Server Suite 2025 Authentication Service and Privilege Elevation Service 6.2.0 Release Notes

Release Date: July 16, 2025

The Authentication and Privilege Elevation release notes describe changes to the following feature areas:

Access Manager	DirectControl Agent for *NIX	Report Services
Access Module for PowerShell	DirectControl Command Line Utilities	Roles and rights
Active Directory environment	Endpoint enrollment	RunAsRole
ADedit Agent for Windows	Group Policy Management	Smart Card
Application Manager	Licensing Service	Windows configuration and environment
Audit Trail Events	Network manager	Windows installation
Compatibility with third party products	NIS	Windows Installer
Configuration parameters	OpenLDAP Proxy	Windows SDK
Desktop with elevated privileges	OpenSSH	Zone Provisioning Agent

Changes in 2025.0.1

Fixed an issue where Windows updates (KB5064081/KB5065426) installed on Windows 11 24H2 systems with the Windows Agent installed blocked users from logging in to the enrolled system. (675226)
Fixed an issue where systemd did not stop the centrifydc service properly. (673910)
Fixed an issue where CentrifyDC 6.1.0+ caused the Ubuntu 24.04+ system update to fail. (674247)

This section describes new features included in this release.

Users can choose to create a shortcut to launch a privileged desktop. (566840)

This section provides an overview of the product improvements in this release.

Enhanced the smart login capability so that the login process skips certificates that are not RSA key type. (611597)
Changed the nss.user.group.prefer.cache default value to true. (633083)
Upgrading on Linux systems that have SELinux enabled will not terminate GDM sessions. (638756)

Implemented an enhancement so that users who have network access rights only cannot run applications with the privileged account. (642266)

Upgraded OpenLDAP to 2.5.19. (615915)

Upgraded cURL to v8.13.0. (615918)

Upgraded OpenSSH to 10.0p2. (638439)

Upgraded OpenSSL from v3.3.2 to v3.5.0. (609323)

This section lists notable issues that have been fixed in this release.

Fixed an issue where adgpresult showed incorrect update times. (603749)
Fixed an issue where adcheck still checked for NSCD (Name Service Cachine Daemon) even after NSCD was deprecated on Fedora 36 and later. (609317)
Fixed an issue where the adedit commands 'dn_to_principal' and 'principal_from_sid' didn't work for gMSA accounts. (624076)
Fixed an issue where an ERROR log about the connector refreshing showed up even if the platform instance was not even configured. (634039)
Fixed CVE-2025-24032 for smart card login. (639159)
Fixed an issue where the negation mark didn't work properly in pam.mfa.program.ignore. (643588)
Fixed an issue where adkeytab wrongly reported that a SAM account existed if the account with the same name existed in another domain in the same forest. (644070)
Fixed an issue where the id and groups commands were unable to retrieve group information starting from AIX 7.2 SP9. (649186)

Fixed an issue where slapd failed to properly handle non-zone searches for AD Groups. (605338)
Fixed an invalid access freed memory issue that may cause a core dump in slapd. (635781)
Fixed a memory leak issue in slapd. (637463)
Fixed a double free ldapSearchHandle issue that could cause a core dump in slapd. (637561)
Fixed an issue where an ldapproxy session would leak when there were multiple searches over a single connection. (646015)
Fixed an issue where ldapproxy couldn't process a filter like '(&(memberUid=adm_ulamo01)(objectClass=posixGroup))' (630605)

CentrifyDC-OpenSSH no longer replaces stock ssh binaries with symlinks that point to to cdcexec; it will create copies instead. (638050)
Fixed an issue where SSH pubkey authentication failed when GSSAPI was attempted first. (655063)