|
|
|
Reflection for Secure IT Windows Client Patch 6.0.2: Fixes, Features, and File Download
Technical Note 1870
Last Reviewed 10-Jan-2006
Applies To
Reflection for Secure IT Windows Client version 6.0.1 through 6.0.2
Summary
Technical Note 1870
Last Reviewed 10-Jan-2006
Applies To
Reflection for Secure IT Windows Client version 6.0.1 through 6.0.2
Summary
The Reflection for Secure IT version 6.0.2 patch is available to maintained users who already have the Reflection for Secure IT Windows Client 6.0 installed. This technical note provides a link to the 6.0.2 patch, a list of fixes included in Reflection 6.0.2, as well as those originally included in 6.0.1.
Note: This document references a Reflection patch. Before you can download or search for a patch from Attachmate, you must enter your Volume Purchase Account (VPA) number for the software to which the patch will be applied.
Obtaining the Patch
The Reflection for Secure IT version 6.0.2 patch file, R602377.exe, is available from the Download Library.
For information about applying or uninstalling a patch, see the following technical notes:
| How to apply a patch to a workstation installation of Reflection |
1615 |
| How to apply a patch to an administrative installation of Reflection |
1616 |
| Uninstalling a Reflection Patch |
1871 |
What's Fixed in 6.0.2?
The following new features and fixes are included in the Reflection for Secure IT version 6.0.2 patch. To view features and fixes relevant to the Reflection product you are using or evaluating, scroll to the appropriate product name below.
Secure Shell
Issues resolved in Reflection for Secure IT Secure Shell version 6.0.2:
- Secure Shell authentication fails with keys imported from F-Secure that have long comment fields.
Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection version 13.0.1 and Reflection for Secure IT 6.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)
Reflection SFTP
Issues resolved in Reflection for Secure IT SFTP version 6.0.2:
- Secure Shell authentication fails with keys imported from F-Secure that have long comment fields.
Reflection now authenticates correctly with imported keys that were generated using F-Secure and include a comment field that spans multiple lines. This problem can occur when keys are generated on machines in which the username@hostname string is longer than 14 characters. (The ability to import keys from F-Secure was added in Reflection for Secure IT 6.0.1, and requires that the F-Secure Fsclm.dll library from the F-Secure Windows client is on your system.)
- Client disappears during directory listing.
This patch fixes a problem that caused the SFTP Client to disappear when attempting a directory listing involving a large number of files. This problem was reported for connections to MVS and OpenVMS hosts.
What's Fixed in 6.0.1?
The following new features and fixes are included in the Reflection for Secure IT version 6.0.1 patch. To view features and fixes relevant to the Reflection product you are using or evaluating, scroll to the appropriate product name below.
Secure Shell
New features available in Reflection for Secure IT Secure Shell version 6.0.1:
- New settings for configuring Secure Shell authentication using your Windows domain credentials.
The Secure Shell Settings dialog box has new settings that make it easier to configure Reflection to authenticate to Reflection for Secure IT SSH servers using your Windows domain credentials. To do this:
- Open the Secure Shell Settings dialog box. (This procedure varies depending on which Reflection application you are running. See "Secure Shell, how to configure" in the application Help index.)
- On the General tab, under User Authentication select GSSAPI/Kerberos.
- On the new GSSAPI tab, select SSPI. This configures Reflection to authenticate using Microsoft's Security Support Provider Interface. When you log into a Microsoft Windows 2000 or 2003 domain, Reflection will now use your domain credentials to authenticate to the Secure Shell host. (This change is saved to the ssh config file using the new keyword GssapiUseSSPI.)
- New setting for specifying a service principal when using SSPI authentication.
The new GSSAPI tab in the Secure Shell settings dialog box includes a new setting called Use default service principal name. If you have enabled SSPI, you can use this setting to specify a service principal in a realm that is different from the Windows domain. Use a fully qualified host name followed by @ then the realm. For example, Host.acme.com@REALM. (This change is saved to the ssh config file using the new keyword GssServicePrincipal.)
For additional information about the new GSSAPI tab, see Technical Note 1938.
