Xerox 701P40211 User Manual

Xerox Document Services Platform Series

Common Controller
System Guide

701P40211
Version 3.7
April, 2003

Xerox Corporation
Global Knowledge and Language Services
800 Phillips Road
Building 845-17S
Webster, New York 14580
USA

© 2003
Copyright by Xerox Corporation. All rights reserved.
Copyright protection claimed includes all forms and matters of copyrighted material

and information now allowed by statutory or judicial law hereinafter granted including
without limitation, material generated from the software programs that are displayed
on the screen such as styles, templates, icons, screen displays, looks, and so on.

Printed in the U.S.A., U.K., and France.
XEROX®, XEROX Europe®, and XEROX Canada Limited®, The Document

Company, the stylized X, and all names identifying numbers used in connection with
Xerox products mentioned in this publication are trademarks of XEROX
CORPORATION. All non-Xerox brands and product names are trademarks or
registered trademarks of their respective companies. Other company trademarks are
also acknowledged.

This product includes software developed by the Apache Software Foundation (http://
www.apache.org/).” SWOP® is a registered trademark of SWOP, Inc.

While the information in this Guide is correct at the time of this publication, Xerox
reserves the right at any time to change the information without notice. Changes are
made periodically to this document. Changes and technical updates will be added in
subsequent editions.

Table of Contents

1. Introduction 1-1

About this guide 1-1
Contents 1-1
Conventions 1-2
Customer Support 1-2

2. Gateway Configuration 2-1

Internet Services (HTTP) Gateway Configuration 2-1
IPP Gateway Configuration 2-2
Simple Network Management Protocol (SNMP) Configuration 2-3

Configuration variables 2-4
Printer and job messages 2-5

SNMP MIB S upport 2-5
NDS Setup 2-7

3. Backup and Restore 3-1

Backup 3-1
Restore 3-2
Xerox Backup and Restore (XBR) Utility for a DP100/115/135/180 EPS System3-

3

Backing up a System 3-3
Restoring a System 3-4

4. Security and Network Setup 4-1

Access and Secu rity 4-1
Overview of Security 4-2
Changing the logon level 4-2
User Password changes 4-3
Roles and responsibilities 4-3

Xerox responsibility 4-3

SYSTEM GUIDE i

TABLE OF CONTENTS

Security Setup 4-4
DocuSP 3.7 security changes 4-4
Using the High security setting 4-5
User and File-level changes 4-7

User level 4-7
Solaris file per m is s ions secured 4-8
Network and name service changes 4-8

Disabling secure name service databases 4-8
Multicast routing disabled 4-8
OS and host information hidden 4-8
Sendmail daemon secu re d 4-8
Network parameters secured 4-9
Executable stacks disabled 4-9
NFS port mon i tor restricted 4-9
Remote CDE login disabled 4-9
DocuSP router capabilities disabled 4-9
Security warning banners 4-9

XDSS script components 4-10

The configure-xdss scri pt 4-10

Disabling LP Anonymous Printing 4-10
DigiPath and Decomposition Services 4-10
Remote shell internet service 4-11
disable-security and enable-security scripts 4-11
enable-ftp and disable-ftp scripts 4-11
enable-remote-diagnostics/disable-remote-diagnostics scripts 4-11

User Account Managemen t 4-11
Print command line client from remote systems 4-12
Other security tips 4-13

Configure for xrxusr 4-13
Document and backup 4-14
Online help for security 4-14

Sample of inetd.conf file 4-14

ii SYSTEM GUIDE

TABLE OF CONTENTS

Quick reference 4-19

5. Printing 5-1

First In/First Out (FIFO) Printing 5-1

Controller settings for limited FIFO scheduling/printing 5-1
Enable/Disable FIFO Job Scheduling 5-2

ASCII and PCL Printing Utility 5-4

Impact on DocuSP printers 5-4
setpclcontrol Utility 5-4

Set lp/lprcopycount utility 5-5
Socket Gateway Configuration Utility: setVPSoption 5-6
TIFF files 5-7

