DCE for Digital UNIX Installation and Configuration Guide Order Number: AA-PZK3E-TE June 1996 Product Version: DCE Version 2.0 Operating System and Version: Digital UNIX Version 4.0 or higher This guide describes how to install and configure Digital Distributed Computing Environment (DCE) Version 2.0 on Digital UNIX Version 4.0 systems. __________________________________________________ digital equipment corporation Maynard, Massachusetts Restricted Rights: Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii). Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. Copyright Digital Equipment Corporation 1996 All rights reserved. The following are trademarks of Digital Equipment Corporation: ALL-IN-1, Alpha AXP, AXP, Bookreader, CDA, DDIS, DEC, DEC FUSE, DECnet, DECstation, DECsystem, DECUS, DECwindows, DTIF, MASSBUS, MicroVAX, OpenVMS, Q-bus, TURBOchannel, ULTRIX, ULTRIX Mail Connection, ULTRIX Worksystem Software, UNIBUS, VAX, VAXstation, VMS, XUI, and the DIGITAL logo. Domain and AEGIS are registered trademarks of Apollo Computer, Inc., a subsidiary of Hewlett-Packard Company. BSD is a trademark of Uunet Technologies. IBM is a registered trademark of International Business Machines Corporation. Kerberos is a trademark of Massachusetts Institute of Technology. Xenix, MS-DOS, and MS-OS/2 are trademarks of Microsoft Corporation. NFS is a registered trademark of Sun Microsystems, Inc. Open Software Foundation, OSF, OSF/1, OSF/Motif, and Motif are trademarks of the Open Software Foundation, Inc. UNIX is a registered trademark in the US and other countries licensed exclusively through X/Open Company Limited. All other trademarks and registered trademarks are the property of their respective holders. Contents Preface Intended Audience ................................... vii Document Structure .................................. viii Associated Documents ................................ viii Conventions ......................................... ix 1 Using This Installation Guide 2 Instructions for Experienced Installers 2.1 Starting the Standard Software Installation Procedure ..................................... 2-2 2.2 Initial DCE Cell Creation and Server Configuration ................................. 2-8 2.3 Configuring Your System as a DCE Client ....... 2-18 2.4 Performing a Split Server Installation ........ 2-20 2.4.1 Create a Cell and Security Server on System 1 .......................................... 2-21 2.4.2 Create a CDS Server on System 2 .......... 2-21 2.4.3 Complete Security Server Configuration on System 1 ................................... 2-23 2.4.4 Complete Master CDS Server Configuration on System 2 ................................... 2-23 3 Preparing for Digital DCE Installation 3.1 Release Notes ................................. 3-1 3.2 License Registration .......................... 3-1 3.3 Planning for Installation and Configuration ... 3-2 3.3.1 What Is a Cell? .......................... 3-3 3.3.2 Creating a Cell .......................... 3-4 3.3.3 Joining a Cell ........................... 3-5 3.4 Inspecting the Distribution Kit ............... 3-6 3.5 Verifying Required Disk Space ................. 3-6 3.6 Installation Procedure Requirements ........... 3-8 3.6.1 Verifying Necessary Privileges ........... 3-8 3.6.2 Hardware Requirements .................... 3-8 3.6.3 Software Requirements .................... 3-8 3.6.4 Determining Which Subsets to Load ........ 3-10 3.6.5 Performing System Backup ................. 3-11 3.6.6 If You Are Reinstalling DCE .............. 3-11 3.7 Stopping the Installation ..................... 3-12 3.8 Error Recovery During Installation ............ 3-12 4 Installing Digital DCE 4.1 Starting the Installation Procedure ........... 4-1 4.1.1 Selecting Subsets ........................ 4-2 4.1.2 Monitoring Displays During the Initial Configuration Process ...................... 4-6 5 Configuring the Digital DCE Kit 5.1 Beginning the Configuration Procedure ......... 5-1 5.2 DCE Cells ..................................... 5-2 5.2.1 Defining a DCE Cell Name ................. 5-3 5.2.2 Defining a Hostname ...................... 5-4 5.3 Creating a New DCE Cell ....................... 5-4 iv Contents 5.4 Configuring Your System as a DCE Client ....... 5-9 5.5 Configuring the DCE Distributed File Service .. 5-14 5.6 Registering a Cell in X.500 ................... 5-15 5.7 Intercell Naming .............................. 5-16 5.8 Split Server Configuration (Adding a Master CDS Server) ....................................... 5-18 5.8.1 Creating a New Cell and Master Security Server ..................................... 5-18 5.8.2 Creating the Master CDS Server on Another System ..................................... 5-21 5.8.3 Completing the Security Server Configuration .............................. 5-24 5.8.4 Completing the CDS Master Server Configuration .............................. 5-25 5.9 Adding a Replica CDS Server ................... 5-26 5.10 Adding Security Replica ...................... 5-30 5.11 Adding a DTS Local Server .................... 5-34 5.12 Adding a DTS Global Server ................... 5-37 5.13 Adding a Null Time Provider .................. 5-41 5.14 Adding an NTP Time Provider .................. 5-41 5.15 Enabling Auditing ............................ 5-42 5.16 Using SIA .................................... 5-43 5.16.1 Local Security Mechanisms ............... 5-43 5.16.2 Turning On DCE SIA ...................... 5-43 5.16.3 Turning Off DCE SIA Security ............ 5-44 5.17 Migrating Your Cell .......................... 5-45 5.17.1 Security Migration ...................... 5-46 5.17.2 CDS Migration ........................... 5-47 5.18 Running the DCE Configuration Verification Program ....................................... 5-49 Contents v 5.19 Error Recovery During Configuration .......... 5-50 A Files Installed on Your System A.1 Directory Tree Structure ...................... A-2 A.2 Files Installed ............................... A-3 A.2.1 DCE Runtime Services Subset .............. A-3 A.2.2 Application Developer's Kit Subset ....... A-6 A.2.3 DCE Security Services Subset ............. A-14 A.2.4 Cell Directory Services Subset ........... A-14 A.2.5 DCE Command Manual Pages Subset .......... A-15 A.2.6 DCE Application Developer's Kit Manual Pages Subset ............................... A-16 A.2.7 DCE DFS Runtime Services Subset .......... A-28 A.2.8 DCE DFS Kernel Binaries Subset ........... A-29 A.2.9 DCE DFS NFS Gateway Services Subset ...... A-29 A.2.10 DCE DFS Utilities Subset ................ A-30 A.2.11 DCE DFS Manual Pages Subset ............. A-31 B Sample Listings for Digital DCE Installation and Configuration B.1 Sample Standard Installation and Configuration of the DCE Server ............................. B-1 B.2 Sample Installation and Configuration of the Runtime Services .............................. B-11 C Configuration Worksheet C.1 Sample Worksheet .............................. C-2 C.2 Installation and Configuration Worksheet ...... C-3 Index Tables 2-1: System Configuration Setup Commands ........... 2-10 2-2: Configuration Choice Menu Options ............. 2-12 vi Contents 2-3: Modify Configuration Menu Options ............. 2-12 3-1: Disk Space Requirements for DCE Subsets ....... 3-6 Contents vii Preface DCE 2.0 for Digital UNIX is a layered product on the Digital UNIX Version 4.0 operating system. It is a compatible upgrade of the Digital DCE Version 1.3. This guide describes how to install and configure Digital Equipment Corporation's Distributed Computing Environment (DCE) Version 2.0 on Digital UNIX Version 4.0 systems. The installation procedure creates Digital DCE file directories subordinate to the ////uuuussssrrrr////oooopppptttt directory and loads DCE software subsets. Digital DCE consists as a full DCE implementation as defined by the Open Software Foundation (OSF). This software includes these components: +o Remote Procedure Call (RPC) +o Cell Directory Service (CDS) +o Distributed Time Service (DTS) +o DCE Security +o DCE Distributed File Service (DFS) Keep this document with your distribution kit. You need it to install maintenance updates or to reinstall this kit. _I_n_t_e_n_d_e_d _A_u_d_i_e_n_c_e The audience for this guide includes the following: +o A system manager who manages the distributed computing environment +o A Remote Installation Services (RIS) manager who manages an RIS server area +o A system manager who expects to perform client installations from the server area of a remote system _D_o_c_u_m_e_n_t _S_t_r_u_c_t_u_r_e This guide contains the following chapters and appendixes: +o Chapter 1 suggests ways to use this guide based on whether you are an experienced DCE installer or you are installing DCE for the first time. +o Chapter 2 provides installation instructions for experienced DCE installers who want a bird's eye view of the installation process. +o Chapter 3 describes the operating system and hardware requirements for installation and related procedures that you must complete before installing the Digital DCE kit. +o Chapter 4 describes the DCE installation process. +o Chapter 5 describes the configuration procedure, the configuration verification program (CVP), and any post-installation procedures that you must complete in order to use this DCE kit. +o Appendix A describes the DCE directory hierarchy and lists the directories and permanent files installed with each subset. +o Appendix B contains sample installation and configuration listings. +o Appendix C provides a worksheet to help map an installation and configuration before you begin. _A_s_s_o_c_i_a_t_e_d _D_o_c_u_m_e_n_t_s In addition to this guide, the DCE documentation set includes the following manuals: +o _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e +o _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _R_e_f_e_r_e_n_c_e _G_u_i_d_e +o _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _C_o_n_f_i_g_u_r_i_n_g _t_h_e _D_i_s_t_r_i_b_u_t_e_d _F_i_l_e _S_e_r_v_i_c_e +o _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _I_n_t_r_o_d_u_c_t_i_o_n +o _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s +o _O_S_F _D_C_E _C_o_m_m_a_n_d _R_e_f_e_r_e_n_c_e viii Preface +o _O_S_F _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_m_e_n_t _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s +o _O_S_F _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_m_e_n_t _G_u_i_d_e - _D_i_r_e_c_t_o_r_y _S_e_r_v_i_c_e_s +o _O_S_F _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_m_e_n_t _R_e_f_e_r_e_n_c_e +o _O_S_F _D_C_E _D_F_S _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e _a_n_d _R_e_f_e_r_e_n_c_e +o _I_n_t_r_o_d_u_c_t_i_o_n _t_o _O_S_F _D_C_E +o _G_u_i_d_e _t_o _W_r_i_t_i_n_g _D_C_E _A_p_p_l_i_c_a_t_i_o_n_s +o _U_n_d_e_r_s_t_a_n_d_i_n_g _D_C_E Please refer to the following manuals if you need additional information about subset installation or system management: +o _D_i_g_i_t_a_l _U_N_I_X _S_h_a_r_i_n_g _S_o_f_t_w_a_r_e _o_n _a _L_o_c_a_l _A_r_e_a _N_e_t_w_o_r_k +o _D_i_g_i_t_a_l _U_N_I_X _N_e_t_w_o_r_k _A_d_m_i_n_i_s_t_r_a_t_i_o_n _C_o_n_v_e_n_t_i_o_n_s The following conventions are used in this guide: UPPERCASEThe operating system differentiates between lowercaselowercase and uppercase characters. Literal strings that appear in text, examples, syntax descriptions, and function definitions must be typed exactly as shown. file Italic (slanted) type indicates variable values, placeholders, and function argument names. % cat A regular constant-width typeface is used for code examples, system prompts in interactive examples, and names of commands and other literal strings in text. A bold constant- width typeface is used for typed user input in interactive examples and for routines in function definitions. % The default user prompt is your system name followed by a right angle bracket. In this manual, a percent sign (%) is used to represent this prompt. Preface ix # A number sign represents the superuser prompt. Ctrl/_x This symbol indicates that you hold down the first named key while pressing the key or mouse button that follows the slash. In examples, this key combination is enclosed in a box (for example, ). In an example, a key name enclosed in a box indicates that you press that key. x Preface Using This Installation Guide 1 You can use this guide in two ways. If you have already installed or configured DCE on one or more systems and are repeating the action across additional systems, you can use the brief (less detailed) instructions in Chapter 2. If you are installing or configuring DCE for the first time, or you need detailed instructions about performing some operation, use Chapters 3 through 5. +o Chapter 3 discusses how to prepare for DCE installation, explaining license registration, system requirements, and so on. +o Chapter 4 discusses using the sssseeeettttlllldddd utility to install appropriate DCE software subsets on your Digital UNIX system. +o Chapter 5 provides detailed instructions for configuring installed DCE software subsets. Appendix A lists files that are installed on your system when you install and configure DCE. Appendix B provides sample installation and configuration dialogs. Appendix C includes an installation worksheet. Before performing the actual installations you might want to organize the information that you will need during the installation and configuration phases. The installation worksheet provides a convenient place to record this information. You can make additional copies of the worksheet for future use. Instructions for Experienced Installers 2 Use the instructions in this chapter only if you are experienced with the Digital UNIX operating systems and are comfortable performing installations on these systems. For instance, you might be familiar with the installation procedure if you have already installed DCE on one or two systems. These instructions provide basic information to help you install DCE and create a cell as quickly as possible, using the defaults provided by the installation and configuration procedure. For complete information about installing and configuring this product, you should read the entire manual. A cell is the basic unit of operation and administration in DCE; it is a group of users, systems, and resources that have a common purpose and share common DCE services. At a minimum, the cell configuration requires the Cell Directory Service (CDS), the DCE Security Service, and the Distributed Time Service (DTS) (or other compatible time service). Those systems in the cell that are not acting as hosts for the various DCE servers should be configured as DCE clients. DCE clients are systems that have the Runtime Services subset installed on them. These instructions describe the following operations: +o Installing the DCE software +o Creating a DCE cell with a Security server and a CDS server on the same system +o Configuring the DCE Runtime Services (client systems) +o Performing a split server installation (Security server and CDS server on different systems) _N_o_t_e Before installing this software, you must install the following subsets: +o Document Preparation Tools (OSFDCMT400) - This subset is required for installing reference pages (manpages). The version number is 400; any version is acceptable. +o Software Development Environment (OSFPGMR400) - This subset is required if you want to build programs in the Application Developer's kit subset (where 400 is the version number). _N_o_t_e You must install the Runtime Services subset before you install any other subset. Follow this sequence for installing DCE and creating a cell with servers and clients: 1. Install the DCE software (see Section 2.1). 2. Create a cell (see Section 2.2). 3. Configure a client after you create your cell (see Section 2.3). _2._1 _S_t_a_r_t_i_n_g _t_h_e _S_t_a_n_d_a_r_d _S_o_f_t_w_a_r_e _I_n_s_t_a_l_l_a_t_i_o_n _P_r_o_c_e_d_u_r_e Before performing the following instructions, obtain a copy of the DCE software, install the correct PAKs, and place the software kit on the system to be configured. _N_o_t_e Databases can be saved and reused from V1.3 to V2.0. The installation procedure asks whether you want to delete them or not. To make sure databases are saved, do not use clean or clobber when performing the installation. If you want to stop the installation at any point, press ; however, you must then delete any 2-2 Instructions for Experienced Installers subsets that have been created up to that point. To delete the subsets, perform the following steps: 1. Log in as superuser (login name rrrrooooooootttt) to the system on which you are installing the Digital DCE software. _N_o_t_e Users can customize the command line prompt. 2. If you are installing this software on a system which contains previously installed DCE software, you must first remove the existing DCE software's subsets from the system. To determine whether any existing subsets have been installed, enter the following command: # _s_e_t_l_d -_i | _g_r_e_p _D_C_E If a subset is installed, you see a display similar to the following: DCECDS130 installed DCE CDS Server V1.3 If the subset is not installed, the word _i_n_s_t_a_l_l_e_d does not appear in the middle column. 3. To remove the existing DCE subsets, use the following syntax: # _s_e_t_l_d -_d subset-id [subset-id...] where _s_u_b_s_e_t-_i_d is the subset name and version number. For example, to delete the Runtime Services subset, enter this command where _x_x_x is the subset version number: # _s_e_t_l_d -_d _D_C_E_R_T_S_x_x_x 4. After deleting any previous versions of DCE software, change directories to where the software is placed, and enter the following sssseeeettttlllldddd command to load the subsets in the DCE software: # _s_e_t_l_d -_l . 5. After several seconds, the installation procedure displays the names of the optional subsets and Instructions for Experienced Installers 2-3 prompts you to specify the subsets that you want to install. The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) DCE Application Developers Kit V2.0 2) DCE Application Developers Manual Pages V2.0 3) DCE Cell Directory Server V2.0 4) DCE Command Reference Manual Pages V2.0 5) DCE DFS Base V2.0 6) DCE DFS Kernel Binaries V2.0 7) DCE DFS Man Pages V2.0 8) DCE DFS NFS-DFS Secure Gateway Server V2.0 9) DCE DFS Utilities/Debug V2.0 --- MORE TO FOLLOW --- Enter your choices or press RETURN to display the next screen. Choices (for example, 1 2 4-6): 10) DCE Runtime Services V2.0 11) DCE Security Server V2.0 Or you may choose one of the following options: 12) ALL of the above 13) CANCEL selections and redisplay menus 14) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): Enter the subsets that you want to install. For a minimum cell configuration, choose options 3, 5, and 6. If you specify more than one number at the prompt, separate each number with a space, not a comma. 6. Next, the installation procedure lets you verify your choice. For example, if you enter 11112222 in response to the previous prompt, you see the following display: You are installing the following optional subsets: DCE Application Developers Kit V2.0 DCE Application Developers Manual Pages V2.0 2-4 Instructions for Experienced Installers DCE Cell Directory Server V2.0 DCE Command Reference Manual Pages V2.0 DCE DFS Base V2.0 DCE DFS Kernel Binaries V2.0 DCE DFS Man Pages V2.0 DCE DFS NFS-DFS Secure Gateway Server V2.0 DCE DFS Utilities/Debug V2.0 DCE Runtime Services V2.0 DCE Security Server V2.0 Is this correct? (y/n): If the subsets displayed are those you want to install, enter yyyy. The installation procedure then checks the system space. Checking file system space required to install selected subsets: File system space checked OK. 11 subset(s) will be installed. The installation procedure displays the subsets being installed. Loading 1 of 11 subset(s).... DCE Runtime Services V2.0 Copying from . (disk) Working....Fri May 31 12:20:00 EDT 1996 Verifying Loading 2 of 11 subset(s).... DCE Security Server V2.0 Copying from . (disk) Verifying Loading 3 of 11 subset(s).... DCE Cell Directory Server V2.0 Copying from . (disk) Verifying Loading 4 of 11 subset(s).... DCE Application Developers Kit V2.0 Copying from . (disk) Working....Fri May 31 12:20:35 EDT 1996 Verifying Loading 5 of 11 subset(s).... Instructions for Experienced Installers 2-5 DCE Command Reference Manual Pages V2.0 Copying from . (disk) Verifying Loading 6 of 11 subset(s).... DCE Application Developers Manual Pages V2.0 Copying from . (disk) Working....Fri May 31 12:21:02 EDT 1996 Verifying Loading 7 of 11 subset(s).... DCE DFS Base V2.0 Copying from . (disk) Verifying Loading 8 of 11 subset(s).... DCE DFS Kernel Binaries V2.0 Copying from . (disk) Verifying Loading 9 of 11 subset(s).... DCE DFS Utilities/Debug V2.0 Copying from . (disk) Verifying Loading 10 of 11 subset(s).... DCE DFS Man Pages V2.0 Copying from . (disk) Verifying Loading 11 of 11 subset(s).... DCE DFS NFS-DFS Secure Gateway Server V2.0 Copying from . (disk) Verifying 11 of 11 subset(s) installed successfully. Configuring "DCE Runtime Services V2.0" (DCERTS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. 2-6 Instructions for Experienced Installers RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. The installation procedure then displays the following message and, if you have existing DCE databases from a previous configuration, asks whether you want to delete them: ======================================================================== Beginning configuration of DCE Version 2.0. You will be asked a few questions before configuration can proceed. On-line help is available where the prompt contains a "?" choice. ======================================================================== Directory /opt/dcelocal exists. It may contain the DCE databases. Do you want to delete the old DCE databases? (y/n/?) [n]: The existing DCE databases will be removed upon the successful completion of installation of DCERTS200. These databases contain information from your previous DCE configuration. This information includes your cell name, the cell namespace database, security credentials, and the DCE services used in the previous configuration. If you want to delete your old configuration and create a new one, type yyyy. If you type nnnn, the procedure continues with the installation, preserving the existing DCE configuration. If you type yyyy, the procedure creates local copies of files in the DCE permanent file system and other files and directories required to run the DCE services. The installation procedure prompts you to choose the directory under which these local files are to be located: IMPORTANT: For SECURITY reasons, you may want to make sure that the location you will type now is native to this host; i.e., is not NFS mounted! Please enter the location for new DCE local databases, or press for the default location [/var]: You can specify the default or enter another directory name; the directory is created if it does not already exist. The entire directory tree initially requires about 100 KB of disk space; it may Instructions for Experienced Installers 2-7 require more space as you use the DCE services. The installation procedure now completes installation of the subsets. ======================================================================== There will be no more questions asked for the remainder of the configuration. ======================================================================== The installation process takes, on average, about 15 minutes, displaying various messages about what it is doing. When the installation is completed, the screen displays this message: ======================================================================== Installation of all the requested DCE subsets is completed. You have installed the DCE software which requires further action to configure and start it. To do so please invoke "/usr/sbin/dcesetup" and select option 1 (Configure DCE services) from the main menu. ======================================================================== 7. To verify that the subsets you selected have been installed, enter the following command: # _s_e_t_l_d -_i | _g_r_e_p _D_C_E _2._2 _I_n_i_t_i_a_l _D_C_E _C_e_l_l _C_r_e_a_t_i_o_n _a_n_d _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n Use the ////uuuussssrrrr////ssssbbbbiiiinnnn////ddddcccceeeesssseeeettttuuuupppp utility to create a DCE cell and configure servers. From the Digital UNIX prompt, you can enter ddddcccceeeesssseeeettttuuuupppp commands directly in this form: # /_u_s_r/_s_b_i_n/_d_c_e_s_e_t_u_p _c_o_n_f_i_g Alternatively, you can invoke a menu that offers the same command choices by entering this command: # /_u_s_r/_s_b_i_n/_d_c_e_s_e_t_u_p If you are using the Digital UNIX Application Manager graphical interface, you can invoke ddddcccceeeesssseeeettttuuuupppp by clicking on the following series of icons: 1. In the AAAApppppppplllliiiiccccaaaattttiiiioooonnnn MMMMaaaannnnaaaaggggeeeerrrr menu, click on the 2-8 Instructions for Experienced Installers SSSSyyyysssstttteeeemmmm____AAAAddddmmmmiiiinnnn icon. 2. In the SSSSyyyysssstttteeeemmmm____AAAAddddmmmmiiiinnnn menu, click on the CCCCoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnn icon. 3. In the CCCCoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnn menu, click on the DDDDCCCCEEEE SSSSeeeettttuuuupppp icon. Table 2-1 describes the system configuration setup commands. Instructions for Experienced Installers 2-9 Table 2-1: _S_y_s_t_e_m _C_o_n_f_i_g_u_r_a_t_i_o_n _S_e_t_u_p _C_o_m_m_a_n_d_s ______________________________________ __C__CCCo__ooom__mmmm__mmma__aaan__nnnd__ddd________________________D__DDDe__eees__sssc__cccr__rrri__iiip__pppt__ttti__iiio__ooon__nnn______________ config Displays the Configuration Choice Menu. show Displays the current DCE system configuration in read-only mode. You do not need special privileges to execute this command. stop Terminates all active DCE daemons. You must have superuser privileges to use this command. start Starts all DCE daemons based on the current DCE system configuration. You must have superuser privileges to use this command. restart Terminates all active DCE daemons and restarts the daemons based on the current DCE system configuration. You must have superuser privileges to use this command. clean Terminates all active DCE daemons and deletes all temporary local databases associated with DCE services on this system. You must have superuser privileges to execute this command. After you execute this command, you must restart all DCE services and applications. To restart the daemons after executing the cccclllleeeeaaaannnn command, use ddddcccceeeesssseeeettttuuuupppp ssssttttaaaarrrrtttt.... 2-10 Instructions for Experienced Installers Table 2-1: (continued) clobber Terminates all active DCE daemons and deletes all temporary and permanent local databases associated with DCE services on this system, including the DCE system configuration files. You must have superuser privileges to execute this command. After you execute this command, you must reconfigure the services on this system because cccclllloooobbbbbbbbeeeerrrr returns the system to the state it was in during the installation before the initial DCE system configuration was performed. To restart the daemons after executing the cccclllloooobbbbbbbbeeeerrrr command, use ddddcccceeeesssseeeettttuuuupppp ccccoooonnnnffffiiiigggg.... cvp Invokes the Configuration Verification Program which performs a series of operations on the DCE RPC interfaces. version Shows the DCE version number. exit Allows you to exit from the DCE System _____________C_o_n_f_i_g_u_r_a_t_i_o_n__m_e_n_u_._______ Instructions for Experienced Installers 2-11 Table 2-2 describes the options available on the Configuration Choice Menu. Table 2-2: _C_o_n_f_i_g_u_r_a_t_i_o_n _C_h_o_i_c_e _M_e_n_u _O_p_t_i_o_n_s ___________________________________________________________________________ ____________________________________M__MMMe__eeen__nnnu__uuu__O__OOOp__pppt__ttti__iiio__ooon__nnn________________________________________________________D__DDDe__eees__sssc__cccr__rrri__iiip__pppt__ttti__iiio__ooon__nnn______________ 1) Configure this system as a DCE Client Adds your system to an existing cell. 2) Create a new DCE cell Creates a new DCE cell. 3) Add Master CDS Server Choose this option if you have begun a new cell configuration on another system, and you want to configure the current machine as the master CDS server. 4) Configure DCE Distributed File Service (DFS) Configures DFS on the current machine. 5) Modify DCE Cell Configuration Adds DCE servers or time providers, enables or disables auditing; enables or disables DCE security integration architecture (SIA); registers the cell in X.500. R) Return to previous menu Returns to the DCE setup __________________________________________________m_a_i_n__m_e_n_u_.________________ Table 2-3 describes the options available on the Modify Configuration Menu. Table 2-3: _M_o_d_i_f_y _C_o_n_f_i_g_u_r_a_t_i_o_n _M_e_n_u _O_p_t_i_o_n_s ______________________________________________________________________ ______________________________M__MMMe__eeen__nnnu__uuu__O__OOOp__pppt__ttti__iiio__ooon__nnn____________________________________________________D__DDDe__eees__sssc__cccr__rrri__iiip__pppt__ttti__iiio__ooon__nnn______________ 1) Add Replica CDS Server / 2-12 Instructions for Experienced Installers Table 2-3: (continued) Remove Replica CDS Server Creates or removes a replica of the master CDS server on the current machine. If your machine is already has a replica of the master CDS server, the menu option shows "Remove Replica CDS Server". 2) Add Replica Security Server / Remove Replica Security Server Ceeates or removes a replica of the master security server on the current machine. If your machine is already has a replica of the master security server, the menu option shows "Remove Replica Security Server". 3) Add DTS Local Server / Change from DTS Local Server to DTS Clerk Adds a DTS local server to the current machine. If your machine is already configured as a DTS Local Server, this menu option is "Change from DTS Local Server to DTS Clerk". If so, you can choose that option to configure the current machine as a DTS Clerk. 4) Add DTS Global Server / Change from DTS Global Server to DTS Clerk Adds a DTS global server to the current machine. If your machine is already configured as a DTS global Server, this menu option is "Change from DTS Global Server to DTS Clerk". If so, you can choose that option to configure the current machine as a DTS Clerk. Instructions for Experienced Installers 2-13 Table 2-3: (continued) 5) Add Null Time Provider Sets the time inaccuracy value but prevents DTS from setting the time. Choose this option if your system gets the time from an external source such as an NTP server. 6) Add NTP Time Provider Directs the current machine to get the time from an NTP server. 7) Enable Auditing / Disable Auditing Enables or disables DCE security auditing on the system. 8) Enable DCE SIA / Disable DCE SIA Enables or disables DCE security integration architecture (SIA) on the system. 9) Register in X.500 Registers a DCE cell in X.500. This option is displayed if X.500 is installed on the current machine. R) Return to previous menu Returns you to the DCE _____________________________________________S_e_t_u_p__M_a_i_n__M_e_n_u_.__________ 2-14 Instructions for Experienced Installers The following steps explain how to create a cell and configure the Security server and CDS server on the same system. 1. To begin your initial cell creation and server configuration, log in as rrrrooooooootttt and invoke ddddcccceeeesssseeeettttuuuupppp ((((////uuuussssrrrr////ssssbbbbiiiinnnn////ddddcccceeeesssseeeettttuuuupppp)))).... If you are not logged in as root, the ddddcccceeeesssseeeettttuuuupppp utility can perform only the SSSShhhhoooowwww and VVVVeeeerrrrssssiiiioooonnnn choices. The ddddcccceeeesssseeeettttuuuupppp utility displays the following menu: *** DCE Setup Main Menu *** Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: _N_o_t_e For troubleshooting during configuration, open an additional window after you invoke ddddcccceeeesssseeeettttuuuupppp, and enter the following command: # _t_a_i_l -_f /_o_p_t/_d_c_e_l_o_c_a_l/_d_c_e_s_e_t_u_p._l_o_g This window allows you to track the configuration procedure as it executes. The file ddddcccceeeesssseeeettttuuuupppp....lllloooogggg captures most configuration errors. If you are not logged in as root, the log file is named /_t_m_p/_d_c_e_s_e_t_u_p .username._l_o_g. 2. If you are creating a new cell or adding a CDS server, choose option 3 (Terminate all active DCE daemons) to stop the DCE daemons in a controlled manner. Be sure to back up your security and CDS databases before proceeding if this has not been Instructions for Experienced Installers 2-15 done. 3. Choose option 1 from the DCE Setup Main Menu to configure DCE services on your system. You must have system privileges to modify the DCE system configuration. The procedure displays the following menu: *** Configuration Choice Menu *** 1) Configure this system as a DCE Client 2) Create a new DCE cell 3) Add Master CDS server 4) Configure DCE Distributed File Service (DFS) 5) Modify DCE Cell Configuration R) Return to previous menu Please enter your selection (or '?' for help): 4. Choose option 2 to create a new DCE cell. 5. At each prompt, you can press to take the default displayed in brackets or enter a question mark (?) for help. When prompted, select a cell name and hostname; the name is used again when you configure DCE client systems. 6. The configuration utility asks if you want to configure the host as a CDS server. Answer yyyyeeeessss to configure the CDS and security servers on the same system. Answer nnnnoooo to perform a split server installation in which you configure the security server on the current host and the CDS server on a different host. 7. If you answered yyyyeeeessss to configure the CDS and security servers on the same system, the utility asks: Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]: If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or earlier, you should answer yyyyeeeessss. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on DCE Version 2.0 for Digital UNIX (or an equivalent DCE version based on OSF DCE Release 1.1) answer 2-16 Instructions for Experienced Installers nnnnoooo. The configuration utility sets the directory version number to 4.0 for compatibility with DCE Version 2.0 for Digital UNIX (OSF DCE Release 1.1) CDS servers. This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0. For more information, refer to Section 5.17. 8. You are prompted to confirm the system time; it is important that you check the actual time before you respond. 9. If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Do you want this system to be a DTS Server (y/n/?) [y]: Do you want this system to be a DTS Global Server (y/n/?) [n]: Does this cell use multiple LANs? (y/n/?) [n]: Answer the questions appropriately. 10.The configuration utility asks whether you want to enable DCE SIA (Security Integration Architecture). Answering yyyyeeeessss configures security- sensitive commands such as llllooooggggiiiinnnn, ssssuuuu, tttteeeellllnnnneeeetttt, ffffttttpppp, and so on, to perform DCE authentication in addition to usual local security operations performed by these commands. For more information about DCE SIA, refer to the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e. 11.Next, the screen displays your selections and asks whether to save them as your DCE system configuration. Answer yyyy. Instructions for Experienced Installers 2-17 12.When asked to enter the keyseed, enter some random alphanumeric keystrokes. The configuration utility then proceeds to configure the Security server and asks you to enter a new password for cccceeeellllllll____aaaaddddmmmmiiiinnnn. Enter a password; you use this password again later when you configure client systems. 13.The procedure configures the requested servers and then prompts you to run the DCE Configuration Verification Program (CVP). When the CVP is completed, the procedure displays the following messages: Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... The procedure updates the system startup procedure and redisplays the DCE Main Menu. 14.To verify that all requested services are configured, choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu. The screen displays all configured DCE services and active DCE daemons. You have completed creating a cell. _2._3 _C_o_n_f_i_g_u_r_i_n_g _Y_o_u_r _S_y_s_t_e_m _a_s _a _D_C_E _C_l_i_e_n_t Follow these steps to configure your system as a DCE Client. _N_o_t_e During initial DCE client configuration, the client software may have problems locating the Cell Directory Service server if the Internet protocol netmask for your client machine is not consistent with the netmask used by other machines operating on the same LAN segment. You might need to consult with your network administrator to determine the correct value to use as a netmask on your network. 1. If you have previously installed DCE software, remove it. See Section 2.1 for instructions. 2. Install the Runtime Services subset (client software) on the system you want to configure as a 2-18 Instructions for Experienced Installers client. Follow the instructions in Section 2.1. 3. After you install the Runtime Services, configure your system as a client by invoking ddddcccceeeesssseeeettttuuuupppp and choosing option 1 (Configure this system as a DCE Client) from the Configuration Choice Menu. *** Configuration Choice Menu *** 1) Configure this system as a DCE Client 2) Create a new DCE cell 3) Add Master CDS Server 4) Configure DCE Distributed File Service (DFS) 5) Modify DCE cell configuration R) Return to previous menu Please enter your selection (or '?' for help): 1 If DCE software was previously configured on this system, the configuration utility shuts down DCE, and removes temporary and permanent databases and configuration files. 4. The configuration utility starts the client configuration, and asks whether to search the LAN for known cells within broadcast range of your system. If you know the name of your DCE cell, answer nnnnoooo. As prompted, supply the name of your DCE cell, your DCE hostname, and the hostname of your cell's master CDS server. You also need to specify whether your host can broadcast to the host where the master CDS server is installed. Answer yyyyeeeessss to see a list of available DCE cells. When prompted, supply your DCE hostname. At the next prompt, supply the appropriate DCE cell name from the list. 5. When asked to confirm the correct time, be sure to check the actual time before responding. 6. If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks about configuring the DCE Distributed Time Service on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Instructions for Experienced Installers 2-19 Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Answer the questions appropriately. 7. Next, you are prompted to enable SIA. The default is yyyy. For information about SIA, see the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e. 8. Next, you are prompted to perform a ddddcccceeee____llllooooggggiiiinnnn operation. Respond as follows: Enter prinicpal name _c_e_l_l__a_d_m_i_n Password password <_r_e_t_u_r_n> The password is the one you entered during initial cell creation. (You can change this password after creation is completed.) 9. If this system was previously configured as a DCE client, the configuration utility displays a list of client principals that already exist for this system and asks whether to delete them. Answer nnnn to retain the client principals. 10.The utility configures and starts DCE daemons. After the DTS daemon is started, you are prompted to run the DCE Configuration Verification Program (CVP). Press to start the CVP. After the procedure runs the CVP, the procedure automatically updates the system startup procedure so the daemons restart automatically whenever the system is rebooted. You have now configured a Security, CDS, and DTS client. 11.To verify that all requested services are configured, choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu. The screen displays all active services and all active DCE daemons. _2._4 _P_e_r_f_o_r_m_i_n_g _a _S_p_l_i_t _S_e_r_v_e_r _I_n_s_t_a_l_l_a_t_i_o_n A split server installation is a DCE cell configuration in which the Security server and CDS server are on different systems. To perform a split server installation, create a DCE cell on one system, install only the security server and begin its configuration. Then, begin to configure the master CDS server on another system. Return to the system 2-20 Instructions for Experienced Installers with the security server and complete its configuration. Finally, complete the master CDS server configuration. _2._4._1 _C_r_e_a_t_e _a _C_e_l_l _a_n_d _S_e_c_u_r_i_t_y _S_e_r_v_e_r _o_n _S_y_s_t_e_m _1 Follow these steps to create a DCE cell and configure the security server. 1. Install the DCE software on the system on which you want your Security server. At a minimum, the DCE Runtime Services and DCE Security Server subsets must be installed on this system. 2. Invoke ddddcccceeeesssseeeettttuuuupppp and choose option 1 (Configure DCE services on this system) from the DCE Setup Main Menu. 3. Choose option 2 (Create a new DCE cell) from the Configuration Choice Menu. 4. Enter the name of your DCE cell and DCE hostname when prompted. 5. Answer nnnnoooo when asked whether to configure your system as a CDS server. 6. The procedure then displays your configuration choices and asks whether to save them as your DCE configuration. Answer yyyyeeeessss. 7. Next, the procedure asks you to enter a keyseed. Enter some random alphanumeric keystrokes. The procedure then displays the following text: ************************************************************* * This system has now been configured as a security server. * * Since you chose not to configure this system as a CDS * * server, you must now configure another system as the * * Master CDS Server for this cell (Option 1 on the dcesetup * * Main Menu, Option 3 on the Configuration Choice Menu.) * * * * When the Master CDS server has been installed and * * configured, press the key to continue configuring* * this system. * ************************************************************* _2._4._2 _C_r_e_a_t_e _a _C_D_S _S_e_r_v_e_r _o_n _S_y_s_t_e_m _2 Follow these steps to install and configure the CDS Instructions for Experienced Installers 2-21 server. 1. On the second system, install the DCE CDS Server subset and the Runtime Services subset. 2. Invoke ddddcccceeeesssseeeettttuuuupppp and choose option 1 (Configure DCE services on this system) from the DCE Setup Main Menu. 3. Choose option 3 (Add Master CDS server) from the Configuration Choice Menu. 4. When prompted to enter your DCE hostname, enter the name of the system on which you are installing the master CDS server. 5. When configuring the CDS server, the procedure asks the following: Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]: If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or earlier, you should answer yyyyeeeessss. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on DCE Version 2.0 for Digital UNIX (or an equivalent DCE version based on OSF DCE Release 1.1) answer nnnnoooo. The configuration utility sets the directory version number to 4.0 for compatibility with DCE Version 2.0 for Digital UNIX (OSF DCE Release 1.1) CDS servers. This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0. For more information, refer to Section 5.17. 6. Next, you must perform a ddddcccceeee____llllooooggggiiiinnnn operation; enter a principal name and a password. 7. When asked whether you need to configure the Distributed Time Service, answer yyyyeeeessss. The procedure begins configuring the requested services and then pauses so you can complete the security server configuration on system 1. 2-22 Instructions for Experienced Installers _2._4._3 _C_o_m_p_l_e_t_e _S_e_c_u_r_i_t_y _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n _o_n _S_y_s_t_e_m _1 Use the following steps to complete the security server configuration. 1. Return to the system on which you installed the Security server and press . Enter the hostname for the master CDS server. 2. Run the CVP. 3. Select the sssshhhhoooowwww command from the DCE Setup Main Menu to verify that all requested services and daemons are running. _2._4._4 _C_o_m_p_l_e_t_e _M_a_s_t_e_r _C_D_S _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n _o_n _S_y_s_t_e_m _2 Completion of the master CDS server configuration consists of running the configuration verification program on the system where you configured the master CDS server. 1. Resume the configuration on system 2 by pressing . The procedure asks: Do you want to run the DCE Configuration Verification Program? (y/n) [y]: Answer yyyyeeeessss to run the CVP. If the CVP runs successfully, you have configured your system as a master CDS server. 2. Select the sssshhhhoooowwww command from the DCE Setup Main Menu to verify that all requested services and daemons are running. Instructions for Experienced Installers 2-23 Preparing for Digital DCE Installation 3 Before starting the installation procedures in Chapter 4, complete the preparation requirements outlined in this chapter. This chapter provides the information necessary to install and configure your Digital DCE software so it runs smoothly. _3._1 _R_e_l_e_a_s_e _N_o_t_e_s Digital DCE provides online release notes. Digital strongly recommends that you read the release notes before installing the product. The release notes may contain information about changes to the application. The release notes are included on the layered software products CD-ROM in the aaaasssscccciiiiiiii____ddddoooocccc or ppppssss____ddddoooocccc directories. After you install the product, you can read the release notes, located in ////oooopppptttt////ddddcccceeee////sssshhhhaaaarrrreeee////ddddoooocccc under the filename DDDDCCCCEEEE222200000000____RRRReeeellllnnnnooootttteeeessss....ttttxxxxtttt or DDDDCCCCEEEE222200000000____RRRReeeellllnnnnooootttteeeessss....ppppssss. _3._2 _L_i_c_e_n_s_e _R_e_g_i_s_t_r_a_t_i_o_n Digital DCE includes support for the Digital UNIX License Management Facility (LMF). You must register a License Product Authorization Key (License PAK) in the License Database (LDB) for some of the subsets you want to install. The License PAK is shipped along with the kit if you ordered the license and media together; otherwise, it is shipped separately to a location specified by your license order. You need a PAK for each of the following subsets: +o DCE Security Server V2.0 (DCESEC200) +o DCE Cell Directory Service Server V2.0 (DCECDS200) +o DCE Application Developer's Kit V2.0 (DCEADK200) You do not need to register a License PAK for the DCE Runtime Services (DCERTS200). If you are installing prerequisite or optional software along with this kit, review the PAK status and install the PAKs for any prerequisite or optional software before you install this kit. To register a license under the Digital UNIX system, follow these steps: 1. Log in as superuser. 2. Edit the empty PAK template, as follows: # _l_m_f _r_e_g_i_s_t_e_r _N_o_t_e Using llllmmmmffff rrrreeeeggggiiiisssstttteeeerrrr will put you into Vi editing mode. Include all the information on your License PAK. For complete information on using the Digital UNIX License Management Facility, see the _D_i_g_i_t_a_l _U_N_I_X _G_u_i_d_e _t_o _S_o_f_t_w_a_r_e _L_i_c_e_n_s_i_n_g or the llllmmmmffff((((8888)))) reference page. The installation procedure displays a message warning you if you do not install the correct PAK. For example, the following message informs you that you need to register the PAK for the DCE Cell Directory Service Server V2.0 (DCECDS200): DCECDS200 includes support for the License Management Facility. A Product Authorization Key (PAK) is necessary for the use of this product. _3._3 _P_l_a_n_n_i_n_g _f_o_r _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _C_o_n_f_i_g_u_r_a_t_i_o_n This section presents a brief overview of some of the concepts that you need to understand before you install and configure the DCE software. This knowledge can help you decide how to configure DCE. _U_n_d_e_r_s_t_a_n_d_i_n_g _D_C_E and _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _I_n_t_r_o_d_u_c_t_i_o_n provide detailed explanations of DCE concepts. The installation and configuration procedures set up the DCE environment so that you can use DCE services. Therefore, before you can use DCE, you must both install the software and configure DCE on your system. 