Issues resolved in Reflection for Secure IT Secure Shell version 6.0.1:
- Slow performance when configuring and making Secure Shell connections.
This patch fixes delays that were seen when opening the Secure Shell Settings dialog box, opening the User Key or Host Key tabs in this dialog box, making Secure shell connections, and disconnecting Secure Shell connections.
- Command line parameter support for the Sftp command line utility.
The sftp command line utility now supports use of both the -b and -H command line parameters. Prior to this patch, if you used both switches on the same command line, the second switch was ignored.
- Support for identifying which type of trusted host key has been stored on your computer.
You can now identify the host key type (SSH1 or SSH2) when you view the Trusted Host Keys list on the Host Keys tab of the Secure Shell Settings dialog box. SSH1 keys are now identified as RSA1 under Type. SSH2 keys are identified as either RSA or DSA.
- Incorrect prompt when password to an OpenVMS SSH server has expired.
This patch fixes a problem reported when connecting using Secure Shell to hosts running the SSH Corporation server in HP's TCP/IP package for OpenVMS. Prior to the patch Reflection displayed a prompt asking for a new passphrase (rather than password) when you tried to connect using an expired password. If you treated this prompt as if it said password, you could successfully update your password and connect. If you canceled the prompt, Reflection closed unexpectedly.
- Key upload fails if initial connection information is incorrect.
Reflection now uploads keys to the host successfully after an initial attempt fails because of incorrect host or user name information. Prior to this patch, you had to close the Secure Shell settings dialog box and then reopen it to upload a key successfully after a failed first attempt.
- Prompt to confirm remote key operations is not visible.
This patch fixes a problem that caused the confirmation prompt to be hidden beneath other windows when the Reflection key agent is configured to confirm remote key operations.
- Key upload fails when password authentication is not selected.
Reflection's key upload functionality now supports password authentication whenever you upload keys to the host. Prior to this patch, it was not possible to upload the key to a host if password authentication had been disabled. Reflection now prompts for a password to make the key upload connection to a host regardless of the current User Authentication setting for that host.
- Sftp command line utility does not honor X.509 certificate.
You can now perform sftp file transfer using the Reflection command line utility when a host certificate (PKI) is used for host authentication. Prior to this patch, sftp command line transfers failed if the host's public key was not in your known_hosts file.
Kerberos
Issues resolved in Reflection for Secure IT Kerberos version 6.0.1:
- "Use Windows logon credentials" is not available when running under Windows XP SP2 or Windows 2003 servers.
Microsoft changes to some Windows operating systems disabled the Reflection Use Windows logon credentials setting. This patch configures the Windows registry to allow Reflection Kerberos sessions to use session key in the the Windows Kerberos TGT ticket.
- Reflection fails to honor valid Windows Ticket Granting Ticket.
This patch fixes a problem that caused Reflection to present a password window when a Reflection TGT has expired, but a valid Windows TGT is still present.
Reflection SFTP
New features available in Reflection for Secure IT SFTP version 6.0.1:
- New settings to configure Secure Shell authentication using your Windows domain credentials.
See the Secure Shell section above for more information.
Issues resolved in Reflection for Secure IT SFTP version 6.0.1:
- See the Secure Shell section above for updates to Reflection's Secure Shell support.
- See the Kerberos section above for updates to Reflection's Kerberos support.
- "The parameter is incorrect" error when attempting to view some local files or directories.
You can now successfully view directories that include files with a Last Access Time of 0. Prior to this patch, attempts to view these files failed with an error message that read, "The parameter is incorrect." After this error message was displayed it was not possible to navigate to other local folders without first exiting and restarting the Client.
- Sftp command line utility parameter support.
The sftp command line utility now supports use of both the -b and -H command line parameters. Prior to this patch, if you used both switches on the same command line, the second switch was ignored.
- Sftp command line utility doesn't honor X.509 certificate.
You can now perform sftp file transfer using the Reflection command line utility when a host certificate (PKI) is used for host authentication. Prior to this patch, sftp command line transfers failed if the host's public key was not in your known_hosts file.