TIFF orientation 5-7

Performance considerations 5-7
Supported TIFF tags 5-8

MICR Enablement 5-9
Using VIPP 5-10
Paper Trays 5-10
Printing hints 5-11

6. Finishing 6-1

Subset Finishing 6-1

Creating jobs to use subset finishing 6-2

Subset Offset (Page Level Jog) 6-2

PCL Offset/Separator/Subset Finishing command 6-3
PCL Paper Source Command 6-4
Mixed Stacking 6-4
Additional finishing information 6-5

7. Fonts 7-1

How to choose fonts 7-1

Fonts 7-1

Font download option 7-2
Resident Fonts 7-2

SYSTEM GUIDE iii

TABLE OF CONTENTS

Non Resident Fonts 7-6
Font substitution 7-7

8. Accounting and Billing 8-1

Accounting 8-1

Auto exporting accounting log 8-1
Accounting exported values 8-1
Accounting file fields 8-2

Billing 8-9

Billable Events 8-9
Billing Meters 8-10

9. Troubleshooting 9-1

Calling for service 9-1
Declared faults 9-1

Printer fault 9-2
Job fault 9-2

Undeclared faults 9-2

Client problems 9-3

Windows problems 9-3
Macintosh problems 9-3
DigiPath problems 9-4
GUI problems 9-4
Print Quality problems 9-5
Font problems 9-5
Inoperable system problems 9-6
Job flow problems 9-6
Job Integrity problems 9-8
PDL problems 9-8
PostScript problems 9-8
TIFF problems 9-9
PDF problems 9-9

Restore password 9-10

iv SYSTEM GUIDE

TABLE OF CONTENTS

Restart DocuSP software without rebooting 9-11

Productivity and performance problems 9-11

Problems when saving a job 9-11
Printing system logs 9-12

all_jobs_log 9-12

system_log 9-12

status_log 9-12

ep_exception_log and ep_primary_log 9-13

Printing the system logs 9-13

Printing the accounting log 9-14
Rebooting and restarting 9-14
Loading XJDC/Unix 9-15
Configuring XJDC/Unix 9-16

XJDC Hints and Tips 9-16
Output files 9-17
Properly ejecting a diskette from the Diskette drive on a DocuSP workstation9-18

10. Hints and Tips 10-1

General 10-1

Disabling the Solaris 8 Scre en Saver 10-1

Common Desktop Environment (CDE) Front Panel Removal and

Workaround 10-1
Color Systems 10-2

General Comments 10-2

Time used to generate the PDL 10-2
Time used to transfer PDL 10-2
Time required to RIP PDL 10-2
Time required to print PDL 10-3

Job submission hints 10-3

Number of images 10-3
Ethernet 10-3
Gateways 10-3
Job submission order 10-4
Job RIP Hints 10-4

SYSTEM GUIDE v

TABLE OF CONTENTS

Variable data 10-4
Image Quality 10-5
Job Printing Hints 10-6
Skipped Pitches 10-6

PCI Channel Interface PWB Trace Capture Procedure 10-7

Perform a Trace 10-7
Export the trace file to floppy 10-8

vi SYSTEM GUIDE

TABLE OF CONTENTS

SYSTEM GUIDE vii

TABLE OF CONTENTS

viii SYSTEM GUIDE

About this guide

1. Introduction

The System Guide provides the information needed to perform
system administration tasks for configuring and maintaining the
Xerox Document Services Platform (DocuSP) for printing
systems.

This guide is inte nded for Network and System Administrators
responsible for setting up and maintaining Xerox printers with
DocuSP software. Users should have an understanding of the
Sun workstation and be familiar with Solaris and basic UNIX
commands. This includes the use of text editors such as vi or
textedit and the ability to maneuver within the Solaris
environment. The System Administrator is expected to have a
working knowledge of Local Area Networks (LANs),
communication protocols, and the applicable client platforms to
assist them in a customer site setup.

Contents

In general, this document covers information about the DocuSP
that is not covered in the on-line help or other available guides.

The following list describes the contents of this guide:

• Simple N etwo rk M anage ment Proto col Co nfigur atio n (SN MP)

• Backup and Restore

• Security and Network Setup

•Printing

• Finishing

•Fonts

• Accounting and Billing

• Troubleshooting

Common Controller 1-1

Introduction System Guide

• Hints and Tips

Conventions

This guide includes the following conventions

• Angle brackets - Variable information that is displayed on

your screen is enclosed within angle br ackets; for example,
“Unable to copy <filename>.”

• Square brackets - Names of options you select are shown in

square brackets; for example, [OK] and [Cancel].

• Notes are hints that help you perform a task or understand

the text. Notes are found in the following format:

NOTE: This is an example of a note.

Customer Support

To place a customer service call, dial the direct TTY number for
assistance. The number is 800-735-2988.

For additional assistance, dial the following numbers:

• Service and software support: 1-800-821-2797

• Xerox documentation and software services: 1-800-3 27 -975 3

1-2 Common Controller

2. Gateway Configuration

Setting up the HTTP and SNMP gateways cannot be
accomplished through the graphical user interface and must be
set using the gwConfig utility through a UNIX Terminal window.
The IPP gateway is configured using the DocuSP interface.

Internet Services (HTTP) Gateway Configuration

Perform the following to configure the HTTP gateway:

1. Sta rt the configuration utility. Type ./ gwConfig.

NOTE: Refer to the instructions in the section, IPP Gateway
Configuration for information about starting the configurat ion.

2. Perform the following to set up the Internet Services (HTTP)
Gateway:

Enter the name of the gateway to be configured: Internet
Services

Configure the Internet Services Gateway? [Y/N] y
Enter name: Value data
Printer URL: http://<controller name>.<domain

name>.com

NOTE: Use the IP address of the controller if there is no
domain name. For example, http://52.126.255.255.com

3. A confirmatio n message of the entered value displays.
Confirm that the entry is correct and enter y for yes.

4. Continue with this process for every value to be configured.

5. When all of the desired values have been configured, press
<Enter> at the Enter Name: [Value Data line].

6. When asked to accept the values and update the
configuration, enter y for yes.

7. The configuration utility exits.

Common Controller 2-1

Gateway Configura tio n Sys tem Guid e

8. When complete, close the Terminal window and select
System, Restart on the DocuSP user interface.

IPP Gateway Configuration

Perform the following to configure the IPP Gateway.

1. On the DocuSP Controller, open a new terminal window and
login as root

2. Type csh and press <Enter>.

3. Type cd /opt/XRXnps/XRXipp

4. Display a list of the directory contents by typing ls. The file
gwConfig should be displayed.

5. Type ./gwConfig and press <Enter>.

6. The gateways that may be configured are: SNMP Gateway,
Internet Services, and IPP Gateway.

If necessary, make the terminal window large enough to
display the list while configuring each value desired.

The only value necessary for the IPP and Internet Services
Gateways is the Printer URI value.

7. Answer the following question s with the information supplied
as follows:

• Enter the name of the gateway to be configured: IPP

Gateway

• Configure the IPP Gateway? [Y/N] y

• Enter name: Value dat a

• Printer URL: http://something.com:631/servlet/

IPPServlet.IppPrinter

NOTE: The text "something.com" is the server name and
domain name of the DocuSP controller on which you are
configuring the gateway. For example, server name.domain
name. If no domain name is used, enter the IP address of the
controller without the .com. For example, http://

52.126.255.255:631/servlet/IPPServlet.IppPrinter.

8. Continue with the above process for every v alue to be
configured.

9. When all of the desired values have been configured, press
<Enter>

2-2 Common Controller

System Guide Gateway Configu ra tio n

10.When asked to accept the values and update the
configuration, enter y for yes.

The configuration utility exits.

Simple Network Management Protocol (SNMP) Configuration

To configure the SNMP configuration, follow the instructions for
configuring the HTTP Gateway in the previous section.

SNMP provides you with the st atus of network devices. If you are
familiar with SNMP manager, you may want to configure the
SNMP gateway using gwConfig and the information that follows.

NOTE: SNMP requires a standard FlexLm license. The System
Administrator m us t enable SNMP in License Manager.

