How it Works
HP
Loading...
H
Loading...
Loading...
HP-UX DCE
Setup and Install
168 pgs276.77 Kb0

HP HP-UX DCE Setup and Install

Planning and Configuring HP DCE 1.7
First Edition
B3190-90073
E1197
November 1997
Printed in: U.S.A.
© Copyright 1997 Hewlett-Packard Company. All Rights Reserved.
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance or use of this material.
Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
This document contains proprietary information which is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Hewlett-Packard Company.
RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.2277013.
Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 U.S.A.
Rights for non-DOD U.S. Government Departments and Agencies are as set forth in FAR 52.22719(c)(1,2).
UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Limited.
ii
Contents
1. About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
OSF DCE Components Included in This Release. . . . . . . . . . . . . . . . 1-2
HP DCE/9000 Features Added by Hewlett-Packard . . . . . . . . . . . . . 1-3
Features Added at Previous Releases of HP DCE. . . . . . . . . . . . . . 1-3
Features Added at HP DCE 1.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Features Removed at HP DCE 1.6 and 1.7 . . . . . . . . . . . . . . . . . . . 1-6
Version Identification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6
Cell Configuration and Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Common Desktop Environment (CDE) and Online Help. . . . . . . . . . 1-7
DES and DES-Hidden Versions of this Release . . . . . . . . . . . . . . . . . 1-7
Limitations of This Release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Limitations of OSF DCE 1.2.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
HP DCE 1.6 and 1.7 Limitations on OSF DCE 1.2.1
Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
System Utilities Not Integrated with DCE Security . . . . . . . . . . . . . 1-9
Interoperability and Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Binary Compatibility with Previous HP DCE Releases. . . . . . . . . . 1-10
Source Code Compatibility with Previous HP DCE Releases . . . . . 1-11
Interoperability with Other Implementations of OSF DCE . . . . . . 1-11
Interoperability of the DES and DES-Hidden Versions. . . . . . . . . . 1-12
Kerberos Authentication Protocol Compatibility . . . . . . . . . . . . . . . 1-13
DCE Support for Kerberos Applications and Configuration
Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Remote Services File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
Support for Secure Internet Services . . . . . . . . . . . . . . . . . . . . . . . . 1-14
DCE GSS-API Interoperability with MIT and Third-Party
Kerberos Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Notes, Cautions and Warnings Regarding This Release. . . . . . . . . . . 1-16
dcecp host Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
Security and Remote Login Utilities. . . . . . . . . . . . . . . . . . . . . . . . . 1-16
iii
Contents
Security and Credential Lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . .1-16
ANSI C Requirement for HP DCE/9000 . . . . . . . . . . . . . . . . . . . . . .1-17
dce_login -r Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17
Removing DCE Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17
HP-UX Integrated Login Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . .1-18
The DCE Audit Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-18
Setting LANG and NLSPATH Environment Variables . . . . . . . . . .1-19
dcecp in Local Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19
dcecp secval Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20
HP DCE/9000 Interoperability with SharedPrint/UX . . . . . . . . . . .1-20
k5dcelogin Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20
Features Planned for a Future Release . . . . . . . . . . . . . . . . . . . . . . . .1-21
Future Support for POSIX 1003.1c Threads . . . . . . . . . . . . . . . . . . .1-21
HP DCE 1.7 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-22
Printed Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-22
Online Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23
Online Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23
Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-24
HP DCE Online Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-24
Accessing DCE Online Help From CDE. . . . . . . . . . . . . . . . . . . . .1-25
Embedded Online Help for HP DCE Cell Administration
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-25
HP DCE Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-26
HP DCE Account Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-26
HP DCE Account Manager Documentation. . . . . . . . . . . . . . . . . .1-26
Installing the Account Manager . . . . . . . . . . . . . . . . . . . . . . . . . . .1-26
Running the Account Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . .1-27
Tips for New Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-28
Managing Very Large Cells with Account Manager . . . . . . . . . . .1-28
Account Manager Limitations and Exceptions . . . . . . . . . . . . . . .1-29
iv
Contents
HP Password Management Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31
Example Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31
Build Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
Administrative Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
2. Migrating to HP DCE 1.7
Migration Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Contents of HP DCE Client and Server . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Migration Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Migrating the Cell Directory Service from HP DCE 1.3.1 . . . . . . . . . . 2-6
Migrating Remote Administration of dced from HP DCE 1.3.1 . . . . . 2-7
Migrating from HP DCE 1.2, 1.2.1 or 1.4.2 on HP-UX 9.x
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Migrating an HP DCE 1.3.1 or 1.4 Client on HP-UX 10.01
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Migration Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Migrating an HP DCE 1.4.1 Client on HP-UX 10.10
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Migration Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Migrating an HP DCE 1.4 Server on HP-UX 10.01
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Migration Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Migrating a System Without Retaining Cell Configuration. . . . . 2-11
Migrating a System and Preserving Current Cell
Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Migrating an HP DCE 1.4.1 Server on HP-UX 10.10 to HP DCE 1.7 on
HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Migration Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Migrating a System Without Retaining Cell Configuration. . . . . 2-13
v
Contents
Migrating a System and Preserving Current Cell
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-13
Migrating an HP DCE 1.5 Server on HP-UX 10.20
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15
Migration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15
Migrating a System Without Retaining Cell Configuration . . . . .2-15
Migrating a System and Preserving Current Cell
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15
Migrating an HP DCE 1.6 Server on HP-UX 10.30
to HP DCE 1.7 on HP-UX 11.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17
Migration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17
Migrating a System Without Retaining Cell Configuration . . . . .2-17
Migrating a System and Preserving Current Cell
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17
3. Before Installing HP DCE/9000 Version 1.7
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . .3-3
Series 700 and 800 Kernel Parameter Recommendations . . . . . . . . .3-3
Distribution Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4
Network Distribution Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4
Preinstallation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Determining Cell Boundaries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Intercell Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
DCE Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
Client Core Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
Cell Directory Service Configuration . . . . . . . . . . . . . . . . . . . . . . . .3-7
Time Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7
HP DCE Installed Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8
vi
Contents
4. Installing HP DCE 1.7
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Loading HP DCE Software in a Network Source Area . . . . . . . . . . . . . 4-3
Software Loading Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Installing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Installation Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
5. Configuring HP DCE Cells
Choosing a Cell Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
DCM and dce_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Advantages of DCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Limitations of DCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Configuring Cells with DCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Overview of DCM Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Important Security Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Requirements for Running DCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Running DCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Online Help for DCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Printing the DCM Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Configuring Cells Using dce_config. . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Starting dce_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Initial Cell Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Configuring Additional CDS Servers . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Notes on Configuring Additional CDS Servers . . . . . . . . . . . . . . . 5-14
Configuring Client Systems: Security, CDS, and DTS . . . . . . . . . . . 5-15
Configuring GDA Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Creating a Security Server Replica. . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Configuring the DCE Audit Service . . . . . . . . . . . . . . . . . . . . . . . . . 5-18
vii
Contents
Removing Systems from the Cell . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-19
Removing and Reconfiguring the DCE Daemons . . . . . . . . . . . . . . .5-20
dce_config Error and Message Logging. . . . . . . . . . . . . . . . . . . . . .5-21
Additional Notes About Log Messages . . . . . . . . . . . . . . . . . . . . . . .5-23
Component Scripts and Environment Variables for dce_config. . .5-24
dce_config Component Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24
dce_config Environment Variables. . . . . . . . . . . . . . . . . . . . . . . .5-25
Note for Users of NCS-based Software . . . . . . . . . . . . . . . . . . . . . . . . .5-29
Integrating DCE Services with
MC/ServiceGuard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-30
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-30
Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-31
Planning for a DCE-MC/ServiceGuard Installation . . . . . . . . . . . . .5-32
Hardware Requirements for a DCE-MC/ServiceGuard
Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33
Implementation Alternatives for a DCE-MC/ServiceGuard
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33
Supported Templates for MC/ServiceGuard Integration
with DCE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-34
Planning for the DCE Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-35
DCE Configuration for Integration with ServiceGuard . . . . . . . . . .5-36
Configuring the ServiceGuard Cluster. . . . . . . . . . . . . . . . . . . . . .5-36
Configuring DCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-37
Configuring the Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-38
Distributing the Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-39
Starting the ServiceGuard Cluster. . . . . . . . . . . . . . . . . . . . . . . . .5-39
Starting the Package on the ServiceGuard Cluster. . . . . . . . . . . .5-39
Summary of DCE-MC/ServiceGuard Installation
and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-40
viii
Contents
6. HP-UX Integrated Login
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Deciding Whether to Use HP-UX Integrated Login . . . . . . . . . . . . . . . 6-4
Operation of Integrated Login Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Activating HP-UX Integrated Login. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Deactivating HP-UX Integrated Login. . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Inquiring about Authentication Policy. . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Notes, Cautions, and Warnings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Integrating DCE with HP-UX Integrated Login . . . . . . . . . . . . . . . . . 6-13
Overview of HP-UX Integrated Login Features. . . . . . . . . . . . . . . . 6-13
Deciding Whether to Integrate DCE with HP-UX Integrated
Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Operation of the HP-UX Integrated Login Utilities. . . . . . . . . . . . . 6-14
Preparing to Integrate DCE with HP-UX Integrated Login . . . . . . 6-15
Configuring HP-UX Integrated Login with DCE . . . . . . . . . . . . . . . 6-17
Configuring ux as a Fallback Technology for DCE. . . . . . . . . . . . . . 6-19
Unconfiguring DCE from HP-UX Integrated Login. . . . . . . . . . . . . 6-21
Notes, Cautions, and Warnings About Using HP-UX
Integrated Login with DCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21
DCE and Anonymous FTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23
AFS and Kerberos Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
ix
Contents
7. Notes on Cell Administration
Diagnostic Tool — dceping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Enhanced CDS Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3
Features of the HP DCE/9000 CDS Browser. . . . . . . . . . . . . . . . . . . .7-3
Overview of Enhanced HP DCE CDS Browser Features . . . . . . . . . .7-4
Creating and Deleting Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Showing CDS Entry Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Editing CDS ACL Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Editing DCE Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Manage Replica Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Log in to DCE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
User Interface Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Default Action on Double Clicking . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
CDS Browser Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
CDS Browser Online Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
CDS Browser Reference Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Administering CDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Deleting a Clearinghouse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Skulking Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Known CDS Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
Resource Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
Clock Reversal Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
Establishing Intercell Communication. . . . . . . . . . . . . . . . . . . . . . . . . .7-9
Specifying DNS Servers that GDA Should Query. . . . . . . . . . . . . . . .7-9
Choosing DNS Servers for GDA to Query . . . . . . . . . . . . . . . . . . .7-10
Creating DNS Resource Records for a DCE Cell. . . . . . . . . . . . . . . .7-11
Establishing Peer-to-Peer Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12
Miscellaneous Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-14
x
Contents
8. HP DCE Measurement Service
Overview of DMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
DMS Restriction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
DMS Prerequisite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Enabling and Disabling DMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Performance Considerations of DMS . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
DMS Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Accessing DMS Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
DCE Global Activity Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
DCE Process List Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
DCE Process Activity Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
DCE Interface Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
DCE Operations Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
xi
Contents
xii
About this document
This document describes features of HP DCE/9000 V ersion 1.7 specific to Hewlett-Packard. For features of standard DCE, see the OSF documentation.
This book is organized as follows:
• Chapter 1 provides an overview of HP DCE 1.7; it includes information about new features, limitation, interoperability and compatibility, changes at the next release, and documentation. Chapter 1 also includes information about DCE Account Manager, Cell Monitor, and the Password Management Server.
• Chapter 2 describes how to migrate from HP DCE 1.2, 1.2.1, 1.3.1,
1.4, 1.4.1, 1.4.2, 1.5 or 1.6 to HP DCE 1.7.
• Chapter 3 describes hardware and software prerequisites and preinstallation planning for HP DCE 1.7.
• Chapter 4 describes installing HP DCE, including the products and file sets that make up HP DCE 1.7.
• Chapter 5 describes configuring HP DCE Cells; Chapter 5 also describes how to configure MC/ServiceGuard with HP DCE.
• Chapter 6 describes HP-UX integrated login and how to integrate it with HP DCE.
• Chapter 7 describes diagnostic tools for cell administration, the enhanced CDS browser, administrating CDS, establishing intercell communication, and miscellaneous notes about cell administration.
• Chapter 8 describes the HP DCE Measurement Service (DMS).
xiii
xiv
1 About HP DCE/9000 Version 1.7
HP DCE/9000 Version 1.7 (HP DCE 1.7) makes the functionality of OSF DCE Version 1.2.1 available on HP 9000 Series 700 and Series 800 systems running HP-UX 11. HP DCE 1.7 also includes new functionality and bug fixes.
1-1
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
HP DCE/9000 Core Services Software
HP DCE/9000 Version 1.7 is based on OSF DCE Version 1.2.1 source code, with bug fixes and value-added functionality. This section describes the contents of this release.
OSF DCE Components Included in This Release
This release includes the following OSF DCE components:
• Remote Procedure Call (RPC) Facility, supporting both connection-oriented (TCP/IP) and connectionless (UDP/IP) transport protocols.
• User-space Threads, based on Draft 4 of POSIX 1003.4a, Threads
Extension for Portable Operating Systems.
• Cell Directory Service (CDS), including CDS server replication.
• Access to the CDS name space through the X/Open Directory Service (XDS) and X/Open Object Management (XOM) services. The OSF DCE 1.0.3 versions of the XDS, XOM, and dua libraries are a part of libdce, and the necessary XDS and XOM header files are provided.
• Security Service, including security server replication and additional security server replication functionality, and the Audit Service.
• Distributed Time Service (DTS); this release supports ntp, null, and Spectracom DTS time providers; it also supports global time servers and DCE time zones.
• Global Directory Agent (GDA), using the Berkeley Internet Naming Daemon (BIND).
The DCE application library is provided as both a shared library (libdce.sl) and an archive library (libdce.a). If you use the shared library, a DCE application can share a single copy of the library with other DCE applications that are running on the same host. If you use the archive library, each application binary will contain its own copy of DCE routines that it either directly or indirectly calls.
1-2 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
NOTE At HP DCE 1.7, both libdce and libcma were versioned for
compatibility reasons. libdce.1 and libcma.1 are the latest patched HP DCE 1.5 libraries. libdce.2 and libcma.2 support HP DCE 1.7 on HP-UX 11.0. Shared applications built on HP DCE 1.6 may have to recompile to run on HP DCE 1.7.
Hewlett-Packard strongly recommends the use of shared libraries when building DCE applications. In our opinion, the advantages of shared libraries — smaller executable size, reduced memory requirement, and the ability to make use of forthcoming improvements to libdce without rebuilding or relinking binaries — outweigh the modest performance penalty HP has measured when testing a high-volume transaction processing application linked with DCE shared libraries.
HP DCE/9000 Features Added by Hewlett-Packard
Features Added at Previous Releases of HP DCE
HP DCE 1.7 supports the following features that were added to HP DCE/ 9000:
• The HP DCE Account Manager (HP DCE 1.4 and later releases) provides a graphical interface for creating and administering the DCE registry. The Account Manager requires a bit-mapped display. There is no ASCII terminal support. Online help is provided for the Account Manager. See “HP DCE Account Manager” later in this chapter for more information on the Account Manager.
• The HP DCE Cell Monitor (HP DCE 1.4 and HP DCE1.5 only) provides a graphical display of the status of each node in a DCE cell.
• DCM, the DCE Configuration Manager (HP DCE 1.4 and later releases) allows you to configure the nodes in a DCE cell. This tool is accessible via SAM (the HP-UX System Administration Manager) and is documented in online help.
• A set of HP-UX Integrated login utilities that authenticate users via the DCE Security Registry instead of via /etc/passwd and
/etc/group. HP DCE/9000 includes improvements to login, dtlogin, su, passwd, telnet, and rlogin, as well as new HP-UX Integrated
versions of ftpd and dtsession and enhanced support for CDE/PAM. See Chapter 6 for more information about these utilities.
Planning and Configuring HP DCE 1.7 1-3
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
• The DCE cell diagnostic tool dceping.
• An enhanced version of the OSF CDS browser (cdsbrowser), which has been ported to Release 6 of the X11 Windows system and the Common Desktop Environment (CDE). The browser is accessible through SAM. See the CDS Browser online help (accessible via the CDS Browser Help menu) for details.
• Two sets of tools for developing DCE applications are available as separately priced options to HP DCE/9000. For DCE application development in C, HP DCE/9000 Application Development Tools includes a modified IDL compiler (I2DL), tracing and logging facility, error reporting facility, and sample applications. For DCE application development in C++, HP DCE/9000 Object-Oriented DCE (HP OODCE) includes an IDL++ compiler, tracing and logging facility, C++ class library, sample applications, include files, and modified header files for C++ application development.
cdsclerk (new at HP DCE 1.5) no longer runs as separate processes.
cdsclerk functionality has been merged into the cdsadv process. cdsadv, therefore, is now the only HP DCE CDS client process.
HP’s dced (new at HP DCE 1.5) supports the new -r option. This option starts dced in remote-update mode, which allows DCE cell administration tasks to be performed by an administrator on a remote machine. In order to help prevent attacks, the dced default behavior is to disallow any remote administration.
• HP has enhanced the dcecp registry connect command with two new options that support intercell login:
-acctvalid Marks the local cell account as a valid account. A valid local cell account allows users from the foreign cell to login to nodes in the local cell. The default is invalid.
-facctvalid Marks the foreign cell account as a valid account. A valid foreign cell account allows users from the local cell to login to nodes in the foreign cell. The default is invalid.
1-4 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
See “Establishing Peer-to-peer Trust” in Chapter 7 for more information on these important new options.
• HP has added a new -r option, which refreshes a user’s credentials, to
dce_login. Users are encouraged to use dce_login -r rather than kinit to refresh their credentials, since dce_login -r uses the more
secure DCE Third-party preauthentication protocol, whereas kinit uses the less secure Kerberos 5 Timestamps protocol.
• HP has changed the default behavior of its configuration tools to
automatically enable audit filtering. In addition, the default behavior of secd has been changed to enable audit filtering at start-up, and a new secd option, -noauditfilters, had been added to disable audit filtering. See “Configuring the DCE Audit Service” in Chapter 5, and the online secd man page for more information.
• HP DCE Measurement Service (DMS) to monitor resource utilization
and performance of HP DCE 1.6 servers.
• Support for large uids.
• Support for context-switching 64-bit machine registers in DCE
threads ( libcma and libdce).
• Support for MC/ServiceGuard.
• Support for Secure Remote Utilities (Secure Internet Services) in the
InternetSrvcs product.
Features Added at HP DCE 1.7
The following features are new at HP DCE 1.7:
• NSS-DCE: a DCE module for the Name Service Switch (see
“Integrating DCE with HP-UX Integrated Login” in Chapter 6 for more information).
• DCE support for Kerberos V5 applications through creation of
configuration and keytab files.
• All integrated login utilities, including ftpd, now use the Pluggable
Authentication Module (PAM). There are no longer any separate .auth binaries.
In addition, HP DCE 1.7 contains numerous bug fixes.
Planning and Configuring HP DCE 1.7 1-5
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
Features Removed at HP DCE 1.6 and 1.7
The following features were removed at HP DCE 1.6:
• Distributed File Service (see “Installation Notes” in Chapter 4 for information about unconfiguring DFS before installing HP DCE 1.6).
• Global Directory Service.
• HP DCE Cell Monitor.
• The DCE cell diagnostic tool dceval.
The following feature was removed at HP DCE 1.7:
• Network Computing System (NCS) Version 1.5.1 compatibility (see “Note for Users of NCS-based Software” in Chapter 5 for important HP DCE/9000 configuration information).
Version Identification
V ersion information for individual HP DCE/9000 V ersion 1.7 components may be obtained via the /opt/dce/bin/dce_version utility. This utility prints the version of the installed DCE and can also retrieve what strings (see what (1)) from HP DCE/9000 programs and libraries. See the
dce_version man page for information on how to use dce_version.
Cell Configuration and Diagnostics
HP DCE supplies two configuration tools with this release:
dce_config is the cell configuration tool provided by OSF, with substantial modifications by Hewlett-Packard.
• DCM, the DCE Configuration Manager, provides a SAM interface to cell management.
• HP’s DCE cell validation and diagnostic tool dceping.
1-6 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
HP DCE/9000 Core Services Software
Common Desktop Environment (CDE) and Online Help
As of HP-UX 10.20 and later releases, the default environment is the Common Desktop Environment (CDE). (HP VUE was available with releases of HP-UX earlier than 10.30.) All HP DCE 1.7 online help and context-sensitive help works in CDE. If you print HP DCE 1.7 online help and context-sensitive help from CDE, the text is not formatted as it is on the screen; only text is printed (graphics are not printed).
