Communicator e3000 MPE/iX Express 1 Based on Release 7.0
> Chapter 6 Technical ArticlesEnhancements to DCE on MPE/iX |
||||||||||||||||
|
Commercial Systems Division DCE 1.2.1 and RPC 1.2.1 are being released on MPE/iX 7.0 Express 1. DCE 1.2.1 is targeted for customers using the DCE-Client features, namely the security and naming service. This version of DCE 1.2.1 also contains the administrative tools for the respective components. The DCE 1.2.1 product on MPE/iX provides the enhanced support for the core DCE components. It does not support the complete functionality of OSF DCE 1.2.1. All customers using only RPC functionality may continue to do so with the RPC 1.2.1 release. DCE 1.2.1 is available as a patch for MPE/iX release 6.0 (patch ID DCELX60A) and MPE/iX release 6.5 (patch ID DCELX60). RPC 1.2.1 is also available as a patch for MPE/iX release 6.0 (patch ID FRILXHOA and MPE/iX release 6.5 (patch ID FRILXHIA). Threads LibraryThe threads library was separated from the DCE libraries and also ported to P1003.1c APIs. The new threads library was delivered in POSIX environment as /usr/lib/libpthread.sl. The DCE library was also ported to P1003.1c APIs. The complete DCE-Client product is not ported to P1003.1c APIs. The DCE deamons: DCED, CDSADV, DTSD and the administration tools are not ported to P1003.1c thread APIs. They still use the P1003.4a APIs. To support these utilities and to maintain the compatibility with the older DCE applications, the DCE library that supports P1003.4a APIs is also delivered as DCEXL.HPDCE.SYS. All the deamons and the administration tools are linked to this library. List of Deliverables
Differences Between DCE 1.0.2 and DCE 1.2.1This section describes the changes from DCE 1.0.2 to DCE 1.2.1.
Changes Pertaining to RPC
Changes Pertaining to IDL Compiler
Control Programs and DaemonsThe following control programs are delivered with DCE 1.2.1.
Transition of ACL ManagersOSF DCE 1.2.1 provides ACL management facilities within libdce. The sec_acl_mgr API is obsolete, and is no longer necessary to write its own ACL manager. Refer to the OSF DCE documentation to determine how to use the new dce_acl API to greatly reduce the amount of specialized ACL code that it might have to deal with. Since application builders may want to try building their existing applications against DCE 1.2.1 before migrating their ACL management layer to the DCE supported dce_acl API, DCE 1.2.1 includes a backward-compatible set of header files that match the header files used by applications in previous DCE releases. Replace any instance of:
Removing DCE CredentialsA user's DCE credentials (stored in the directory /opt/dcelocal/var/security/creds) are not automatically removed by exiting a shell or logging out. Unless any background processes require DCE credentials, the credentials can be removed before logging out by running kdestroy utility. This will make the system more secure by decreasing the opportunity for someone to maliciously gain access to your network credentials. The kdestroy command has been modified to allow destruction of credentials older than a specified number of hours. kdestroy -e exp-period may be run manually to purge older credential files.Serviceability ImprovementsDCE 1.2.1 has an improved feature of Serviceability. This feature is helpful in debugging any problems under different sub components of DCE. The default location for this file is /opt/dcelocal/var/svc/routing. The DCE_SVC_ROUTING_FILE environment variable can be used to name an alternate location for the file. The file is consulted if no switch is given on the command line or if no environment variable (SVC_level or SVC_comp_DBG) is found when a DCE process is started. Leading whitespace is ignored, as is any line whose first non-whitespace character is a #. Production messages are parsed as: <level>:<where>:<parameter> <level> is FATAL ERROR WARNING NOTICE NOTICE_VERBOSE or * (meaning all) <where> is STDERR STDOUT FILE (or TEXTFILE) BINFILE DISCARD <parameter> is the filename, where "%ld" becomes the process-id Send all messages to the console: *. FILE:/dev/console If FILE or BINFILE ends with ".n.m", then at most "n" files and at most "m" messages for each file will be written, where ".n" will be appended to each generation of the file. To keep the last 1000 NOTICE messages for all programs, with 100 messages in each of 10 files: NOTICE: FILE.10.100:/var/log/syslog Multiple routings for the same severity level can be specified by simply adding the additional desired routings to form a semicolon-separated list of <where>:<parameter> pairs. Debug messages are parsed as: <comp>:<level>:<where>:<parameter> <comp> is the component (rpc, sec, cds, dts, dhd, ...) <level> is a comma-separated list of sub-component levels for each component <where> and parameter are as above. Each component can have its own entry. Each subcomponent level has the form "<subcomp>.n", where "n" is 1 to 9; these are parsed in order, so put subcomponent wildcard entries first. For example, to enable tracing for different components at different levels.dts:*.9:FILE:/tmp/logs/%ld.dts rpc:*.3:FILE:/tmp/logs/%ld.rpc sec:*.4:FILE:/tmp/logs/%ld.sec dhd:*.7:FILE:/tmp/logs/%ld.dhd cds:*.9:FILE:/tmp/logs/%ld.cds Security DelegationIntermediary servers can operate on behalf of the initiating client while preserving identities and ACLs.Installation and ConfigurationDCE 1.2.1 is submitted as a patch. Current patch ID is DCELX60A. Installation of this patch on a MPE/iX 6.0 installs the DCE latest DCE 1.2.1 client product. Currently this is tested for MPE/iX 6.0 Version. All the dependent patches as mentioned in the DCELX60A patch should be installed. Configuration involves the configuration of the MPE/iX system with the latest DCE 1.2.1 patch as a DCE client. The DCE server has to be the HP-UX 10.20 server with the DCE server products installed with the latest patches. Currently, MPE/iX only supports the client configuration. Following are the Screen snapshots for the Client Configuration. (When run on system "Hanuman") DCE Main Menu (on HANUMAN)
selection: < 1 > S:****** Configuring client...What is the name of a Security Server running in the cell you wish to join? < dcetst4 > Enter the name of your cell (without /.../): < mpecell > S:****** Stopping rpcd... S:****** Starting dced... S:****** Initializing dced... Streaming job to run dced... #J22 Streaming job to run dced... #J23 S:****** Since the glbd daemon was restarted and/or llbd and rpcd were replaced by the end point mapper, NCS applications may need to be restarted.Enter Cell Administrator's principal name: (cell_admin) Enter password: S:****** Checking for active sec_client service... S:****** Waiting for registry propagation... S:****** Starting sec_client service... S:****** This node is now a security client. S:****** Starting cdsadv...Streaming job to run cdsadv... #J24What is the name of a CDS server in this cell (if there is more than one, enter the name of the server to be cached, if necessary)? < dcetst4 > Create LAN profile so clients and servers can be divided into profile groups for higher performance in a multi-lan cell ? (n)<n> S:****** This node is now a CDS client.Should this machine be configured as a DTS Clerk, DTS Local Server, or DTS Global Server? (Default is DTS Clerk) (clerk, local, global, none) S:****** Starting dtsd... Streaming job to run dtsd... #J25 S:****** This node is now a DTS clerk.DCE Main Menu (on HANUMAN)
selection: < 99 > S:****** Exiting from dce_config. WARNING: The password for the "cell_admin none none" user is a well-known default value. Since this is a security hole, it is recommended that the password be changed immediately after exiting this script by using "dce_login", then the "rgy_edit change" command. shell/iX>The following are the screen snapshots for DCE cell remove shell/iX> ./dce_configDCE Main Menu (on HANUMAN)
selection: < 4 >REMOVE will remove the node's ability to operate in the cell. A reconfiguration of the node will be required. This node should be unconfigured before a REMOVE is done. You may REMOVE without unconfiguring if you are destroying the cell. Do you wish to continue (y/n)? (n) < y > S:****** Attempting to stop all running DCE daemons...Reminder: Existing user credentials will be invalid when DCE daemons are stopped and restarted. S:****** Daemon dced is being used by NCS. It will be restarted as rpcd.Streaming job to run rpcd... #J21 S:****** Successfully stopped all running DCE daemons. S:****** Attempting to remove all remnants of previous DCE configurations... S:****** Successfully removed all remnants of previous DCE configurations for all components.Reference:
|