Xerox recommends the following third–party SNMP software
mangers:

• IBM Network Printer Manager (NT)

• TNG Unicenter (NT)

• HP OpenView (UNIX, NT)

• Xerox CentreWare (UNIX, NT)

NOTE: The SNMP manager (HP OpenView) may have a
number of requests into DocuSP for information. Some of the
requested information may not be a supported data set on
DocuSP. Therefore, the SNMP client/manager displays "no
value...etc".

NOTE: You can have more th an one SNM P manager running a t
the same time.

Common Controller 2-3

Gateway Configura tio n Sys tem Guid e

Configuration variables

Of the many parameters that are available for SNMP
configuration, only the ones of common interest to Xerox
customers are shown in the following table:

Table 2-1.

Value

Parameter Name Description
CommandLine Turn on/off the following flags:

–l: logging to
SNMP_DEBUG_LOG

–w: logging to window

Printer operator The name of the printer operator String

Printer administrator The name of the printer

administrator

Printer administrator location The location of the office of the

printer administrator

Printer administrator Phone The telephone number for

contacting the printer
administrator

Printer location The location of the printer String

Range

(0...127)
String

(0...127)
String

(0...127)
String

(0...127)

(0...127)

Enter the following Command Line va riables:

-l: -w:

Default
Value

<empty>

<empty>

<empty>

<empty>

<empty>

An example of SNMP gateway configuration for the parameters
shown is:

SNMP Gateway Configuration File Section
Data:Entry Name Entry
ValueCommandLine: -l -w
Printer Operator: Janet Jones
Printer Administrator: William Webster
Printer Administrator Location: Room 409
Printer Administrator Phone: 122-0001
Printer Location: Room 444

2-4 Common Controller

System Guide Gateway Configu ra tio n

Printer and job messages

SNMP can broadcast messages about the printer and the jobs
on the system. Printer messages may an nounce that the printer
is idle, printing, or out of paper. Job messages announce that
jobs are pending, processing, or completed. Other job related
information may include the job owner’s name, the job quantity,
the job identifier, etc.

NOTE: ”Forwarding” is not a job state that is broadcast by the
controller; therefore, job forwarding information will not be
displayed by the SNMP job managers.

The information that is displayed at an SNMP Manager may not
always reflect the exact status of a job or printer on the DocuSP
Controller. Those Managers that do not support loading of
Management Information Bases (MIBs) will only di splay the
printer and job status that they support.

SNMP MIB Support

DocuSP 3.0 SNMP MIB file uses the Xerox Common
Management Interface (XCMI) version 4.0. The following lists the
MIB files included for v ersion 4.0:

• rfc1213 - RFC1213-MIB (MIB-II)

• rfc2790 - HOST-RESOURCES-MIB (XCMI rev 000817)

• rfc2790t - HOST-RESOURCES-TYPES (XCMI rev 000815)

• rfc1759 - Printer-MIB (XCMI rev 000818)

• rfc2707 - Job-Moni toring-MIB (Printer Working Group)

• 02common - XEROX-COMMON-MIB

• 06gentc - XEROX-GENERAL-TC

• 07gen - XEROX-GENERAL-MIB

• 10hosttc - XEROX-HOS T-RESOURCES-EXT-TC

• 11hostx - XEROX-HOST-RESOURCES-EXT-MIB

• 15prtxtc - XEROX-PRINTER-EXT-TC

• 16prtx - XEROX-PRINTER-E XT-MIB

• 21rsrctc - XEROX-RESOURCES-TC

• 22rsrc - XEROX-RESOURCES-MIB

• 40jobtc - XEROX-JOB-MONITORING-TC

• 41jobmo n - X ER O X -J OB-MONITORING-M IB

Common Controller 2-5

Gateway Configura tio n Sys tem Guid e

• 42jobmtc - XEROX-SIMPLE-JOB-MGMT-TC

• 43jobma n - XER O X -S I M PLE -JOB-MGMT-MIB

• 50commtc - XEROX-COMMS-ENGINE-TC

• 51comms - XEROX-COMMS-ENGINE-MIB

• 52conftc - XEROX-COMMS-CONFIG-TC

• 53config - XEROX -C OMMS-CONFIG-MIB

• 58svctc - XEROX-SERVICE-MONITORING-TC

• 59svcmon - XEROX-SERVICE-MONITORING-MIB

• 93pidtc - XEROX-PRODUCT-ID-TC

The following is a list of MIBs that are supported:

• RFC 1213 MIB fi le
– The system Group
– The Interface Group
– The at (address translation) Group
– The ip Group
– The icmp Group
– The tcp Group
– The udp Group
– The snmp Group

• Host Resource MIB file
– The System Group
– The Storage Group
– The Device Group

• Printer MIB file
– The General Printer Group
– The Input Group
– The Extended Input Group
– The Input Media Group
– The Output Gr oup
– The Extended Output Group
– The Output Features Group
– The Marker Group
– The Marker Supplies Group

2-6 Common Controller

System Guide Gateway Configu ra tio n

– The Marker Colorant Group
– The Media Path Group
– The Interpreters Group
– The Channels Group
– The Console Group
– The Alerts Groups

• Xerox General MIB file (uses only the 06gentc and 07gen
files)

– The xcmGen Base Group
– The xcmGen Trap Client Group
– The xcmGen Trap View Group

NOTE: The other files in Xerox General MIB are not supported.

NDS Setup

When using Novell Netware, a preferred server needs to be set
for environments where there is more than one server on the
network. If you are running NDS in an environment with more
than one NDS server, to ensure optimal operation, you should
specify a preferred serv er . To do th is, perform the following step s
(you will need to know your NDS Tree, Context, and Preferred
Server Names):

1. Type su root and enter passw ord when you are prompted.

2. Type cd /opt/XRXnps/XRXnwqsgw/bin/.

3. Type ./QServerSetup and select the return key.

4. Select the approp ri a te option:

• If there is already an existing NDS QServer Setup that

you wish to add a Preferred server name to, select choice

2.

• If you are creating a new NDS QServer Setup with a

preferred serv er name, select choice 1.

5. Select choice 4 to list the current setups to make sure your
preferred server was added successfully.

6. Restart the DocuSP software.

NOTE: If logging is enabled, you can check /opt/XRXnps/log/
QServer.Debug.Log to make sure that connection is made with
the Preferred server. Ensure that jobs can be submitted from
Netware and properly received and printed.

Common Controller 2-7

Gateway Configura tio n Sys tem Guid e

2-8 Common Controller

3. Backup and Restore

Software configuration information and customer specific files
should be backed up to a safe location, either to tape or to a
remote server on a regular basis. It is valuable to back up a
system to a remote location when upgrades of hardware are
performed.

Software conf iguration information should be saved when the
system has been inst alled and all queues and printers have been
set up. Also, when any printer or queue properties are changed.

The Configuration utility provided with the DocuSP software will
backup all of the DocuSP configuration files in the /opt/XRXnps/
configuration directory. This includes the preferences settings,
printer set up, and queue set up files.

If a software upgrade or new software installation is required, a
representative will perform the software installation. In each
case, certain portions of the system configuration will need to be
restored or reentered by the customer.

Backup

The following information should also be backed up on a regular
basis or when the DocuSP controller has been modified:

• Customized scripts installed by the custo mer

• Unique third–party software and related data, or Xerox–
developed solutions and related data

• DNS, NIS, or NIS+ files

• Jobs saved to the DocuSP controller using the Save Feature

• Non–Xerox supplied Sun patches

• Customized links to directories

• Continuous Feed custom imposition files

• Continuous Feed custom print mark files

In addition, it is recommended that the System Administrator
document the following informatio n:

Common Controller 3-1

Backup and Restore System Guide

• Any soft fonts that have been loaded on the system

• Contents of the hosts and hosts.equiv files

• The allowable users

• Any customer–specific passwords

NOTE: In the event of a software upgrade or install by Xerox,
Xerox is not responsibl e f or th e rest or ati o n o f th e a bove i tems to
the DocuSP controller.

NOTE: It is highly recommended that a complete system image
be backed up to tape or a remote location on a regular basis.
Having a current system image stored separate from the
DocuSP controller will ensure that in the event of a failure of the
system or the hard disks, the system can be easily restored.

