from the cases listed in the Revision History section of this (version 7.61) Readme file and will not appear in the Revision History section in future Readme files for Runtime Environment Installers for Linux. |
Reference | Description |
---|---|
SM-1286 |
You can now enter the URL to access Sentinel EMS in your Web browser without changing the EMS URL to lowercase. |
SM-6525 |
In the past, Admin Control Center and Admin API provided a configuration parameter that determined whether a remote user could access and perform actions in Admin Control Center. However, this parameter did not control remote access to Admin API. |
Reference | Description |
---|---|
SM-515 | It was possible to rehost a cloned license to another machine. |
SM-518 |
The Diagnostics report in Admin Control Center (Diagnostics > Generate Report) displays information on "Recent Clients" and "Recent Users". Each entry contained a time stamp but not a date stamp. The report has been corrected to display both a time stamp and a date stamp for each entry. |
SM-552 |
On Linux and Mac machines, Admin Control Center would fail to download additional languages when the user clicked the More Languages option. |
SM-507 |
When an end user would unpack a Run-time Environment that was configured for the user by Sentinel EMS, the following warning was displayed: |
SM-555 |
When started, the License Manager would display warning messages similar to: There are no functionality issues related to these warning messages. |
SM-3687 |
A number of issues would occur under Arch Linux-2017.01.01-X64:
|
SM-9496 |
The License Manager and API no longer change the CPU affinity mask to force the process to run on all CPUs. They now keep the default affinity that was set at the process startup. |
SM-9755 |
When operated under Wine, Sentinel License Generation API was not communicating correctly with the Master key. The following message was displayed: |
Reference | Description |
---|---|
SM-4748 |
Sentinel Admin Control Center can now be used to configure the License Manager for the following additional considerations:
For more information, see "Configuring User Settings" in the Admin Control Center online help. |
Reference | Description |
---|---|
SM-4942 |
Various crash conditions in the License Manager that could be used for denial-of-service attacks or privilege-escalation attacks have been resolved. |
SM-7748 |
When a user issues a "detach license" request from a remote Admin Control Center, the user name cannot be included in request. As a result, User Restrictions (defined in ACC on the license server machine) that are based on the user name are handled as follows:
Sentinel Admin Control Center online help has been updated to describe these limitations. |
Reference | Description |
---|---|
SM-884 |
When a Sentinel EMS user performs an action in a Java-free Web browser that affect Sentinel protection keys in Sentinel EMS Vendor Portal or Customer Portal, the user would get the following message: “Either Runtime is not installed or the EMS portal URL is not configured in ACC. Download the Latest Runtime Installer (EXE / DLL)”. This message appears when the installed RTE is not configured to communicate with the Sentinel EMS machine. Until now, this configuration had to be performed manually. Now, when a user installs RTE 7.54 (or later) that was rebranded by Sentinel EMS 7.5.4 (or later), the installed RTE is already configured as required. No manual configuration is required. |
Reference | Description |
---|---|
SM-552 |
In Sentinel Admin Control Center on a Linux machine, when a user would click "More Languages", Admin Control Center would not contact the Gemalto server to search for available language packs. |
Reference | Description |
---|---|
LDK-16443 |
Given the following circumstances:
Instead of generating an error message and rejecting the update, the License Manager would generate the error message and then remove the original SL AdminMode license from the machine. (The license would be restored when the License Manager was restarted.) |
Reference | Description |
---|---|
LDK-13136 | Sentinel Licensing API would identify a Max Micro key as a Max key under certain circumstances. |
LDK-13455 |
Given the following circumstances:
|
LDK-13926 | The branded RTE Installer that is generated by Sentinel EMS did not copy the haspvlib correctly to /var/hasplm/. As a result, when hasp_update attempted to apply a V2C file, error 48 was generated. |
LDK-14274 |
Given the following circumstances:
|
LDK-14280 | HASP HL keys are not recognized correctly by the License Manager when keys from two or more vendors are connected to a given machine. |
LDK-15306 | On the Diagnostics page of Admin Control Center, the Requests counter would count a request to local licenses as a remote request. |
LDK-15307 |
Given the following circumstances:
|
LDK-16113 | When a V2C file to clear the “cloned” status of an SL Legacy license was applied, The “clear clone” operation was not applied correctly until the user restarted the machine. |
Reference | Description |
---|---|
LDK-7237 | Under certain circumstances, Admin Control Center would continue to show active sessions for an HL key after all sessions had logged out of the key. |
LDK-8994 | In Admin Control Center on Linux platforms: When the user clicked Show Recent Client Access on the Access From Remote Clients tabbed page, the user/hostname was not displayed. |
LDK-10273 | Admin Control Center would allow a license to be detached even though the termination date for the detach was invalid. |
LDK-10564 | The Vendor ID of a Master key was not the same in Admin Control Center pages and in diagnostic reports. |
LDK-11825 | Admin Control Center was not able to display an invalid HL key. Now such a key is visible in Admin Control Center with an indication that the key is not valid. |
LDK-12040 | Admin Control Center did not function correctly in the Konqueror browser if the Konquerors page cache was enabled. |
Reference | Description |
---|---|
LDK-7237 | Under certain circumstances, Admin Control Center would continue to show active sessions for an HL key after all sessions had logged out of the key. |
LDK-8994 | In Admin Control Center on Linux platforms: When the user clicked Show Recent Client Access on the Access From Remote Clients tabbed page, the user/hostname was not displayed. |
LDK-10273 | Admin Control Center would allow a license to be detached even though the termination date for the detach was invalid. |
LDK-10564 | The Vendor ID of a Master key was not the same in Admin Control Center pages and in diagnostic reports. |
LDK-11825 | Admin Control Center was not able to display an invalid HL key. Now such a key is visible in Admin Control Center with an indication that the key is not valid. |
LDK-12040 | Admin Control Center did not function correctly in the Konqueror browser if the Konquerors page cache was enabled. |
Reference | Description |
---|---|
140898 | Under the Linux operating system, Sentinel License Manager does not support the IPV6 network protocol. |
If the Sentinel HL key for a running application is disconnected, the application is suspended. When the key is re-attached, the application resumes, but it goes into the background. The application can be brought to the foreground using one of the shell built-in "fg" from the same terminal from where application had been launched.
Do the following to bring a background application to the foreground:
fg <%jobId>
The HASP HL Key Firmware has been modified to support future planned security enhancements in Sentinel LDK and Sentinel HASP. Sentinel LDK and Sentinel HASP automatically upgrade the Firmware on HASP HL keys from v.3.21 to the latest version (v.3.25). This occurs:
For HL keys with Firmware earlier than v.3.21, the upgrade does not occur automatically. Customers can upgrade the Firmware to v.3.25 by applying the Firmware Update V2C provided on the Sentinel HASP or Sentinel LDK Installation DVD v.5.0 and later.
During the Firmware upgrade, the relevant key will start to blink. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center.
Note: In the event the key is no longer visible using the Linux Run-time Environment, do the following on a Windows computer:
The HL key is upgraded to v.3.25 Firmware and will now be visible in the Linux Admin Control Center.
© Gemalto 2018. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries.