Enhancements to DCE on MPE/iX
MPE documents | |
 Complete PDF | |
| Table of Contents | |
| Index |
Commercial Systems Division DCE 1.2.1 and RPC 1.2.1 are being released on MPE/iX 7.0 Express 1. DCE 1.2.1 is targeted for customers using the DCE-Client features, namely the security and naming service. This version of DCE 1.2.1 also contains the administrative tools for the respective components. The DCE 1.2.1 product on MPE/iX provides the enhanced support for the core DCE components. It does not support the complete functionality of OSF DCE 1.2.1. All customers using only RPC functionality may continue to do so with the RPC 1.2.1 release. DCE 1.2.1 is available as a patch for MPE/iX release 6.0 (patch ID DCELX60A) and MPE/iX release 6.5 (patch ID DCELX60). RPC 1.2.1 is also available as a patch for MPE/iX release 6.0 (patch ID FRILXHOA and MPE/iX release 6.5 (patch ID FRILXHIA).
Threads Library
The threads library was separated from the DCE libraries and also ported to P1003.1c APIs. The new threads library was delivered in POSIX environment as /usr/lib/libpthread.sl. The DCE library was also ported to P1003.1c APIs. The complete DCE-Client product is not ported to P1003.1c APIs. The DCE deamons: DCED, CDSADV, DTSD and the administration tools are not ported to P1003.1c thread APIs. They still use the P1003.4a APIs. To support these utilities and to maintain the compatibility with the older DCE applications, the DCE library that supports P1003.4a APIs is also delivered as DCEXL.HPDCE.SYS. All the deamons and the administration tools are linked to this library.
List of Deliverables
DCEXL.HPDCE.SYS
/usr/lib/libdce.sl
CDSADV.HPDCE.SYS
DCED.HPDCE.SYS
DTSD.HPDCE.SYS
RGYEDIT.HPDCE.SYS
RPCCP.HPDCE.SYS
ACLEDIT.HPDCE.SYS
DCELOGIN.HPDCE.SYS
KLIST.HPDCE.SYS
KINIT.HPDCE.SYS
KDESTROY.HPDCE.SYS
DTSCP.HPDCE.SYS
CDSCP.HPDCE.SYS
And the corresponding scripts in POSIX env.
dce_config and the supporting scripts.
/opt/dce/bin/dce_config
/opt/dce/bin/dce_shutdown
/opt/dce/bin/dce.rm
The following configuration support scripts
/etc/opt/dce/dce_com_utils
/etc/opt/dce/dce_com_env
/etc/opt/dce/dce_config_env
/etc/opt/dce/dce_config_utils
IDL.HPDCE.SYS
UUIDGEN.HPDCE.SYS
GETIP.HPDCE.SYS
MPEKILL.HPDCE.SYS
CELLNAME.HPDCE.SYS
WHOAMI.HPDCE.SYS
Timezone files.
Header files.
Catalog files.
/etc/rc.config.d/dce
/sbin/init.d/dce
/opt/dcelocal/var/svc/routing
- /opt/dce/sbin/*
cdsadv, dced, dtsd, rpcd(link to dced)
- /opt/dce/bin/*
dced, cdsadv, dtsd, rpcd (all these links to the respective files in
/opt/dce/sbin/*), rpccp, cdscp, dtscp, rgy_edit, acl_edit, dce_login, getcellname, getip, kinit, klist, kdestroy and the part of dce_config scripts.
Differences Between DCE 1.0.2 and DCE 1.2.1
This section describes the changes from DCE 1.0.2 to DCE 1.2.1.
Changes Pertaining to RPC
Private Client Sockets
Exception Handling
Changes Pertaining to IDL Compiler
Out-of-line marshalling (library-based marshalling)
Enhanced IDL data types
Support for IDL encoding services
Support of user defined exceptions
Support for customized binding handles
Changes to Control Programs and Daemons
Transition of ACL Manager
Removing of DCE Credentials
Serviceability Improvements
Security Delegation
Changes Pertaining to RPC
Private Client Socket
Exception Handling
Changes Pertaining to IDL Compiler
Out-of-line marshalling (library based marshalling)
Out-of-line marshalling causes constructed data types such as unions, pipes or large structures to be marshalled or unmarshalled by auxiliary routines, thus reducing the stub size. The out-of-line attribute directs the IDL compiler to place the marshalling and unmarshalling code in IDL auxiliary stub files, rather than in the direct flow of the stub code.