3-2 Preparing for Digital DCE Installation _3._3._1 _W_h_a_t _I_s _a _C_e_l_l? A cell is the basic DCE unit. It is a group of networked systems and resources that share common DCE services. Usually, the systems in a cell are in the same geographic area, but cell boundaries are not limited by geography. A cell may contain from one to several thousand systems. The boundaries of a cell are typically determined by its purpose, as well as by security, administrative, and performance considerations. Preparing for Digital DCE Installation 3-3 A DCE cell is a group of systems that share a namespace under a common administration. The configuration procedure allows you to configure your system as a DCE client, create a new DCE cell, add a master Cell Directory Service (CDS) server, add a replica CDS server, and add a Distributed Time Service (DTS) local server. When you create a new cell, you automatically configure a Security server. At a minimum, a cell configuration includes the DCE Cell Directory Service, the DCE Security Service, and the DCE Distributed Time Service. One system in the cell must provide a DCE Directory Service server to store the cell namespace database. You can choose to install both the Cell Directory server and the Security server (Section 2.2) on the system from which you invoked the procedure, or you can split the two servers (Section 2.4) and put them on different systems. _N_o_t_e You must run the installation and configuration procedures on the system where you are creating a cell before you install and configure DCE on the systems that are joining that cell. _3._3._2 _C_r_e_a_t_i_n_g _a _C_e_l_l All DCE systems participate in a cell. If you are installing DCE and there is no cell to join, the first system on which you install the software is also the system on which you create the cell. Remember that this system is also the DCE Security server. You can also make this system your Cell Directory server. When you create a cell, you must name it. The cell name must be unique across your global network. The name is used by all cell members to indicate the cell in which they participate. The configuration procedure provides a default name that is unique and is easy to remember. If you choose a name other than the default, the name must be unique. If you want to ensure that separate cells can communicate, the cell name must follow BIND or X.500 naming conventions. Before configuring a system on which you plan to create a cell, read the chapter on initial cell configuration guidelines in _U_n_d_e_r_s_t_a_n_d_i_n_g _D_C_E. 3-4 Preparing for Digital DCE Installation _3._3._3 _J_o_i_n_i_n_g _a _C_e_l_l Once the first DCE system is installed and configured and a cell is created, you can install and configure the systems that join that cell. During configuration, you need the name of the cell you are joining. Ask your network administrator for the cell name. Preparing for Digital DCE Installation 3-5 _3._4 _I_n_s_p_e_c_t_i_n_g _t_h_e _D_i_s_t_r_i_b_u_t_i_o_n _K_i_t This kit includes this installation guide and the CD-ROM optical disk for AXP systems with the RRD42 optical disk drive. The software Bill of Materials (BOM) included with your distribution kit specifies the contents of your distribution kit. Carefully compare the items you received with the items listed in the BOM. If any components are missing or damaged, contact your Digital customer services representative before continuing with the installation. The Read Before Installing letter listed on your BOM provides important information to know before installing Digital DCE. Some of this information may not be included in either this guide or the release notes. _3._5 _V_e_r_i_f_y_i_n_g _R_e_q_u_i_r_e_d _D_i_s_k _S_p_a_c_e Table 3-1 lists the disk storage requirements for the subsets installed with the DCE kit. Table 3-1: _D_i_s_k _S_p_a_c_e _R_e_q_u_i_r_e_m_e_n_t_s _f_o_r _D_C_E _S_u_b_s_e_t_s 3-6 Preparing for Digital DCE Installation Table 3-1: (continued) _______________________________________________________ |______________S__u__b__s__e__t____N__a__m__e______________________D__i__s__k____S__p__a__c__e____(__i__n____M__e__g__a__b__y__t__e__s__)_____|_ | DCERTS200 25 | | | | DCECDS200 3 | | | | DCESEC200 10 | | | | DCEADK200 9 | | | | DCEMAN200 5 | | | | DCEADKMAN200 9 | | | | DCEDFS200 11 | | | | DCEDFSBIN200 16 | | | | DCEDFSUTL200 2 | | | | DCEDFSMAN200 3 | | | | DCEDFSNFSSRV200 1 | | | | TOTAL (for all subsets) 94 | | | | | |_______________________________________________________| Preparing for Digital DCE Installation 3-7 An initial DCE server configuration (consisting of ddddcccceeeedddd,,,, ccccddddssssdddd,,,, ccccddddssssaaaaddddvvvv, two ccccddddsssscccclllleeeerrrrkkkkssss,,,, sssseeeeccccdddd,,,, and ddddttttssssdddd) consumes 50 MB of swap space. A DCE client configuration (consisting of ddddcccceeeedddd,,,, ccccddddssssaaaaddddvvvv, one ccccddddsssscccclllleeeerrrrkkkk,,,, and ddddttttssssdddd) consumes 25 MB of swap space. Large cell configurations may require additional swap and disk space. _3._6 _I_n_s_t_a_l_l_a_t_i_o_n _P_r_o_c_e_d_u_r_e _R_e_q_u_i_r_e_m_e_n_t_s This section discusses various requirements for installing Digital DCE. Depending on the type of machine, the load on that machine, and the number of subsets you are installing, a local installation of Digital DCE takes approximately 15 minutes. _3._6._1 _V_e_r_i_f_y_i_n_g _N_e_c_e_s_s_a_r_y _P_r_i_v_i_l_e_g_e_s You must have superuser privileges on the system on which you are installing Digital DCE. _3._6._2 _H_a_r_d_w_a_r_e _R_e_q_u_i_r_e_m_e_n_t_s To perform the installation, you need the following hardware: +o An Alpha AXP machine +o An RRD42 or RRD43 CD-ROM Drive You must know how to load the CD-ROM provided with the software distribution kit on the appropriate drive. See the _C_o_m_p_a_c_t _D_i_s_c _U_s_e_r'_s _G_u_i_d_e for more information. _3._6._3 _S_o_f_t_w_a_r_e _R_e_q_u_i_r_e_m_e_n_t_s To perform the installation, you need a system with the Digital UNIX Version 4.0 operating system installed. To determine the version number of your operating system, enter the following command: # _m_o_r_e /_e_t_c/_m_o_t_d Before using DCE, you must install the following subsets provided with the operating system: +o Document Preparation Tools (OSFDCMT) - This subset is a prerequisite for using the DCE reference 3-8 Preparing for Digital DCE Installation pages (manpages); it includes text-processing tools and several macro packages. +o Software Development Environment (OSFPGMR) - This subset is a prerequisite if you want to build DCE applications with the Application Developer's Kit subset; it contains include files required by DCE applications. +o Standard Header Files (OSFINCLUDE) - This subset is a prerequisite if you want to build DCE applications with the Application Developer's Kit subset; it contains header files required by DCE applications. Preparing for Digital DCE Installation 3-9 _3._6._4 _D_e_t_e_r_m_i_n_i_n_g _W_h_i_c_h _S_u_b_s_e_t_s _t_o _L_o_a_d Digital DCE includes the following installation subsets: _D_C_E _D_F_S _B_a_s_e _O_F_S _S_e_r_v_i_c_e_s _V_2._0 (_D_C_E_D_F_S_2_0_0) The DCEDFS (runtime) subset should be installed to use the DCE Distributed File Service. _D_C_E _D_F_S _K_e_r_n_e_l _B_i_n_a_r_i_e_s _V_2._0 (_D_C_E_D_F_S_B_I_N_2_0_0) The DCEDFSBIN subset should be installed to use DCE/DFS. _D_C_E _D_F_S _N_F_S-_D_F_S _S_e_c_u_r_e _G_a_t_e_w_a_y _S_e_r_v_e_r _V_2._0 (_D_C_E_D_F_S_N_F_S_S_R_V_2_0_0) The DCEDFSNFSSRV subset should be installed to use the NFS-DFS Secure Gateway Server. _D_C_E _D_F_S _U_t_i_l_i_t_i_e_s _a_n_d _D_e_b_u_g_g_i_n_g _T_o_o_l_s _V_2._0 (_D_C_E_D_F_S_U_T_I_L_2_0_0) This subset is optional. These are primarily diagnostic programs and are not part of normal use. They do not need to be installed to use DCE/DFS, although they may make it easier to diagnose problems or run DCE/DFS tests. _D_C_E _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s _V_2._0 (_D_C_E_R_T_S_2_0_0) This subset consists of the base services required for runtime execution of DCE applications. These services include the RPC runtime and DTS clerk and server. The CDS clerk, the security client, the PC Nameserver Proxy Agent, XDS runtime, and various administrative utilities are also included in this subset. You must install this subset on all systems on which you want to run DCE applications. _D_C_E _S_e_c_u_r_i_t_y _S_e_r_v_e_r _V_2._0 (_D_C_E_S_E_C_2_0_0) This subset provides secure communications and controlled access to resources in a distributed environment. It includes the registry/KDC/Privilege server ((((sssseeeeccccdddd)))) and security administration tools ((((sssseeeecccc____aaaaddddmmmmiiiinnnn)))).... _D_C_E _C_D_S _S_e_r_v_e_r _V_2._0 (_D_C_E_C_D_S_2_0_0) This subset provides a directory service for naming and locating users, applications, files, and systems within a DCE cell. This subset includes the CDS server and the Global Directory Agent (GDA). _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t _V_2._0 (_D_C_E_A_D_K_2_0_0) This subset includes the RPC IDL compiler, XDS interface to CDS, and other tools required for developing DCE applications. 3-10 Preparing for Digital DCE Installation _D_C_E _C_o_m_m_a_n_d _M_a_n_u_a_l _P_a_g_e_s _V_2._0 (_D_C_E_M_A_N_2_0_0) (optional) This subset consists of online reference (manpages) pages for managing DCE. _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t _M_a_n_u_a_l _P_a_g_e_s _V_2._0 (_D_C_E_A_D_K_M_A_N_2_0_0) (optional) This subset consists of online application development reference pages (manpages) for programming reference information. See the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e for more information about the subsets included in this kit. _3._6._5 _P_e_r_f_o_r_m_i_n_g _S_y_s_t_e_m _B_a_c_k_u_p Digital recommends that you back up your system disk before installing any software. Use the backup procedures established at your site. For details on backing up a system disk, see your Digital UNIX documentation. To back up DCE databases from an existing configuration, back up the files in ////oooopppptttt////ddddcccceeeellllooooccccaaaallll. _3._6._6 _I_f _Y_o_u _A_r_e _R_e_i_n_s_t_a_l_l_i_n_g _D_C_E Before reinstalling either the current version or a new version of the DCE for Digital UNIX software, perform the following steps: 1. If you are installing this software on a system that has previously installed DCE software, you must first remove the existing DCE software's subsets from the system. To determine whether any existing subsets have been installed, enter the following command: # _s_e_t_l_d -_i | _g_r_e_p _D_C_E If a subset is installed, you see a display similar to the following: DCECDS200 installed DCE CDS Server V2.0 If the subset has not been installed, the word _i_n_s_t_a_l_l_e_d does not appear in the middle column. Preparing for Digital DCE Installation 3-11 2. Delete any existing DCE subsets as follows: # _s_e_t_l_d -_d subset-id [subset-id...] where _s_u_b_s_e_t-_i_d is the subset name and version number. For example, to delete the Runtime Services, enter: # _s_e_t_l_d -_d _D_C_E_R_T_S_2_0_0 3. Re-execute the sssseeeettttlllldddd command to reinstall the DCE kit where _k_i_t__l_o_c_a_t_i_o_n is the directory containing the DCE subsets: # _s_e_t_l_d -_l 4. If you do not want to delete your current DCE configuration, answer nnnn when the installation procedure displays the following prompt: Directory /opt/dcelocal exists. It may contain the DCE databases. Do you want to delete the old DCE databases? (y/n/?) [n]: _3._7 _S_t_o_p_p_i_n_g _t_h_e _I_n_s_t_a_l_l_a_t_i_o_n You can stop the installation at any time by pressing However, files created up to that point are not deleted. You must delete these files manually. Appendix A lists the files and directories created during the installation procedure. _3._8 _E_r_r_o_r _R_e_c_o_v_e_r_y _D_u_r_i_n_g _I_n_s_t_a_l_l_a_t_i_o_n If errors occur during the installation, the system displays failure messages. Errors can occur during the installation if any of the following conditions exist: +o The prerequisite software version is incorrect. +o The system parameter values (such as disk space) for this system are insufficient for successful installation. 3-12 Preparing for Digital DCE Installation +o A previous DCE version is installed on the system. If the installation fails because of insufficient disk space, the sssseeeettttlllldddd procedure displays an error message similar to the following: There is not enough file system space for subset DCERTS200 DCERTS200 will not be loaded. If the uuuussssrrrr file system is read-only during installation, the procedure displays the following error message: Warning: The usr filesystem is not writable. Therefore links from it to the permanent filesystem will not be made. When the Digital UNIX system displays this message, the installation of the shared DCE library fails. In this case, the DCE services can not be configured or started because they rely on the shared DCE library. You should reinstall with a writable uuuussssrrrr file system. If you encounter errors from the sssseeeettttlllldddd utility during the installation, see the Diagnostics section of the sssseeeettttlllldddd((((8888)))) reference page for an explanation of the error and the appropriate action to take. If an error occurs while you are using Digital DCE, and you believe the error is caused by a problem with the product, take the approproiate action as follows: +o If you have a basic or DECsupport Software Agreement, call your Customer Support Center (CSC). The CSC provides telephone support for high-level advisory and remedial assistance. +o If you have a Self-Maintenance Software Agreement, you can submit a Software Performance Report (SPR). +o If you purchased Digital DCE within the last 90 days and you think the problem is caused by a software error, you can submit an SPR. Preparing for Digital DCE Installation 3-13 Installing Digital DCE 4 This chapter describes the Digital DCE installation procedure. Before starting the installation, read Chapter 3, which describes general options and requirements for installing the product. This kit is installed from a CD-ROM. You can also install this kit remotely into a Remote Installation Services (RIS) server area for future DCE client installations. For further information about a remote installation procedure, see the _D_i_g_i_t_a_l _U_N_I_X _G_u_i_d_e _t_o _S_h_a_r_i_n_g _S_o_f_t_w_a_r_e _o_n _a _L_o_c_a_l _A_r_e_a _N_e_t_w_o_r_k. _4._1 _S_t_a_r_t_i_n_g _t_h_e _I_n_s_t_a_l_l_a_t_i_o_n _P_r_o_c_e_d_u_r_e The installation procedure describes how to install Digital DCE locally. In a local (system-specific) installation, the system on which you install the product uses its own disks to run it. The installation procedure loads files onto the disks that belong to the system where you perform the installation. Start the installation procedure as follows: 1. Log in as superuser (login name rrrrooooooootttt) to the system where you are installing the DCE kit. 2. Install the appropriate LMF PAKs (see Chapter 3 for information about LMF). 3. Make sure that you are at the root directory (/) by entering the following command: # _c_d / 4. Mount the media on the appropriate disk drive. 