Refer to the appropriate SUN documentation for additional
information on saving a system image.

Restore

If only a software upgrade is performed on the DocuSP
controller, the system configuration information will typically be
retained.

During the upgrade , the Xerox Custome r Service Represen tative
will provide a hardcopy of the system configuration information,
such as the contents of the /etc/hosts and /etc/hosts.equiv files,
the list of user names from the /etc/passwd file, and gateway
information from any installed optional gateways. If any
information needs to be recreated, the hardcopy will assist the
System Administrator in restoring the system. Any customized
software, saved files, or unique third–party information will have
to be restored by the System Administrator. If a hardware
installation is performed and t here is no system image saved, the
System Administ rator will have to restore or re-enter, at a
minimum, all of the information included on the hardcopy output
provided by the Xerox Customer Service Representative.

3-2 Common Controller

System Guide Backup and Restore

Xerox Backup and Restore (XBR) Utility for a DP100/115/135/180 EPS System

Backing up a System

To backup a system, use a DocuPrint EPS controller with a QIC
tape drive, at least 3 tapes (maybe up to 6 QIC tapes), and the
XBR floppy.

NOTE: The most common reason for backup procedure failure
is a bad tape. Restart the backup process with a new tape. The
system has to be shutdown before the backup operation can be
performed.

1. Open a Terminal window.

2. In the terminal window, log in as root.

3. At the command prompt, type init 0 and press Enter.

4. At the Ok prompt, type boot -s. S teps 3 an d 4 first shut dow n
the system, then reboot it in single-user mode.

5. Enter the root password.

6. Insert the XBR floppy in the disk drive and a blank tape in the
tape drive.

7. At the command-line prompt, type mkdir /a.

8. Type mount /dev/diskette /a and press <Enter>. This
command causes UNIX to access the diskette drive (/dev/
diskette) through the /a directory.

9. Type cd /a.

10.Type ./xbr but don’t forget the “.” before the “/”.

11.Type backup and as the system asks for a new tape , remove
the current tape, la bel it and insert a new tape (each tape
takes about 20 to 25 minutes to fill). After inserting a new
tape, type yes. The system may ask for a tape it has already
used (for example volume 2 again); ignore the number it
gives you and lab el the tape with the next number in t he
sequence. This problem is caused by the underlying UNIX
utility that is being called multiple times (each time it is called,
it starts off at the beginning of the tape numbering sequence
and not at the number with which it left off).

Common Controller 3-3

Backup and Restore System Guide

12.After the backup is complete, restart the system by typing

reboot and pressing Enter.

Restoring a System

Before you begin to restore the system, locate the CD labeled
"Solaris 8 CD (1 of 2)" from which to run the Operating System.
You will also need a system to restore to (with a QIC tape drive),
the XBR floppy, all the backup tapes that were made by the
previous procedure, the CD-ROM labeled "Solaris 8 CD (1 of 2)".
To restore the system, perform the following:

1. Insert the "S ol ar is 8 C D (1 of 2)" CD-ROM, the first t ap e, and
the XBR floppy into the system.

2. Open a Terminal window.

3. In the Terminal window, login as root.

4. At the command prompt, type init 0 and press <Enter>.

5. At the "ok" prompt, type boot -s

6. Once the system reboots, login as root.

7. Create a directory; type mount /dev/diskette /a

8. Type cd /a

9. Type ./xbr (don't forget the "." and "/")

10.Type restore

11. Answer y for yes to the question that comes up.

12.The system will then reboot.

13.Insert each tape as they are asked for and Press <Enter>.

14.Repeat the previous step twice.

15.The system will reboot. Login as root.

16.As the system requests a n ew tape, enter the next t ape in the
sequence into the drive.

17.The system will display a message when the restore is
complete. To restart the system, type reboot and press
<Enter>.

3-4 Common Controller

4. Security and Network Setup

This section provides you with information on security regarding
the DocuSP controller and the Solaris Operating System
including access, changing logon levels, and enhancements of
the Solaris OS. Also included are general guidelines to security
related proced ures that can be implemented to improve security
of the DocuSP controller and the Solaris OS.