Enhanced IDL data types.
IDL support for arrays in the previous version was limited to:
Arrays with a lower bound of zero.
Arrays with conformance or varying dimensions only in the first (major) dimension.
Support for IDL encoding services.
This extension to the IDL stub compiler will enable instances of one or more data types to be encoded into and decoded from a byte stream format suitable for persistent storage without invoking RPC Runtime.
Support for user-defined exceptions.
This extension to the IDL compiler will allow specification of a set of user-defined exceptions that may be generated by the server implementation of the interface. If an exception occurs during the execution of the server, it terminates the operation and the exception is propagated from server to client.
Support for customized binding handles.
This allows the application developer to add some information that the application wants to pass between the client and server. This can be used when application-specific data is appropriate to use for finding a server, and the data is needed as a procedure parameter.
Control Programs and Daemons
The following control programs are delivered with DCE 1.2.1.cdscp — CDS control program
rpccp — RPC control program
dtscp — DTS control Program
rgy_edit — Registry Edit
acl_edit — ACL edit
sec_clientd
rpcd
cdsclerk
Transition of ACL Managers
OSF DCE 1.2.1 provides ACL management facilities within libdce. The sec_acl_mgr API is obsolete, and is no longer necessary to write its own ACL manager. Refer to the OSF DCE documentation to determine how to use the new dce_acl API to greatly reduce the amount of specialized ACL code that it might have to deal with. Since application builders may want to try building their existing applications against DCE 1.2.1 before migrating their ACL management layer to the DCE supported dce_acl API, DCE 1.2.1 includes a backward-compatible set of header files that match the header files used by applications in previous DCE releases. Replace any instance of:#include <dce/daclmgr.h> with #include <dce/daclmgrv0.h>
daclmgr to daclmgrv0
Removing DCE Credentials
A user's DCE credentials (stored in the directory /opt/dcelocal/var/security/creds) are not automatically removed by exiting a shell or logging out. Unless any background processes require DCE credentials, the credentials can be removed before logging out by running kdestroy utility. This will make the system more secure by decreasing the opportunity for someone to maliciously gain access to your network credentials. The kdestroy command has been modified to allow destruction of credentials older than a specified number of hours. kdestroy -e exp-period may be run manually to purge older credential files.Serviceability Improvements
DCE 1.2.1 has an improved feature of Serviceability. This feature is helpful in debugging any problems under different sub components of DCE. The default location for this file is /opt/dcelocal/var/svc/routing. The DCE_SVC_ROUTING_FILE environment variable can be used to name an alternate location for the file. The file is consulted if no switch is given on the command line or if no environment variable (SVC_level or SVC_comp_DBG) is found when a DCE process is started. Leading whitespace is ignored, as is any line whose first non-whitespace character is a #. Production messages are parsed as: <level>:<where>:<parameter> <level> is FATAL ERROR WARNING NOTICE NOTICE_VERBOSE or * (meaning all) <where> is STDERR STDOUT FILE (or TEXTFILE) BINFILE DISCARD <parameter> is the filename, where "%ld" becomes the process-id Send all messages to the console: *. FILE:/dev/console If FILE or BINFILE ends with ".n.m", then at most "n" files and at most "m" messages for each file will be written, where ".n" will be appended to each generation of the file. To keep the last 1000 NOTICE messages for all programs, with 100 messages in each of 10 files: NOTICE: FILE.10.100:/var/log/syslog Multiple routings for the same severity level can be specified by simply adding the additional desired routings to form a semicolon-separated list of <where>:<parameter> pairs. Debug messages are parsed as: <comp>:<level>:<where>:<parameter> <comp> is the component (rpc, sec, cds, dts, dhd, ...) <level> is a comma-separated list of sub-component levels for each component <where> and parameter are as above. Each component can have its own entry. Each subcomponent level has the form "<subcomp>.n", where "n" is 1 to 9; these are parsed in order, so put subcomponent wildcard entries first. For example, to enable tracing for different components at different levels.dts:*.9:FILE:/tmp/logs/%ld.dts rpc:*.3:FILE:/tmp/logs/%ld.rpc sec:*.4:FILE:/tmp/logs/%ld.sec dhd:*.7:FILE:/tmp/logs/%ld.dhd cds:*.9:FILE:/tmp/logs/%ld.cds