5. Specify the directory to be the mount point for the distribution file system on the drive. For example, if your CD-ROM drive is device rrrrzzzz4444, enter the following command: # _m_o_u_n_t -_d_r /_d_e_v/_r_z_4_c /_m_n_t 6. Enter a sssseeeettttlllldddd command that specifies the llllooooaaaadddd function ((((----llll)))) and identifies the directory in the mounted file system where the DCE subsets are located. For example, if the directory location for the DCE subsets is ////mmmmnnnntttt////DDDDCCCCEEEE222200000000////bbbbiiiinnnn, enter the following command to start the installation procedure: # _s_e_t_l_d -_l /_m_n_t/_D_C_E_2_0_0/_b_i_n Your partitions must be large enough to hold the subsets selected. _N_o_t_e The sssseeeettttlllldddd ----DDDD (directory) option is not supported. _4._1._1 _S_e_l_e_c_t_i_n_g _S_u_b_s_e_t_s After you enter the sssseeeettttlllldddd command for local installations, or after you start the rrrriiiissss utility for server installations, the installation procedure displays the names of the Digital DCE kit subsets. See the _D_i_g_i_t_a_l _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _A_X_P _P_r_o_d_u_c_t _G_u_i_d_e for more information about each of the subsets. The installation procedure displays the names of the optional subsets and asks you to specify the subsets that you want to load, as shown in the following example. You can select one or more options. The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) DCE Application Developers Kit V2.0 2) DCE Application Developers Manual Pages V2.0 3) DCE Cell Directory Server V2.0 4) DCE Command Reference Manual Pages V2.0 5) DCE DFS Base V2.0 6) DCE DFS Kernel Binaries V2.0 4-2 Installing Digital DCE 7) DCE DFS Man Pages V2.0 8) DCE DFS NFS-DFS Secure Gateway Server V2.0 9) DCE DFS Utilities/Debug V2.0 --- MORE TO FOLLOW --- Enter your choices or press RETURN to display the next screen. Choices (for example, 1 2 4-6): 10) DCE Runtime Services V2.0 11) DCE Security Server V2.0 Or you may choose one of the following options: 12) ALL of the above 13) CANCEL selections and redisplay menus 14) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): If you specify more than one number at the prompt, separate each number with a space, not a comma. Enter option 11112222 to install all the subsets for DCE. Next, the procedure lets you verify your choice. For example, if you enter 11112222 in response to the previous prompt, you see the following display: You are installing the following optional subsets: DCE Application Developers Kit V2.0 DCE Application Developers Manual Pages V2.0 DCE Cell Directory Server V2.0 DCE Command Reference Manual Pages V2.0 DCE DFS Base V2.0 DCE DFS Kernel Binaries V2.0 DCE DFS Man Pages V2.0 DCE DFS NFS-DFS Secure Gateway Server V2.0 DCE DFS Utilities/Debug V2.0 DCE Runtime Services V2.0 DCE Security Server V2.0 Is this correct? (y/n): If the displayed subsets are not the ones you intended to choose, enter nnnn (no). In this case, the subset selection menu is again displayed, and you can correct your choice of optional subsets. If the displayed subsets are the ones you want to load, Installing Digital DCE 4-3 enter yyyy (yes). Next the installation procedure checks the system space. Checking file system space required to install selected subsets: File system space checked OK. 11 subset(s) will be installed. The installation procedure then displays the subsets being installed. Loading 1 of 11 subset(s).... DCE Runtime Services V2.0 Copying from . (disk) Working....Fri May 31 12:20:00 EDT 1996 Verifying Loading 2 of 11 subset(s).... DCE Security Server V2.0 Copying from . (disk) Verifying Loading 3 of 11 subset(s).... DCE Cell Directory Server V2.0 Copying from . (disk) Verifying Loading 4 of 11 subset(s).... DCE Application Developers Kit V2.0 Copying from . (disk) Working....Fri May 31 12:20:35 EDT 1996 Verifying Loading 5 of 11 subset(s).... DCE Command Reference Manual Pages V2.0 Copying from . (disk) Verifying Loading 6 of 11 subset(s).... DCE Application Developers Manual Pages V2.0 Copying from . (disk) Working....Fri May 31 12:21:02 EDT 1996 Verifying Loading 7 of 11 subset(s).... DCE DFS Base V2.0 4-4 Installing Digital DCE Copying from . (disk) Verifying Loading 8 of 11 subset(s).... DCE DFS Kernel Binaries V2.0 Copying from . (disk) Verifying Loading 9 of 11 subset(s).... DCE DFS Utilities/Debug V2.0 Copying from . (disk) Verifying Loading 10 of 11 subset(s).... DCE DFS Man Pages V2.0 Copying from . (disk) Verifying Loading 11 of 11 subset(s).... DCE DFS NFS-DFS Secure Gateway Server V2.0 Copying from . (disk) Verifying 11 of 11 subset(s) installed successfully. Configuring "DCE Runtime Services V2.0" (DCERTS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installing Digital DCE 4-5 _4._1._2 _M_o_n_i_t_o_r_i_n_g _D_i_s_p_l_a_y_s _D_u_r_i_n_g _t_h_e _I_n_i_t_i_a_l _C_o_n_f_i_g_u_r_a_t_i_o_n _P_r_o_c_e_s_s The installation procedure displays the following messages indicating that each subset you have selected is starting installation: ===================================================================== Beginning configuration of DCE Version 2.0. You will be asked a few questions before configuration can proceed. On-line help is available where the prompt contains a "?" choice. ===================================================================== If DCE was installed previously, the following message appears. Directory /opt/dcelocal exists. It may contain the DCE databases. Do you want to delete the old DCE databases? (y/n/?) [n]: If you have previously installed DCE kits, you may have existing DCE local databases. These databases contain information from your previous DCE configuration. This information includes your cell name, the cell namespace database, security credentials, and the DCE services you were using in the previous configuration. If you type nnnn, the procedure continues with the installation, preserving your old DCE configuration. If you answer yyyy, the procedure displays the following message and prompt: The existing DCE databases will be removed upon the successful completion of installation of DCERTS200. IMPORTANT: For SECURITY reasons, you may want to make sure that the location you will type now is native to this host; i.e., is not NFS mounted! Please enter the location for new DCE local databases, or press for the default location [/var]: At the prompt, you must specify the directory under which these local files will be located. This directory will be created if it does not already exist. The entire directory tree initially requires about 1 megabyte of disk space for the combined Security and CDS servers and 600 kilobytes for the client configuration; it may require more space as you use the DCE services. The installation procedure 4-6 Installing Digital DCE now completes installation of the subsets. ===================================================================== There will be no more questions asked for the remainder of the configuration. ===================================================================== Creating DCE local directory structure Removing old DCE local databases as directed. Created new DCE local database directory /var/dcelocal Creating DCE File Links Adding DCE Setup desktop icon Configuring "DCE Security Server V2.0" (DCESEC200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Cell Directory Server V2.0" (DCECDS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installing Digital DCE 4-7 Creating DCE File Links Configuring "DCE Application Developers Kit V2.0" (DCEADK200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Command Reference Manual Pages V2.0" (DCEMAN200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Application Developers Manual Pages V2.0" (DCEADKMAN200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as 4-8 Installing Digital DCE applicable. Creating DCE File Links Configuring "DCE DFS Base V2.0" (DCEDFS200) Installation of the DCE DFS Base (DCEDFS200) subset is complete. Configuring "DCE DFS Kernel Binaries V2.0" (DCEDFSBIN200) Installation of the DCE DFS Kernel Binaries (DCEDFSBIN200) subset is complete. To configure DFS services, you must first build a DFS kernel. Type any others you desire). Copy the resulting kernel to /vmunix, reboot, then run '/usr/sbin/dfssetup' to configure DFS, if necessary. Configuring "DCE DFS Utilities/Debug V2.0" (DCEDFSUTL200) Installation of the DCE DFS Utilities/Debug (DCEDFSUTL200) subset is complete. ======================================================================= Installation of all the requested DCE subsets is completed. You have installed the DCE software which requires further action to configure and start it. To do so please invoke "/usr/sbin/dcesetup" and select option 1 (Configure DCE services) from the main menu. ======================================================================= Configuring "DCE DFS Man Pages V2.0" (DCEDFSMAN200) Installation of the DCE/DFS Man Pages (DCEDFSMAN200) subset is complete. Configuring "DCE DFS NFS-DFS Secure Gateway Server V2.0" (DCEDFSNFSSRV200) Installation of the DCE DFS NFS-DFS Secure Gateway Server (DCEDFSNFSSRV200) subset is complete. If you want to proceed with a new configuration, see Chapter 5. Installing Digital DCE 4-9 Configuring the Digital DCE Kit 5 This chapter describes the configuration procedure for the Digital DCE Kit, and explains how to run the Configuration Verification Program (CVP). _5._1 _B_e_g_i_n_n_i_n_g _t_h_e _C_o_n_f_i_g_u_r_a_t_i_o_n _P_r_o_c_e_d_u_r_e Many of the following prompts have default values associated with them. The default responses to prompts in the configuration procedure are based on your existing configuration, if you have one. Otherwise, defaults appropriate for the most common DCE system configurations are provided. At each prompt, press to take the default displayed in brackets, type a question mark ((((????)))) for help, or supply the requested information. After you install the DCE software, it displays the following message, prompting you to begin the configuration procedure: You have installed the DCE software which requires further action to configure and start it. To do so please invoke "/usr/sbin/dcesetup" and select option 1 (Configure DCE services) from the main menu. from the main menu. You must be logged in as rrrrooooooootttt to configure your DCE system. When you invoke ddddcccceeeesssseeeettttuuuupppp, the DCE Setup Main Menu is displayed. # /_u_s_r/_s_b_i_n/_d_c_e_s_e_t_u_p *** DCE Setup Main Menu *** Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: _N_o_t_e If you will be creating a new cell or adding a CDS server, choose option 3 (Terminate all active DCE daemons) to stop the DCE daemons in a controlled manner. Be sure to back up your security and CDS databases before proceeding if this has not already been done. Choose option 1 (Configure DCE services on this system), to view the Configuration Choice Menu. *** Configuration Choice Menu *** 1) Configure this system as a DCE Client 2) Create a new DCE cell 3) Add Master CDS Server 4) Configure DCE Distributed File Service (DFS) 5) Modify DCE cell configuration R) Return to previous menu Please enter your selection (or '?' for help): 1 The following sections provide overview information about DCE and describe the options on the Configuration Choice Menu. _5._2 _D_C_E _C_e_l_l_s A DCE cell is a group of systems that share a namespace under a common administration. At least one system in the cell must provide a directory service server to store the cell namespace database. Also, at least one system in the cell must provide a security server to store information about each user in the cell. If there are no other systems in your network already using DCE services, you must create a new DCE cell to use the DCE services on your system. You do not need to create a DCE cell if you are using only the DCE Remote Procedure Call (RPC) and if your 5-2 Configuring the Digital DCE Kit applications will use RPC string bindings to provide server binding information to clients. If there are other systems in your network already using DCE services, it is possible there may be an existing cell that your system can join. If you are not sure, consult with your network administrator to find out which DCE services may already be in use in your network. _5._2._1 _D_e_f_i_n_i_n_g _a _D_C_E _C_e_l_l _N_a_m_e You need to define a name for your DCE cell that is unique in your global network and is the same on all systems that participate in this cell. The DCE naming environment supports two kinds of names: global names and local names. All entries in the DCE Directory Service have a global name that is universally meaningful and usable from anywhere in the DCE naming environment. All Directory Service entries also have a cell-relative name that is meaningful and usable only from within the cell in which that entry exists. If you plan to connect this cell to other DCE cells in your network either now or in the future, it is important that you choose an appropriate name for this cell. You cannot change the name of the cell once the cell has been created. If you are not sure how to choose an appropriate name for your DCE cell, consult the section on global names in the _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _I_n_t_r_o_d_u_c_t_i_o_n. Before you can register the cell in X.500, you must ensure that Digital's X.500 Base kit and the DEC X.500 API kit is installed on your CDS server. It is also recommended X.500 administration subset (DXDADXIM) be installed. Optionally, you can install the DEC X.500 Administration Facility kit for debugging and general administrative support. Digital recommends that you use the following convention to create DCE cell names: the Internet name of your host system followed by the suffix ____cccceeeellllllll, and then followed by the Internet address of your organization. For example, if the Internet name of your system is mmmmyyyyhhhhoooosssstttt, and the internet address of your organization is ssssmmmmaaaallllllllccccoooo....bbbbiiiiggggccccoooommmmppppaaaannnnyyyy....ccccoooommmm, your cell name, in DCE name syntax, would be mmmmyyyyhhhhoooosssstttt____cccceeeellllllll....ssssmmmmaaaallllllllccccoooo....bbbbiiiiggggccccoooommmmppppaaaannnnyyyy....ccccoooommmm. This convention has the following benefits: +o The Internet name of your host is unique in your Configuring the Digital DCE Kit 5-3 network, so if this convention is followed by all DCE users in your network, your cell name will also be unique. +o It clearly identifies the system on which the writable copy of the root directory of the cell namespace is located. +o It does not prohibit intercell communication with outside organizations. +o It is easy to remember. If there is already a cell name defined in a previously existing DCE system configuration, do not change it unless you are removing this system from the cell in which it is currently a member and you are joining a different cell. When the configuration procedure prompts you for the name of your DCE cell, type the cell name without the ////............//// prefix; the prefix is added automatically. For example, if the full global name selected for the cell, in DCE name syntax, is ////............////mmmmyyyyhhhhoooosssstttt____cccceeeellllllll....ssssmmmmaaaallllllllccccoooo....bbbbiiiiggggccccoooommmmppppaaaannnnyyyy....ccccoooommmm, enter mmmmyyyyhhhhoooosssstttt____cccceeeellllllll....ssssmmmmaaaallllllllccccoooo....bbbbiiiiggggccccoooommmmppppaaaannnnyyyy....ccccoooommmm. _5._2._2 _D_e_f_i_n_i_n_g _a _H_o_s_t_n_a_m_e You need to define a name for your system that is unique within your DCE cell. You should use the default hostname, which is the Internet hostname (the name specified before the first dot (.)). The following example shows the default hostname derived from the Internet name of mmmmyyyyhhhhoooosssstttt....mmmmyyyyccccoooommmmppppaaaannnnyyyy....ccccoooommmm. Please enter your DCE host name [myhost]: _5._3 _C_r_e_a_t_i_n_g _a _N_e_w _D_C_E _C_e_l_l To create a new DCE cell, choose option 2 (Create a new DCE cell) from the Configuration Choice Menu. The configuration procedure prompts you with the following messages: At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Please enter the name of your DCE cell [myhost_cell]: 5-4 Configuring the Digital DCE Kit Please enter your DCE hostname [myhost]: Do you wish to configure myhost as a CDS server? (y/n/?) [y]: Because this is a new cell, you need to create at least one CDS server. This prompt gives you the option of configuring the Security server and the CDS server on the same system, if you answer yyyy to this prompt, or on different systems (split server configuration), if you answer nnnn. For information on how to configure a split server, see Section 5.8, Adding a Master CDS Server. In either case, the Security server is installed on the system from which you perform the new cell configuration. If you answered yyyyeeeessss to configure the CDS and security servers on the same system, the utility asks: Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]: If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or earlier, you should answer yyyyeeeessss. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on DCE Version 2.0 for Digital UNIX (or an equivalent DCE version based on OSF DCE Release 1.1) answer nnnnoooo. The configuration utility sets the directory version number to 4.0 for compatibility with DCE Version 2.0 for Digital UNIX (OSF DCE Release 1.1) CDS servers. This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0. For more information, refer to Section 5.17. Next, the procedure displays the following message: ******************************************************************** * If the system clocks on the machines running the security * * and CDS servers differ more than one or two minutes from * * other systems in the cell, configuration anomalies can occur. * * Since this system's time will be used as a reference, please * * make sure that the system time is correct. * ******************************************************************** System time for : Tue Jun 11 11:53:14 1996 Is this correct? (y/n/?): Configuring the Digital DCE Kit 5-5 Make sure you validate the time, before you specify yyyy. If the system time is incorrect, answer nnnn; the configuration procedure exits to the operating system to allow you to correct the system time. You can then reconfigure. Do you need the Distributed Time Service? (y/n/?) [y]: If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE time servers. The procedure next asks whether you want your system to be a DTS local server: Do you want this system to be a DTS Server (y/n/?) [y]: Do you want this system to be a DTS Global Server (y/n/?) [n]: If you answer yyyy, this machine becomes a DTS local server; if you answer nnnn, this machine does not become a DTS local server, and you should configure some other system as the DTS server. Digital recommends that you configure three DTS servers per cell. Next, the procedure asks whether your cell uses multiple LANs. Does this cell use multiple LANs? (y/n/?) [n]: If your cell uses multiple LANs, you can divide your clients and servers into profile groups to facilitate performance. (Most cells do not require this 5-6 Configuring the Digital DCE Kit feature.) For further information about using profile groups, refer to _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s. If you respond yyyy to this question, new clients are asked for the name of the LAN to which they belong, and you are prompted as follows: Please enter the name of your LAN (or '?' for help) []: Next, the procedure asks whether you want to use DCE Security Integration Architecture (SIA). For information about SIA, refer to Section 5.16 in this guide and to the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e. Do you want to enable DCE SIA? (y/n/?) [n] The procedure then displays your new configuration and asks whether you want to save it. The exact configuration shown depends on choices you made during the configuration procedure. The following is an example of a cell configuration: You have made the following selections: DCE Cellname: myhost_cell DCE Hostname: myhost Multi-LAN Cell? Yes Use myhost as a CDS Server? Yes Use myhost as the Security Server? Yes Use myhost as a DTS Local Server Yes Enable DCE SIA? No Do you want to save this as your DCE system configuration? (y/n/?) [y]: When you specify nnnn, the procedure redisplays the configuration questions, using your prior answers as the default values. When you specify yyyy to save the system configuration, the procedure shuts down any running DCE services and removes any existing temporary or permanent local databases and configuration files. The procedure then starts the Security server after asking for a new password for cccceeeellllllll____aaaaddddmmmmiiiinnnn. The procedure then starts the daemons Configuring the Digital DCE Kit 5-7 and initializes the namespace. Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files ************************************************************* * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ************************************************************* Enter keyseed for initial database master key: Configuring security server The next prompt asks you to type a new password for cccceeeellllllll____aaaaddddmmmmiiiinnnn. To protect cell security, you must provide a new password; the configuration will _n_o_t proceed unless you do so. Please type new password for cell_admin (or '?' for help): Type again to confirm: _N_o_t_e If you type a question mark (?) for help, the question mark is not displayed on your screen. The configuration process then begins creating necessary files and starting some daemons. If X.500 is installed, the procedure asks if you want to register the DCE cell in X.500. It then asks whether you want to run the Configuration Verification Program (CVP). See Section 5.18 for information on the CVP. After you run the CVP, the configuration procedure updates your system startup procedure so that the daemons restart automatically whenever the system is rebooted. 5-8 Configuring the Digital DCE Kit _5._4 _C_o_n_f_i_g_u_r_i_n_g _Y_o_u_r _S_y_s_t_e_m _a_s _a _D_C_E _C_l_i_e_n_t If you want to add your system to an existing cell, choose option 1 (Configure this system as a DCE Client) from the Configuration Choice Menu. This option configures the runtime services subset on your system. _N_o_t_e During initial DCE client configuration, the client software may have problems locating the Cell Directory Service server if the Internet protocol netmask for your client machine is not consistent with the netmask used by other machines operating on the same LAN segment. You might need to consult with your network administrator to determine the correct value to use as a netmask on your network. When you choose option 1, the procedure displays the following messages: At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing dced (dced)... Starting dced (dced)... The configuration utility asks whether to search the LAN for known cells within broadcast range of your system. Would you like to search the LAN for known cells? (y/n) [y] : If you know the name of your DCE cell, answer nnnnoooo. As prompted, supply the name of your DCE cell, your DCE hostname, and the hostname of your cell's master CDS server. You also need to specify whether your host can broadcast to the host where the master CDS server is installed. Configuring the Digital DCE Kit 5-9 Answer yyyyeeeessss to see a list of available DCE cells. As prompted, supply your DCE hostname. At the next prompt, supply the appropriate DCE cell name from the list. Gathering list of currently accessible cells Please enter your DCE hostname [dcehost]: The following cells were discovered within broadcast range of this system: buster_cell kauai_cell myhost_cell tahoe_cell Please enter the name of your DCE cell (or '?' for help) [buster_cell]: myhost_cell If you do not know the name of the cell you wish to join, consult your network administrator. Do not add the ////............//// prefix to the cell name; the procedure automatically adds it. The prompt might contain a cell name which is the last configured cell name for this host or the first cell name from the alphabetical list of available cells. If you enter a cell name that is not on the list of cell names, the procedure assumes you are performing a WAN configuration, and asks you to enter the hostname of the master CDS server for your cell. After you enter your cell name, the procedure continues, displaying information similar to the following, but dependent upon your configuration: Stopping dced... Initializing dced (dced)... Starting dced (dced)... Starting CDS advertiser daemon (cdsadv)... Testing access to CDS clerk (please wait) ..... Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in this LAN Found DTS server The local system time is: Tue Jun 11 12:01:14 1996 5-10 Configuring the Digital DCE Kit Is this time correct? (y/n): Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify nnnn, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, specify yyyy, and the procedure resumes. If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE time servers. If DECnet/OSI is not installed on your system, the configuration utility omits the previous DECdts questions and instead, asks: Do you need the Distributed Time Service (y/n/?) [y]: Answer yyyy to configure the host as a DTS client. If you want to use DCE Security Integration Architecture (SIA), specify "Y" to the following: Do you want to enable DCE SIA? (y/n/?) [n]: After you respond to the prompt, the procedure stops the CDS advertiser and asks you to perform a Configuring the Digital DCE Kit 5-11 ddddcccceeee____llllooooggggiiiinnnn operation, as follows: Stopping cdsadv... This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Obtain the password from your system administrator. After you perform the ddddcccceeee____llllooooggggiiiinnnn operation, the procedure begins configuring the security client software. If this system was previously configured as a DCE client or your cell has another host with the same name, the configuration utility also displays a list of client principals that already exist for this system and asks whether to delete the principals. You must delete these principals to continue with the configuration. Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services The following principal(s) already exist under /hosts/dcehost/: hosts/dcehost/self Do you wish to delete these principals? (y/n/?) [y]: Deleting client principals Creating ktab entry for client Stopping dced... Initializing dced (dced)... Starting dced (dced)... Starting sec_client service (please wait) . This machine is now a security client. If your cell uses multiple LANs, you are prompted with the next question: Please enter the name of your LAN (or '?' for help) []: If your LAN has not been defined in the namespace, you are asked whether you want to define it. The procedure continues with the following messages 5-12 Configuring the Digital DCE Kit and prompts. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) . Deleting known hosts/dcehost objects from name space Creating hosts/dcehost objects in name space This machine is now a CDS client. Stopping sec_client service... Starting sec_client service (please wait) . Modifying acls on /.:/hosts/dcehost/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata/dce_cf.db hostdata/cell_name hostdata/pe_site hostdata/cds_attributes hostdata/cds_globalnames hostdata/host_name hostdata/cell_aliases hostdata/post_processors hostdata/svc_routing hostdata/cds.conf hostdata/passwd_override hostdata/group_override hostdata/krb.conf srvrconf Configuring DTS daemon as client (dtsd) Starting DTS daemon (dtsd)... Waiting for DTS daemon to synchronize (please wait) This machine is now a DTS clerk. Enabling DCE SIA.... Do you want to run the DCE Configuration Verification Program? (y/n) [y]: The DCE Configuration Verification Program (CVP) exercises the components of DCE that are running in this cell. It requires approximately 1 to 2 minutes to run. If you type yyyy to run the CVP at this time, you see the following display: Configuring the Digital DCE Kit 5-13 Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) Copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted. When the procedure is completed, the DCE Setup Main Menu is redisplayed. If the client system and a CDS server are on the same subnet, the client can automatically locate the CDS server. In this case, the client configuration is complete. However, if the client system does not share a subnet with a CDS server, you must manually enter a CDS server's location information into the client's CDS cache. Press XXXX to exit ddddcccceeeesssseeeettttuuuupppp. Then enter CDS server location information into the client's CDS cache. # _d_c_e_c_p -_c _c_d_s_c_a_c_h_e _c_r_e_a_t_e <_n_a_m_e> -_b_i_n_d_i_n_g <_p_r_o_t_s_e_q>:<_i_p__a_d_d_r> where <_n_a_m_e> is the simple name of the cached server machine. <_p_r_o_t_s_e_q> is a CDS server's protocol sequence. <_i_p__a_d_d_r> is the Internet Protocol address of <_n_a_m_e>. For example: # _d_c_e_c_p -_c _c_d_s_c_a_c_h_e _c_r_e_a_t_e _p_e_l_i_c_a_n \ -_b_i_n_d_i_n_g _n_c_a_c_n__i_p__t_c_p:_1_6:_2_0._1_5._2_5 _5._5 _C_o_n_f_i_g_u_r_i_n_g _t_h_e _D_C_E _D_i_s_t_r_i_b_u_t_e_d _F_i_l_e _S_e_r_v_i_c_e For information about configuring the DCE Distributed File Service, refer to the document titled: _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X - _C_o_n_f_i_g_u_r_i_n_g _t_h_e _D_i_s_t_r_i_b_u_t_e_d _F_i_l_e _S_e_r_v_i_c_e. 5-14 Configuring the Digital DCE Kit _5._6 _R_e_g_i_s_t_e_r_i_n_g _a _C_e_l_l _i_n _X._5_0_0 If the X.500 software subset is installed on your machine, the Modify Configuration Menu shows option 9, Register cell in X.500. When you select this option, the procedure displays X.500 menu: Enter the X.500 object class corresponding to your cell name. For example, if your cell name is ////............////cccc====uuuussss////oooo====ddddeeeecccc////oooouuuu====llllkkkkgggg,,,, the object class is OOOOrrrrggggaaaannnniiiizzzzaaaattttiiiioooonnnnaaaallll UUUUnnnniiiitttt.... 1) Organizational Unit 2) Organization 3) Organization Role 4) Country 5) Locality 6) Application Entity 7) Application Process 8) Group of Names 9) Device 10) Person 11) Return to Main Menu Please enter the object class for cell (or '?' for help): Every entry in X.500 is classified according to the characteristics of the real world object that it represents. Before the cell entry can be created in the X.500 directory, you must specify the ccccllllaaaassssssss of the entry. For example, if you enter 1, the organizational unit class would be specified. See Appendix A of _D_E_C _X._5_0_0 _D_i_r_e_c_t_o_r_y _S_e_r_v_i_c_e/_M_a_n_a_g_e_m_e_n_t, for details of the classes provided by Digital's X.500 Directory Service. If you are not using a Digital DSA, refer to the DSA vendors documentation. The superior entries must exist before the cell entry can be created. In the above example, cccc====uuuussss////oooo====ddddeeeecccc must have already been created prior to choosing the cell registration option. If the cell entry already exists, you will be asked to confirm if the cell attribute information should be replaced. Digital's cell registration, which is compatible with OSF DCE GDS, saves the cell information in special CDS-Cell and CDS-Replicas attributes. Configuring the Digital DCE Kit 5-15 If the cell registration fails, the following error is displayed: *** Error: Unable to register cell information in X.500 Please refer to the dcesetup log file ////oooopppptttt////ddddcccceeeellllooooccccaaaallll////ddddcccceeeesssseeeettttuuuupppp....lllloooogggg for more information. _5._7 _I_n_t_e_r_c_e_l_l _N_a_m_i_n_g This section provides tips on defining a cell name in the Domain Name System (DNS). Names in DNS are associated with one or more data structures called resource records. The resource records define cells and are stored in a data file, called ////eeeettttcccc////nnnnaaaammmmeeeeddddbbbb////hhhhoooossssttttssss....ddddbbbb.... The data file is used by the BIND name daemon ((((nnnnaaaammmmeeeedddd)))).... To create a cell entry, you must edit the data file and create two resource records for each CDS server that maintains a replica of the cell namespace root. The following example shows a cell called rrrruuuubbbbyyyy....aaaaxxxxppppnnnniiiioooo....ddddeeeecccc....ccccoooommmm.... The cell belongs to the BIND domain aaaaxxxxppppnnnniiiioooo....ddddeeeecccc....ccccoooommmm.... Host aaaalllloooo000011110000....aaaaxxxxppppnnnniiiioooo....ddddeeeecccc....ccccoooommmm is the master CDS server for the rrrruuuubbbbyyyy....aaaaxxxxppppnnnniiiioooo....ddddeeeecccc....ccccoooommmm cell. The BIND server must be authoritative for the domains of the cell name. The BIND master server requires the following entries in its ////eeeettttcccc////nnnnaaaammmmeeeeddddbbbb////hhhhoooossssttttssss....ddddbbbb file: alo010.axpnio.dec.com. IN A 25.0.0.149 ruby.axpnio.dec.com. IN MX 1 alo010.axpnio.dec.com. ruby.axpnio.dec.com. IN TXT "1 c8f5f807-487c-11cc-b499- \ 08002b32b0ee Master /.../ruby.axpnio.dec.com/alo010_ch c84946a6-487c-11cc-b499-08002b32b0ee alo010.axpnio.dec.com" _N_o_t_e