Summary of changes
Changes made to IBM® MFA for Version 2 Release 2.
New
The following information is new.
- July 2023 Version 2.2 refresh
-
- As of version 2.2.0.7 of IBM MFA, the RPM installation
behavior for the server has changed. The installation phases
relating to the IBM MFA
database are no longer invoked directly from the server RPM
installation script. Instead, the installation RPM copies the
following shell scripts to the /opt/IBM/MFA/db
directory:
- mfadb10-init.sh
- This script allocates database directories and files, and starts the postgres server process.
- mfadb20-create.sh
- This script creates a postgres user to own the MFA database, and creates an empty IBM MFA database, owned by that user, in the directory created by the mfadb10-init.sh script.
- mfadb30-populate.sh
- This script creates IBM MFA table structures inside the database that was initialized and created during previous installation phases.
- mfadb-status.sh
- This script uses the pg_ctl utility to check Postgresql status on the system, as it relates to the IBM MFA database.
- mfadb-bkup.sh
- This script uses the pg_dumpall utility to create a backup of the IBM MFA database contents.
The installation steps for new installations have been updated to reflect this change, as described in Installing IBM MFA server and GUI. For upgrade installations, no additional steps are required.
- As of version 2.2.0.7 of IBM MFA, the RPM installation
behavior for the server has changed. The installation phases
relating to the IBM MFA
database are no longer invoked directly from the server RPM
installation script. Instead, the installation RPM copies the
following shell scripts to the /opt/IBM/MFA/db
directory:
- November 2022 Version 2.2 refresh
- Version 2.2
-
- The RSA SecurID Authentication API authentication method is added in this release, as described in Configuring IBM MFA for RSA SecurID Authentication API.
- PAM authentication for Linux clients is added in this release, as described in Configuring PAM for Linux clients.
- Configuring server options is updated with new settings for Admin Session Timeout in Seconds and SSL Trace Level.
- Single-key encryption is added to TOTP authentication, as described in Configuring the TOTP authentication method.
- Using IBM MFA URLs is added to clarify the use of the IBM MFA URLs.
- November 2021 Version 2.2 refresh
-
- The section Updating postgres is added in this release.
- The section Updating IBM MFA server and GUI is added in this release.
- April 2021 Version 2.2 refresh
-
- The IBM MFA server installs the mfa.service, which has dependencies on postgresql and pkcsslotd systemd services. The systemd service ensures that the dependent services are running before starting IBM MFA server. Multiple sections have been updated to reflect this change.
- The azf_administrator_util command is enhanced in this release, as described in Managing IBM MFA administrator IDs.
- Approving user certificates and Preparing user devices for TOTP authentication are updated with easier to use enrollment URLs.
- January 2021 Version 2.2 refresh
-
- Added editorial improvements and cross-reference link updates.