DES and DES-Hidden Versions of this Release
The DCE Security component uses the Data Encryption Standard (DES) algorithm as its default encryption algorithm. Because the United States State Department restricts the export of DES software, HP supplies three binary versions of the dced daemon and the DCE library (libdce.1, libdce.2, and libdce.a):
• The U.S./Canada version is available only to HP customers in the United States and Canada. The U.S./Canada version of libdce supports use of DES to encrypt RPC argument values, via the “privacy” authentication level, and the use of DES to encrypt gssapi messages, via the gss_seal “confidentiality requested” flag. The U.S./Canada version of dced supports secure remote key table management.
• The Export version is available to all HP customers. The Export version of libdce disables the “privacy” authentication level in RPC, the gss_seal “confidentiality requested” flag, and all program entry points to DES routines. The Export version of dced does not support secure remote key table management.
If an application uses the Export version of the DCE library and specifies the “privacy” level or “confidentiality requested”, the library returns an error at run time. This restriction does not apply to the U.S./Canada version of this release.
See the dced (1M) man page for more information about remote key table management support in the two versions of the daemon.
NOTE Users of the Export version of HP DCE 1.7 should start dced with the -c
option. See the dced man page for more information.
Planning and Configuring HP DCE 1.7 1-7
About HP DCE/9000 Version 1.7
Limitations of This Release
Limitations of This Release
Some of the limitations described in this section reflect limitations of OSF DCE 1.2.1; others are limitations specific to this release.
Limitations of OSF DCE 1.2.1
Following are limitations of OSF DCE 1.2.1:
• The tool passwd_import, which imports user account information from /etc/ passwd files to the Registry database, does not import the passwords themselves. Therefore, after you have used passwd_import to create skeletal DCE accounts in the Registry database, you must use the dcecp tool to add passwords to those accounts. This information is particularly important to customers who plan on using the HP-UX Integrated login tools (login, etc.) with DCE.
• Transitive trust path generation and evaluation, as described in sections 33.1.2 and 33.1.4 of the OSF DCE Administration Guide — Core Components is not supported.
• Cell alias/rename is partially supported: creation of cell aliases (dcecp cellalias create) is supported; renaming of cells (dcecp cellalias set) is not supported. Disregard Sections 21.6.2 and
21.6.3 of the OSF DCE Administration Guide — Core Components.
• Cell alias names are not automatically propagated across cell boundaries. Use of cell aliases across cell boundaries is supported when the cell alias name is manually registered in the security name space.
HP DCE 1.6 and 1.7 Limitations on OSF DCE
1.2.1 Functionality
The following OSF DCE 1.2.1 functionality is not supported in HP DCE
1.6 or 1.7:
• Distributed File Service
• Global Directory Service
1-8 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Limitations of This Release
System Utilities Not Integrated with DCE Security
The following utilities are not integrated with DCE Security:
cron
at
rexecd
lp
Planning and Configuring HP DCE 1.7 1-9
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
Interoperability and Compatibility
This section describes the interoperability of this release with various implementations of OSF DCE, and its compatibility with previous versions of HP DCE, and with DCE-related technologies.
Binary Compatibility with Previous HP DCE Releases
Applications built on HP-UX 10.30 with HP DCE 1.6 may need to recompile due to the versioning of libdce and libcma in HP-UX 11.0. HP DCE 1.7 supports binary compatibility with HP DCE 1.2.1 and later releases. Applications linked with the archived HP DCE 1.2, 1.2.1, 1.3.1,
1.4, 1.4.1, 1.4.2, and 1.5 libdce are fully compatible with applications
built with HP DCE 1.7 libraries. These applications can share login contexts and credentials without loss of data.
Binary compatibility for statically-linked HP DCE 1.2, 1.2.1, 1.3.1, 1.4,
1.4.1, 1.4.2, and 1.5 applications can be disabled, resulting in minor
performance gains and slightly smaller credentials files. By default, binary compatibility is enabled when HP DCE 1.7 is installed and configured. Y ou may disable binary compatibility on a per -host basis with the following commands:
#ps -ef|grep dced #kill <dced PID#> #/opt/dce/sbin/dced -r #ps -ef|grep dced #kill -SIGUSR1 <dced pid#> #dcecp -local dcecp> acl mod hostdata -change {user hosts/$HOST/self criI} -local dcecp> acl mod hostdata -io -change {users hosts/$HOST/self cdprw} -local dcecp> quit #kill -SIGUSR1 <dced pid#> dcecp> dcecp> hostvar set -secbinarycompat off
To enable binary compatibility after it has been disabled, do the following:
1. Issue the command:
dcecp> hostvar set -secbinarycompat on
1-10 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
2. Stop and restart DCE daemons.
3. If using Integrated Login, log out and log in. If a statically-linked HP DCE 1.2, 1.2.1, 1.3.1, 1.4, 1.4.1, 1.4.2, or 1.5
application purges a login context (via sec_login_purge_context) which an HP DCE 1.7 application had created or refreshed, one of the credential files will not be deleted from the disk. This file is located in /var/opt/dce/security/creds. The file name will consist of the unique credential cache ID associated with the login context and a “.data.db” suffix. Administrators may remove this file manually if they wish.
For information about the U.S./Canada version of HP DCE, see the HP DCE/9000 Version 1.7 U.S./Canda Version Release Note.
Source Code Compatibility with Previous HP DCE Releases
There are no known source code incompatibilities between HP DCE 1.7 and previous releases.
Interoperability with Other Implementations of OSF DCE
This release has been tested to ensure interoperability with the implementations of OSF DCE on the platforms listed in Table 1-1:
Table 1-1 HP DCE Interoperability With Other Platforms and DCE
Implementations
Platform Operating
System
Digital Alpha Digital UNIX
3.2-2 IBM RS6000 AIX 4.1.4.0 AIX DCE 2.1 1.1 Sun SPARC
station
Planning and Configuring HP DCE 1.7 1-11
SunOS 5.4 Solaris 2.4
DCE Implementation
Digital DCE V 1.3 (Rev 51)
Transarc DCE 1.1 1.1
OSF DCE Version
1.0.3
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
Platform Operating
System
Dell 450/ME 486 Microsoft
DOS 5.0 Microsoft Windows 3.0
Dell 450/ME 486 Digital
Windows NT
Dell 450/ME 486 IBM OS/2 2.1 IBM DCE 1.1 1.1
Hewlett-Packard’s DCE configuration tools are not guaranteed to interoperate with other vendor’s DCE implementations. In particular:
• The DCE Configuration Manager, DCM, will configure any other HP DCE/9000 Version 1.4x Series 700/800 system. It will also configure versions 1.6, 1.5, 1.3.1, 1.2, and 1.2.1 of HP DCE/9000, but some operations may not be supported.
• DCM will discover a cell in its entirety, including non-HP systems provided the non-HP systems have been correctly configured in the CDS name space. (DCM cannot configure non-HP systems.)
• DCM may be run from any DCE/9000 Version 1.7 system within the cell.
DCE Implementation
Gradient DCE
1.0.2a, 1.0.3
Digital DCE V 1.3 1.0.3
OSF DCE Version
1.0.2, 1.0.3
• HP’s version of dce_config is based on the OSF version, but contains enhancements specific to HP systems.
Interoperability of the DES and DES-Hidden Versions
The DES and DES-hidden versions of this release are interoperable with the following limitation: DES-based application servers or clients that specify the “privacy” RPC data protection level or the gss_seal “confidentiality requested” flag are not interoperable with servers or clients based on the DES-hidden version.
1-12 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
Neither DES nor DES-hidden versions of DCE are interoperable with any DCE version that has been built with the DES code omitted (instead of hidden). Some DCE ports from other vendors were built in this way in order to meet U.S. export requirements. If you are running a DCE port from another vendor, check with that vendor for details.
Kerberos Authentication Protocol Compatibility
The DCE Security authentication service implements Kerberos Version
5. DCE Security does not provide backward compatibility support for Kerberos Version 4.
DCE Support for Kerberos Applications and Configuration Notes
HP DCE 1.7 makes available enhanced configuration features specific to Kerberos Version 5. Configuration withdce_config has been updated to do the following for either a security server or client:
• Create a host principal, account and keytab entry for secure BSD remote utilities.
• Create the file /etc/krb5.conf for use by Kerberos V5 Beta 5-7 and Release 1.0 applications.
• Create the file /krb5/krb.realms for Kerberos V5 B4 applications.