Security Delegation
Intermediary servers can operate on behalf of the initiating client while preserving identities and ACLs.Installation and Configuration
DCE 1.2.1 is submitted as a patch. Current patch ID is DCELX60A. Installation of this patch on a MPE/iX 6.0 installs the DCE latest DCE 1.2.1 client product. Currently this is tested for MPE/iX 6.0 Version. All the dependent patches as mentioned in the DCELX60A patch should be installed. Configuration involves the configuration of the MPE/iX system with the latest DCE 1.2.1 patch as a DCE client. The DCE server has to be the HP-UX 10.20 server with the DCE server products installed with the latest patches. Currently, MPE/iX only supports the client configuration. Following are the Screen snapshots for the Client Configuration. (When run on system "Hanuman") DCE Main Menu (on HANUMAN)
- 1. CONFIGURE-CLIENT
configure client and start DCE daemons
- 2. START
restart DCE daemons
- 3. STOP
stop DCE daemons
- 4. REMOVE
stop DCE daemons and remove data files created by DCE daemons
selection: < 1 > S:****** Configuring client...What is the name of a Security Server running in the cell you wish to join? < dcetst4 > Enter the name of your cell (without /.../): < mpecell >
S:****** Stopping rpcd... S:****** Starting dced... S:****** Initializing dced... Streaming job to run dced... #J22 Streaming job to run dced... #J23 S:****** Since the glbd daemon was restarted and/or llbd and rpcd were replaced by the end point mapper, NCS applications may need to be restarted.Enter Cell Administrator's principal name: (cell_admin) Enter password:
S:****** Checking for active sec_client service... S:****** Waiting for registry propagation... S:****** Starting sec_client service... S:****** This node is now a security client. S:****** Starting cdsadv...Streaming job to run cdsadv... #J24What is the name of a CDS server in this cell (if there is more than one, enter the name of the server to be cached, if necessary)? < dcetst4 > Create LAN profile so clients and servers can be divided into profile groups for higher performance in a multi-lan cell ? (n)<n>
S:****** This node is now a CDS client.Should this machine be configured as a DTS Clerk, DTS Local Server, or DTS Global Server? (Default is DTS Clerk) (clerk, local, global, none)
S:****** Starting dtsd... Streaming job to run dtsd... #J25 S:****** This node is now a DTS clerk.DCE Main Menu (on HANUMAN)
- 1. CONFIGURE-CLIENT
configure client and start DCE daemons
- 2. START
restart DCE daemons
- 3. STOP
stop DCE daemons
- 4. REMOVE
stop DCE daemons and remove data files created by DCE daemons
selection: < 99 > S:****** Exiting from dce_config. WARNING: The password for the "cell_admin none none" user is a well-known default value. Since this is a security hole, it is recommended that the password be changed immediately after exiting this script by using "dce_login", then the "rgy_edit change" command. shell/iX>The following are the screen snapshots for DCE cell remove
shell/iX> ./dce_configDCE Main Menu (on HANUMAN)
- 1. CONFIGURE-CLIENT
configure client and start DCE daemons
- 2. START
restart DCE daemons
- 3. STOP
stop DCE daemons
- 4. REMOVE
stop DCE daemons and remove data files created by DCE daemons
selection: < 4 >REMOVE will remove the node's ability to operate in the cell. A reconfiguration of the node will be required. This node should be unconfigured before a REMOVE is done. You may REMOVE without unconfiguring if you are destroying the cell. Do you wish to continue (y/n)? (n) < y >
S:****** Attempting to stop all running DCE daemons...Reminder: Existing user credentials will be invalid when DCE daemons are stopped and restarted.
S:****** Daemon dced is being used by NCS. It will be restarted as rpcd.Streaming job to run rpcd...
#J21
S:****** Successfully stopped all running DCE daemons.
S:****** Attempting to remove all remnants of previous DCE configurations...
S:****** Successfully removed all remnants of previous DCE configurations
for all components.
Reference:
OSF DCE Application Development Guide — Core components.
OSF DCE RCF 47.3: DCED — The DCE host Daemon functional Specification.
|
New HP e3000 N-Class and A-Class Servers |
CI Enhancements |