The TXT records must span only one line. The third entry above incorrectly occupies four lines to show the information included in the TXT record. You need to do whatever is required with your text editor of choice to ensure this. Widening your window helps. You should also ensure that the quotes are placed correctly, and that the 5-16 Configuring the Digital DCE Kit hostname is at the end of the record. The information to the right of the TTTTXXXXTTTT column in the Hesiod Text Entry (that is, 1 C8f5f807-48...) comes directly from the ccccddddssssccccpppp sssshhhhoooowwww cccceeeellllllll ////....:::: aaaassss ddddnnnnssss command. For example, to obtain the information that goes in the rrrruuuubbbbyyyy....aaaaxxxxppppnnnniiiioooo....ddddeeeecccc....ccccoooommmm text record (TXT), you would go to a host in the rrrruuuubbbbyyyy cell, and enter the ccccddddssssccccpppp sssshhhhoooowwww cccceeeellllllll ////....:::: aaaassss ddddnnnnssss command. Then, when the system displays the requested information, cut and paste this information into the record. This method ensures that you do not have any typing errors. To ensure that the records that you have entered are valid, issue a kkkkiiiillllllll ----1111 <<<>>> command, which causes the nnnnaaaammmmeeeedddd daemon to read in the new hhhhoooossssttttssss....ddddbbbb file. Next, execute the following nnnnssssllllooooooookkkkuuuupppp command to obtain the host address: alo001.axpnio.dec.com> nslookup Default Server: localhost Address: 127.0.0.1 Next, enter the names of the cells, as shown: > set type=any > ruby Server: localhost Address: 127.0.0.1 ruby.axpnio.dec.com text = "1 c8f5f807-487c-11cc-b499- 08002b32b0ee Master /.../ruby.axpnio.dec.com/alo010_ch c84946a6-487c-11cc-b499- \ 08002b32b0ee alo010.axpnio.dec.com" ruby.axpnio.dec.com preference = 1, mail exchanger = alo010.axpnio.dec.com alo003.axpnio.dec.com inet address = 25.00.127 View the information and ensure that it is complete and correct. After configuring other cells, see the _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s to create a cross-cell authentication account in the local and foreign cells. Configuring the Digital DCE Kit 5-17 _5._8 _S_p_l_i_t _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n (_A_d_d_i_n_g _a _M_a_s_t_e_r _C_D_S _S_e_r_v_e_r) This section discusses a split server installation in which a new cell and the master security server are created on one system and the master CDS server is configured on another system. The master CDS server maintains the master replica of the cell root directory. A split server configuration has four phases: +o Begin creating the new cell and master security server on one system. +o Begin creating the master CDS server on another system. +o Complete creating the new cell and master security on the first system. +o Complete creating the master CDS server on the second system. _5._8._1 _C_r_e_a_t_i_n_g _a _N_e_w _C_e_l_l _a_n_d _M_a_s_t_e_r _S_e_c_u_r_i_t_y _S_e_r_v_e_r This is the first phase of a split server configuration. Begin this phase by creating the new cell on the machine where the master security server will reside. Choose option 2 (Create a new DCE cell) from the Configuration Choice Menu. Answer the prompts appropriately for the cellname and hostname. Then answer nnnn at the following prompt: Do you wish to configure myhost as a CDS server? (y/n/?) [y]: n Verify the system time at the following message and prompt: ********************************************************* * If the system clocks on the machines running the * * security and CDS servers differ more than one or two * * minutes from other systems in the cell, configuration * * anomalies can occur. Since this system's time will be * * used as a reference, please make sure that the system * * time is correct. * ********************************************************* System time for : Wed Jun 12 13:39:24 EDT 1996 Is this correct? (y/n/?): 5-18 Configuring the Digital DCE Kit Make sure you validate the time before you specify yyyy. If the system time is incorrect, answer nnnn; the configuration procedure exits to the operating system to allow you to correct the system time. You can then reconfigure. Do you need the Distributed Time Service? (y/n/?) [y]: If you will be using any distributed applications that depend on synchronized time, type yyyy or press to participate in the Distributed Time Service (DTS). The DECnet/OSI DECdts daemon ((((ddddttttssssssssdddd)))) and the DCE DTS daemon ((((ddddttttssssdddd)))) are incompatible and cannot be used on the same host. If your machine is running DECnet/OSI, the configuration procedure next displays the following message: You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE time servers. Do you want this system to be a DTS Server (y/n/?) [y]: Do you want this system to be a DTS Global Server (y/n/?) [n]: If DECnet/OSI is not installed, this system must be configured as either a DTS clerk or a DTS server. Briefly, there should be three DTS servers per cell. Next, the procedure asks whether to enable DCE Security Integration Architecture (SIA). Do you want to enable DCE SIA? (y/n/?) [n]: After you respond to the last prompt, the following Configuring the Digital DCE Kit 5-19 messages are displayed: DCE Cellname: myhost_cell DCE Hostname: myhost Use myhost as a CDS Server? No Use myhost as the Security Server? Yes Use dhaka as a DTS Local Server? Yes Enable DCE SIA? No Do you want to save this as your DCE system configuration? (y/n/?) [y]: Answer nnnnoooo to change your selections. Answer yyyyeeeessss to accept your selections. The procedure configures mmmmyyyyhhhhoooosssstttt as a Security server and then prompts you to enter a keyseed value (enter several randon keystrokes): ************************************************************* * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ************************************************************* Enter keyseed for initial database master key: You are prompted to enter and then confirm the cccceeeellllllll____aaaaddddmmmmiiiinnnn password. Remember this password. Please type new password for cell_admin (or '?' for help): Type again to confirm: The procedure configures more services and then pauses for you to configure the master CDS server on another system. ************************************************************************* * This system has now been configured as a security server. Since * * you chose not to configure this system as a CDS server, you must * * now configure another system as the Master CDS Server for this * * cell (Option 1 on the dcesetup Main Menu, Option 3 on the Config- * * uration Choice Menu.) * * * * When the Master CDS server has been installed and configured, * * press the key to continue configuring this system. * ************************************************************************* 5-20 Configuring the Digital DCE Kit Go to the machine where you will configure the master CDS server. _5._8._2 _C_r_e_a_t_i_n_g _t_h_e _M_a_s_t_e_r _C_D_S _S_e_r_v_e_r _o_n _A_n_o_t_h_e_r _S_y_s_t_e_m This is the second phase of a split server configuration. You must have created a new cell and begun configuring the security server on another machine. Log on to the system on which you want to install the CDS master server, and choose option 3 (Add Master CDS Server) from the Configuration Choice Menu. The following messages are displayed: ****************************************************************** * If the system clocks on the machines running the security * * and CDS servers differ more than one or two minutes from * * other systems in the cell, configuration anomalies can occur. * * Since this system's time will be used as a reference, please * * make sure that the system time is correct. * ****************************************************************** System time for cdshost.abc.dec.com: Wed Jun 12 13:52:28 EDT 1996 Is this correct? (y/n/?) Verify the correct time before answering yyyyeeeessss. Answer the following prompts: Please enter the name of your DCE cell []: Please enter your DCE hostname [myhost2]: The procedure asks: Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]: If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or earlier, you should answer yyyyeeeessss. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on DCE Version 2.0 for Digital UNIX (or an equivalent DCE version based on OSF DCE Release 1.1) answer nnnnoooo. The configuration utility sets the directory version number to 4.0 for compatibility with DCE Version 2.0 for Digital UNIX (OSF DCE Release 1.1) CDS servers. Configuring the Digital DCE Kit 5-21 This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0. For more information, refer to Section 5.17. The procedure configures accordingly and prompts you to enter the hostname of the security server that you just configured. What is the hostname of the Security Server for this cell? []: The procedure continues with the following messages: Creating /opt/dcelocal/etc/security/pe_site file *********************************************************** * Ensure the opt/dcelocal/etc/security/pe_site file * * matches that on the server. * *********************************************************** _N_o_t_e If the procedure cannot find the IP address for the host, you will be prompted for the address. Usually, when the procedure cannot find the IP address of the host, it indicates that you may have misspelled the name. The procedure displays the following messages and asks you to perform a ddddcccceeee____llllooooggggiiiinnnn operation. Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: The procedure continues, asking the same questions as when you configured the Security server. Do you need the Distributed Time Service? (y/n/?) [y]: If your machine is running DECnet/OSI, the configuration procedure next displays the following 5-22 Configuring the Digital DCE Kit message: You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE DTS servers. The procedure next asks whether you want your system to be a DTS local server: Do you want this system to be a DTS Local Server (y/n/?) [y]: If you answer yyyy, this machine becomes a DTS local server; if you answer nnnn, this machine does not become a DTS local server, and you should configure some other system as the DTS server. Digital recommends that you configure three DTS servers per cell. Next, the procedure asks whether your cell uses multiple LANs. Does this cell use multiple LANs? (y/n/?) [n]: If your cell uses multiple LANs, you are prompted with the next question: Please enter the name of your LAN (or '?' for help) []: If your LAN has not been defined in the namespace, you are asked whether you want to define it. The procedure configures the requested services, and then prompts you to complete the configuration of the security server on the other machine before continuing: Configuring the Digital DCE Kit 5-23 ******************************************************************** * This system has now been configured as the Master CDS Server. * * * * Before continuing, complete the configuration of the Security * * Server... * ******************************************************************** Press to continue: Return to the system on which you configured the security server. _5._8._3 _C_o_m_p_l_e_t_i_n_g _t_h_e _S_e_c_u_r_i_t_y _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n This is the third phase of a split server configuration. You must have created a new cell and begun configuring the security server on one machine. Then you created a master CDS server on another machine. Now you will complete the security server configuration on the first machine. Return to the system on which you configured the security server and press the key. The following prompt is displayed: What is the hostname of the Master CDS Server for this cell [ ]: Provide the hostname of the system you just configured as the master CDS server for this cell. After you enter the hostname of the master CDS server, the following prompt is displayed: Can myhost broadcast to cds_master_server? (y/n/?) [y]: If you respond nnnn to this prompt, the procedure asks you to specify the IP address of the CDS server. You can find the IP address either by performing a ggggrrrreeeepppp operation for the hostname in the ////eeeettttcccc////hhhhoooosssstttt file, or by performing an nnnnssssllllooooooookkkkuuuupppp operation for the hostname. Once it has been determined that mmmmyyyyhhhhoooosssstttt can broadcast to ccccddddssss____mmmmaaaasssstttteeeerrrr____sssseeeerrrrvvvveeeerrrr, the procedure displays the following messages and asks whether you want to run the configuration verification program. This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Configuring CDS client Creating the cds.conf file 5-24 Configuring the Digital DCE Kit Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) .... Creating hosts/myhost objects in name space Configuring DTS daemon as server (dtsd) Stopping sec_client service ... Starting sec_client service (please wait) . Starting DTS daemon (dtsd)... Waiting for DTS daemon to synchronize (please wait) If you enabled DCE SIA, the procedure also displays the following message: Enabling DCE SIA The procedure asks whether you want to run the configuration verification program: Do you want to run the DCE Configuration Verification Program? (y/n) [y]: You can run the CVP now by answering yyyy, or you can run the CVP at a later time by answering nnnn. The procedure completes the configuration and returns to the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices. Return to the host on which you are configuring the master CDS server and complete the installation. _5._8._4 _C_o_m_p_l_e_t_i_n_g _t_h_e _C_D_S _M_a_s_t_e_r _S_e_r_v_e_r _C_o_n_f_i_g_u_r_a_t_i_o_n This is the fourth and final phase of a split server configuration. You must have created a new cell and begun configuring the security server on one machine. Then you created a master CDS server on another machine. You completed the security server configuration on the first machine. Now you will complete the CDS master server configuration. Completion of this phase consists of running the configuration verification program: Do you want to run the DCE Configuration Verification Program? (y/n) [y]: You can run the CVP now by answering yyyy, or you can run the CVP at a later time by answering nnnn. The procedure completes the configuration and returns to Configuring the Digital DCE Kit 5-25 the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices. _5._9 _A_d_d_i_n_g _a _R_e_p_l_i_c_a _C_D_S _S_e_r_v_e_r If you want to create a replica of the master CDS server on your machine, you can do so on a system that has already been configured as a client, or on a system that has not yet been configured for DCE. The following example assumes no prior configuration. Choose option 1 (Add Replica CDS Server) from the Modify Configuration Menu. The configuration procedure shuts down DCE services, removes the temporary and permanent local DCE databases and configuration files, and then starts the client configuration process. You are asked to enter your DCE hostname: Please enter your DCE hostname [myhost]: The procedure then displays an alphabetical list of the cells within broadcast range of your system and asks you to enter the name of your DCE cell. After you enter the cell name, the procedure displays the following messages and asks whether the local system time is correct: Initializing dced (dced)... Starting dced (dced)... Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) ... Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in this LAN Found DTS server The local system time is: Wed Jul 12 11:31:52 1996 Is this time correct? (y/n): Please check the time before you respond to this prompt. Make sure you check that the correct time is displayed before you continue with the configuration. 