Access and Security

UNIX accounts ar e defined during the installation process:

• root: has super user access to the workstation. The initial
password for this account is set during installation of the
operating system and should be obtained from the Xerox
service personnel.

NOTE: For security reasons, the root account password
should be changed as soon as the Xer ox service personnel
have completed the installation.

• The Xerox user name is the account from which the Xerox
software runs. Use the Xe rox user p assword for this accoun t.
Contact your Customer Service Representative if this is
unknown.

• ftp: an account to permit some clients to retrieve their
software from the DocuSP controller using the TCP/IP
communication protocol. This account will be set to Read
Only access to the /export/home/ftp directory

• Pxrxsvc: the account for remote diagnostics by Xerox
service personnel. The DocuSP controller is accessed using
PPP communications via a modem.

NOTE: The user and group identifications, uid and gid, for the
Xerox accounts that are listed above cannot be arbitrarily
changed in the password and group files to new val ue s b eca use
the software is based on the proper access to the Xerox supplied
files.

Common Controller 4-1

Security and Network Setup System Guide

Overview of Security

The purpose of the security section is to provide information on
security regarding the DocuSP controller and the Solaris
Operating System. This section explains the new DocuSP
"Security Profile" poli cy and associated script s provided that h elp
protect the system against unauthorized access and
modification. This feature has been added in response to
customer and enterprise security concerns. It is based on
Solaris Security Blueprints papers and tools as well as previous
security scripts created by Xerox.

Changing the logon level

The DocuSP software defaults to the Walk Up User access level
when the DocuSP software is started.

To log into the DocuSP as the System Administrator or Trusted
User, perform the following:

1. Select [System] from the DocuSP Print Services window.

2. Select [Logon]. The Logon dia log is di spla yed.

3. Select the Trusted User or System Administrator access level
and enter the correct password.

The initial passwords for Trusted User and System
Administrator can be obtained from your Xerox Service
Representative

NOTE: The various system passwords need to be changed
as soon as an install is complete. It is also advised that you
should have a process in place for changing the passwords
on a regular basis.

NOTE: The System Administrator should verify access to the
Xerox application for all levels before the service installation
personnel leave the site.

NOTE: To maintain security, it is recommended that any
restricted access login be terminated as soon as the session
has been comple ted.

4-2 Common Controller

System Guide Security and Network Setup

User Password changes

When the DocuSP software and system was installed, Xerox
provided a default root password for the UNIX environment. In
addition, default passwords were created for the DocuSP
Trusted User and System Administrator login levels. Xerox
strongly recommends that the customer change these
passwords from the default sett ings.

WARNING

Please be aware that Xerox Customer Support Personnel
must have access to the new root password for service and
support. It is the customer's responsibility to ensure that
the root and system administrator passwords are available
for them.

The user and group identifications, uid and gid, for the Xe rox
accounts that are listed above cannot be arbitrarily changed in
the password and group files to new values because the
software is based on the proper access to the Xerox supplied
files.

Roles and responsibil it ie s

The following sections detail the roles and responsibilities for
setting and maintaining the security of the DocuSP controller.

Xerox responsibility

Xerox is committed to providing a level of security which will
allow the DocuSP controller to be a good network citizen in the
response to current security intrusions. Additional security
beyond this remains the responsibility of the customer.

Common Controller 4-3

Security and Network Setup System Guide

Xerox is constantly evaluating the security of the DocuSP
controller and the Sun Solaris operating system. Xerox is
committed to providing the latest Solaris security patches
provided by Sun Microsystems in each major DocuSP release.
The DocuSP development team will also add Solaris security
patches in between major release cycles. All OS security
patches for applications that are added during a standard
DocuSP install will be included, even if the application code is
not normally used by DocuSP users. Security patches for
applications tha t are not loade d by a st andard Do cuSP instal l will
not be evaluated or included. Only the version of a patch
impacting security will be included. If a security patch has a
newer version that is not security related, then this patch will not
be updated to the newer version. Any security patch that is
determined to have a negative impact to DocuSP operation will
not be added.