• Add the entries klogin, kshell, ekshell, and eklogin as well as kerberos5 and kerberos-sec to /etc/services.
• Link the /etc/krb5.keytab file, which is the default keytab used by Kerberos V5 Release 1.0 clients, to the /krb5/v5srvtab file, which is the default keytab used by DCE clients. The file/etc/v5srvtab, which is the default keytab file used by Kerberos V5 Beta clients, is also linked to the /krb5/srvtab file.
The host principal uses a fully qualified host name. To construct this name, dce_config appends the Internet domain name to the host name in the format: host_name.domain_name. F or example, when the domain name is ch.hp.com, and the host name is fred, the fully qualified host name is fred.ch.hp.com.
Planning and Configuring HP DCE 1.7 1-13
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
When configuring either a security server or client, dce_config checks the file /etc/resolv.conf for the Internet domain name. If the domain name is not found in this file, then the user is prompted to enter a domain name.
Before running dce_config, you can choose to set the environment variable DOMAIN_NAME to provide the domain name during configuration. Other environment variables used by dce_config are described in the section “Component Scripts and Environment Variables for dce_config” in Chapter 5.
An example of a standard domain name is ch.apollo.hp.com. A DCE principal name takes the form: /.../cellname/host/fully_qualified_hostname Configuration for secure remote utilities may require the additional step
of adding entries to inetd.conf.
Remote Services File
The following describes the service and port settings in /etc/services for the different versions of Kerberos. Kerberos V5 Release 1.0 expects the service "kerberos" to use port 88. However, older versions of Kerberos (V4) expect the "kerberos" service to use port 750. For this reason,
dce_config does not set/reset the service "kerberos" in /etc/services. dce_config does set the following in /etc/services:
kerberos5 88 udp kdc for V5 Beta 5-7 applications kerberos-sec 88 udp kdc for V5 Release 1.0 applications
If a customer has an environment where they are supporting different versions of Kerberos clients, they can set the port number for V5 Release
1.0 clients explicitly in the [realms] section of the /etc/krb5.conf file: kdc = host:88 For related and more detailed information, see the whitepaperUsing HP
DCE 9000 Security with Kerberos Applications in
/opt/dce/newconfig/RelNotes/krbWhitePaper.ps.
Support for Secure Internet Services
The DCE KDC is used by the Secure Internet Services, also known as the Secure Remote Utilities, that are shipped as part of the InternetSrvcs product on HP-UX 11.0. The kerberized utilities include rlogin,
1-14 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
remshd, rcp, ftp, and telnet services. A new command, k5dcelogin, has been added to DCE in support of these utilities. When ticket forwarding is requested, k5dcelogin promotes a principal's Kerberos V5 credentials to DCE credentials. Refer to documentation on Secure Internet Services for configuration information.
DCE GSS-API Interoperability with MIT and Third-Party Kerberos Implementations
The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while other changes accomodate the non-conformance of older DCE and MIT GSS-API implementations.
Planning and Configuring HP DCE 1.7 1-15
About HP DCE/9000 Version 1.7
Notes, Cautions and Warnings Regarding This Release
Notes, Cautions and Warnings Regarding This Release
dcecp host Command
All of the operations of the dcecp host command are implemented. See the host (8dce) man page for syntax and details.
Security and Remote Login Utilities
You can use standard UNIX remote login utilities (remsh, rlogin, telnet) to perform remote DCE cell administration. However, these
utilities expose the cell administrator’s password to network attackers whenever you perform a task on a remote system. If a network attacker
obtains the password, the security of the cell’s DCE services is compromised. The most secure way to perform cell administration is to log in locally to each system you want to administer. The use of Secure Internet Services (SIS) does not provide better security for the purpose of remote DCE cell administration.
Security and Credential Lifetime
DCE credentials consist of Kerberos tickets shared by principals and the security server. The security server encrypts the tickets with a server key. Usually, the credential lifetime for a Kerberos ticket is a defined expiration time.
Hewlett-Packard recommends using Kerberos tickets with a defined expiration time and changing the server keys frequently. Using tickets with an infinite lifetime makes it difficult to automatically change server keys without invalidating the outstanding tickets. It also defeats the automatic key garbage collection, which the sec_key_mgmt_change_key operation performs.
1-16 Planning and Configuring HP DCE 1.7
Loading...
+ 138 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use