Security Setup

System Security can be selected from the DocuSP. Select
[Medium] security to disable everything in the list of secure
features. Select [High] to enable security and to turn security on
for everything in the list of secure features.

If you have upgraded your DocuS P softw a re fro m 3.6 to 3.7 and
you are having d i fficulty with application software that
communicated with the controller, set security to Medium to
resolve the problem.

DocuSP 3.7 security changes

To assist DocuSP customers, XDSS (Xer ox Do cuS P Secur i ty
Script) was added in the 3.12 software release to help secure the
operating system from unauthorized access an d modification.
The DocuSP inst all ro utin e pr ompt ed Xe rox se rvice per son nel to
determine whether XDSS should be run. In ad dition, the XDSS
scripts were made resident on the controller so that they could
also be run by the customer at any time.

4-4 Common Controller

System Guide Security and Network Setup

While the under lying XDSS content ha s not changed since its
inception, its implementation philosophy has been reversed in
the 3.7 release. Previously, XDSS was an option typically
chosen at install. Now the features are automatic ally
implemented with a scrape install. A scrape install includes both
the Solaris operating system and a DocuSP 3.7 release. This
corresponds with the “High” setting in the Security Profile
dialogue box under the Syste m menu. The “Medium” setting
describes the default operating environment normally provided
by Sun. Upgrades, however, retain the previous security setting.
Note that if XDSS was disabled in 3.6 and DocuS P is upgraded
to 3.7 without an OS reload, the security setting will be medium.

WARNING

Since the “high” security setting disables a number of
commonly used services, it is important that customers
review this document and test this feature against their
mission-critical applications.

This document provid es information on all modi fications made by
XDSS so the customer can determine which security setting best
meets their need s. Some custome rs may find that some features
disabled by this script, such as telnet, FTP and NFS, are
required in their environment. If a certain application
communicated successfully with DocuSP 3.6 fails following a 3.7
upgrade but its communication mechanism is unknown to the
customer, it is recommended th at the setting be temporarily
changed to “Medium” to determine if the high security setting is
the cause of this change. If further assistance is required to
manually disable or enable specific services listed in this
document, please contact the Customer Support Center or the
appropriate Sun documentation.

Using the High security setting

The following is a list of documents that are disabled when the
security setting is set to “High”:

• FTP (including anon ymous FTP)

• telnet

• echo (Echoes back any character sent)

• discard (Discards everything sent)

• daytime (Displays the date and time)

Common Controller 4-5

Security and Network Setup System Guide

• chargen (Sends rev olving pattern of ASCII characters)

• time (Outdated time service)

• name (Obsolete IEN-116 name service)

• finger (Remote user information server)

• talk (serve r talk program)

• comsat (biff server - mail notification daemon)

• exec (remote execution server. Used by rexec command)

• dtspc (CDE Subprocess Control Service, for remote logins)

• rpc.rusersd (n etwork username server)

• rpc.sprayd (records the packets sent by the spray command)

• rpc.rwalld (network rwall server)

• rquotad (Remote quota server. Used by the quota

• command to display user quotas for remote file systems)

• login (remote login server used by rlogin command)

• rstatd (used by performance meter)

• sadmind (Distributed system administration daemon)

• fs (Xfont server. Used by CDE to render fonts)

• amiserv (R PC Sm ar t Card Interfac e )

• rpc.cmsd (Calendar manager service daemon)

• Tooltalk database server

• KCMS (Kod ak Colo r Management System profile server)

• bwnfs ( Beame &Whiteside NFS, used by Hummingbird
MaestroNFS)

The services previously listed are disabled by editing the /ect/
inetd.conf file. A complete example of the inetd.conf file setup
with the high security setting can be found later in this chapter.

Other services are disabled by renaming its startup script in the
appropriate /etc/rc#.d directory. These include:

/etc/rc2.d: • S40llc2 (Class II logical link co ntrol driver)

• S47asppp (Asynchronous PPP link manager, used for Xerox
remote diagnostics)

• S70uucp (Unix to Unix copy server)

• S71ldap.client (LDAP daemon, caches server and client
information for NIS lookups.)

4-6 Common Controller