5-26 Configuring the Digital DCE Kit If the time is incorrect, specify nnnn, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, specify yyyy, and the procedure continues with the following message (if you have DECnet/OSI installed and configured): You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE DTS servers. Do you want this system to be a DTS Local Server (y/n/?) [n]: If DCEnet/OSI is not installed, this system must be configured as either a DTS clerk or a DTS server. For a complete description on the differences between DTS clerks and servers, please consult the section on how DTS works in the _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e. Digital recommends that you configure three DTS servers per cell. If you want to use DCE Security Integration Architecture (SIA), answer yyyy to the following: Do you want to enable DCE SIA? (y/n) [y] : After you respond the procedure stops the CDS advertiser and asks you to perform a ddddcccceeee____llllooooggggiiiinnnn operation. Stopping cdsadv... This operation requires that you be authenticated as a member of the sec-admin group. Please login. Configuring the Digital DCE Kit 5-27 You must perform a ddddcccceeee____llllooooggggiiiinnnn operation, as follows: Enter Principal Name: Password: After you log in, the procedure configures the system as a client system and asks for a clearinghouse name: Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Creating ktab entry for client Starting sec_client service (please wait) . This machine is now a security client. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) . Creating hosts/myhost objects in name space _N_o_t_e You might get a message after the line "Adding kerberos5 entry to /etc/services" that states the principals already exist under hhhhoooossssttttssss////mmmmyyyycccceeeellllllll. This message means that either another host exists with the same name or you are reconfiguring the same machine. You are prompted with the following question: Do you wish to delete these principals (y/n/?): [y] You must delete these principals to continue with the configuration. The procedure continues with the following messages and prompts: This machine is now a CDS client. Configuring DTS daemon as client (dtsd) Starting DTS daemon (dtsd)... This machine is now a DTS clerk. Configuring CDS replica server Adding CDS registry entries Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... 5-28 Configuring the Digital DCE Kit cdsadv is already running Starting CDS server daemon (cdsd)... When configuring the CDS server, the procedure asks: What is the name for this clearinghouse? (Type '?' for help) [myhost_ch]: Specify a name for this clearinghouse that is unique in this cell. The procedure displays the following messages and asks whether you want to replicate more directories. Creating clearinghouse files and replica for root directory... Initializing the name space for additional CDS server... Modifying acls on /.:/myhost_ch Modifying acls on /.:/hosts/myhost/cds-server Modifying acls on /.:/hosts/myhost/cds-gda Do you wish to replicate more directories? (y/n/?): The root directory from the CDS master server has just been replicated. You can replicate more directories if you want by answering yyyy. Next, you are prompted for the name of a CDS directory to be replicated. Enter the name of a CDS directory to be replicated (or '?' for help): Enter the name of a CDS directory existing in the master CDS namespace that you want to replicate on this system. Type the directory name without the ////....:::://// prefix; it is added automatically. When you are done, press only the key. The procedure displays the following messages and asks whether you want to run the CVP. Starting Global Directory Agent daemon (gdad)... Starting Name Service Interface daemon (nsid)... Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: See Section 5.16, Running the Configuration Verification Program, for information about the CVP. If your system is configured as a CDS Replica Server, this option will show "Remove Replica CDS Server" on Configuring the Digital DCE Kit 5-29 the Modify Configuration Menu. *** Modify Configuration Menu *** 1) Remove Replica CDS Server 2) Add Replica Security Server 3) Add DTS Local Server 4) Add DTS Global Server 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE SIA R) Return to previous menu Please enter your selection (or '?' for help): Choose this option if you wish to remove a CDS Replica Server from your DCE configuration. You will not affect the rest of your system's DCE configuration. _5._1_0 _A_d_d_i_n_g _S_e_c_u_r_i_t_y _R_e_p_l_i_c_a If you want to add a replica security server to your system, choose option 2 (Add Replica Security Server) from the Modify Configuration Menu. When you choose this option, the procedure displays the following messages: At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing dced (dced)... Starting dced (dced)... Gathering list of currently accessible cells Please enter your DCE hostname [dcehost]: 5-30 Configuring the Digital DCE Kit After you enter your DCE hostname, the procedure displays an alphabetical list of cells it has found within broadcast range of your system. In many environments, the list will consist of only one name. Choose the name of the DCE cell that you want to join. If you do not know the name of the cell, consult your network administrator. Do not add the ////............//// prefix to the cell name; the procedure automatically adds it. Please enter the name of your DCE cell (or '?' for help) [ ]: After you enter your cell name, the procedure continues, displaying information similar to the following, but dependent upon your configuration: Stopping dced (dced)... Initializing dced (dced)... Starting dced (dced)... Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) .... Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in this LAN Found DTS server Found DTS server Looking for DTS servers in this cell No DTS servers found in cell The local system time is: Wed Jul 12 11:38:14 1996 Is this time correct? (y/n): y Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify nnnn, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, specify yyyy, and the procedure continues with the following message (if you have DECnet/OSI installed and configured): You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This Configuring the Digital DCE Kit 5-31 installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE time servers. If you want to use DCE Security Integration Architecture (SIA), answer "Y" to the following: Do you want to enable DCE SIA? (y/n) [y] : After you respond to the prompt, the procedure stops the CDS advertiser and asks you to perform a ddddcccceeee____llllooooggggiiiinnnn operation, as follows: Stopping cdsadv... This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Obtain the password from your cell administrator. After you perform the ddddcccceeee____llllooooggggiiiinnnn operation, the procedure continues with the following messages: Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Creating ktab entry for client Starting sec_client service (please wait) . This machine is now a security client. The procedure continues with the following messages and prompts. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... 5-32 Configuring the Digital DCE Kit Testing access to CDS server (please wait) . Deleting known hosts/dcehost objects from name space Creating hosts/dcehost objects in name space This machine is now a CDS client. Configuring DTS daemon as client (dtsd) Starting DTS daemon (dtsd)... This machine is now a DTS clerk. Enabling DCE SIA Configuring security replica server The procedure will prompt you to enter the security replica name. Enter the security replica name (without subsys/dce/sec) [dcehost]: After you enter your security replica name, you are prompted to enter a keyseed. Enter several random characters. ************************************************************* * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ************************************************************* Enter keyseed for initial database master key: The procedure continues, displaying information similar to the following, but dependent on your configuration: Modifying acls on /.:/sec/replist ... Modifying acls on /.:/subsys/dce/sec ... Modifying acls on /.:/sec ... Modifying acls on /.: ... Modifying acls on /.:/cell-profile ... Starting security server daemon (secd)... Waiting for registry propagation ... Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: If you type yyyy to run the CVP at this time, your see Configuring the Digital DCE Kit 5-33 the following display: Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted. When the procedure completes it displays the DCE Setup Main Menu. If your system is configured as a Security Replica Server, option in the Modify Configuration Menu shows "Remove Replica Security Server". *** Modify Configuration Menu *** 1) Add Replica CDS Server 2) Remove Replica Security Server 3) Add DTS Local Server 4) Add DTS Global Server 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE SIA R) Return to previous menu Please enter your selection (or '?' for help): Choose option 1 if you wish to remove a Security Replica from your DCE configuration. Its removal does not affect the rest of your system's DCE configuration. _5._1_1 _A_d_d_i_n_g _a _D_T_S _L_o_c_a_l _S_e_r_v_e_r If you want to add a DTS server to your machine, you can do so on a system that has already been configured as a client, or on a system that has not yet been configured for DCE. The following example assumes no prior configuration. 5-34 Configuring the Digital DCE Kit Choose option 3 (Add DTS Local Server) from the Modify Configuration Menu. The procedure displays the following messages and asks you to enter your DCE hostname. At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing dced (dced)... Starting dced (dced)... Gathering list of currently accessible cells Please enter your DCE hostname [myhost]: The procedure next displays an alphabetical list of the cells within broadcast range, then asks you to enter the name of your DCE cell. Please enter the name of your DCE cell (or '?' for help) []: Supply the name of the DCE cell. Type the cell name without the /.../ prefix; it is added automatically. After you provide the cell name, depending on how your cell is configured, the following messages may be displayed: Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) .... Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in this LAN Found DTS server The local system time is: Thu Jul 13 10:32:25 1996 Is this correct? (y/n): Configuring the Digital DCE Kit 5-35 Please check the time before you respond to this prompt. If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: If you want to use DCE Security Integration Architecture (SIA), answer yyyy to the following: Do you want to enable DCE SIA? (y/n) [y] : Next, the procedure displays the following messages and asks you to log in. It also asks whether you want to run the CVP. Stopping cdsadv... This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Creating ktab entry for client Starting sec_client service (please wait) . This machine is now a security client. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) . Creating hosts/myhost objects in name space This machine is now a CDS client. Configuring DTS daemon as server (dtsd) 5-36 Configuring the Digital DCE Kit Stopping sec_client service ... Starting sec_client service (please wait) . Starting DTS daemon (dtsd)... Waiting for DTSdaemon to synchronize (please wait). If your system is configured as a DTS Local Server, option 3 will show "Change from DTS Local Server to DTS clerk". *** Modify Configuration Menu *** 1) Add Replica CDS Server 2) Add Replica Security Server 3) Change from DTS Local Server to DTS clerk 4) Add DTS Global Server 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE SIA R) Return to previous menu Please enter your selection (or '?' for help): Choose option 3 if you wish to modify your configuration from a DTS Local Server to a DTS Clerk. This operation does not affect the rest of your system's DCE configuration. _5._1_2 _A_d_d_i_n_g _a _D_T_S _G_l_o_b_a_l _S_e_r_v_e_r If you want to add a DTS Global Server to your system, choose option 4 (Add DTS Global Server) from the Modify Configuration Menu. The configuration prompts you with the following messages: At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Configuring the Digital DCE Kit 5-37 Starting client configuration Initializing dced (dced)... Starting dced (dced)... Gathering list of currently accessible cells Please enter your DCE hostname [dcehost]: After you enter your DCE hostname, the procedure displays an alphabetical list of cells it has found within broadcast range of your system. In many environments, the list will consist of only one name. Choose the name of the DCE cell that you want to join. If you do not know the name of the cell, consult your network administrator. Do not add the ////............//// prefix to the cell name; the procedure automatically adds it. Please enter the name of your DCE cell (or '?' for help) []: If you enter a cell name that is not on the list of cell names, the procedure assumes you are performing a WAN configuration, and asks you to enter the hostname of the master CDS server for your cell. After you enter your cell name, the procedure continues, displaying information similar to the following, but dependent upon your configuration: Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) .... Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in this LAN Found DTS server Found DTS server Looking for DTS servers in this cell No DTS servers found in cell The local system time is: Thu Jul 13 10:36:36 1996 Is this time correct? (y/n): Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify nnnn, and the 5-38 Configuring the Digital DCE Kit procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, specify yyyy, and the procedure continues with the following message (if you have DECnet/OSI installed and configured): You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the DCE for Digital UNIX Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (y/n) [n]: Specify yyyy to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify nnnn, this system accepts time only from DCE time servers. Do you want to enable DCE SIA? (y/n) [y] : After you respond to the prompt, the procedure stops the CDS advertiser and asks you to perform a ddddcccceeee____llllooooggggiiiinnnn operation, as follows: Stopping cdsadv.. This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Obtain the password from your cell administrator. After you perform the ddddcccceeee____llllooooggggiiiinnnn operation, the procedure continues with the following messages: Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Creating ktab entry for client Starting sec_client service (please wait) . This machine is now a security client. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Configuring the Digital DCE Kit 5-39 Testing access to CDS server (please wait) . Deleting known hosts/dcehost objects from name space Creating hosts/dcehost objects in name space This machine is now a CDS client. Do you want to enable DCE SIA? (y/n/?) [n]: Enabling DCE SIA Configuring DTS daemon as server (dtsd) Stopping sec_client service ... Starting sec_client service (please wait) . Starting DTS daemon (dtsd)... Waiting for DTS daemon to synchronize (please wait) .......... Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: The DCE Configuration Verification Program (CVP) exercises the components of DCE that are running in this cell. It requires approximately 1 to 2 minutes to run. If you type y to run the CVP at this time, you see the following display: Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) Copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted. When the procedure is completed, the DCE Setup Main Menu is redisplayed. If your system is configured as a DTS Global Server, option 4 will show "Change from DTS Global Server to DTS clerk". *** Modify Configuration Menu *** 1) Add Replica CDS Server 2) Add Replica Security Server 5-40 Configuring the Digital DCE Kit 3) Add DTS Local Server 4) Change from DTS Global Server to DTS clerk 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE SIA 9) Register in X.500 R) Return to previous menu Please enter your selection (or '?' for help): Choose this option if you wish to modify your configuration from a DTS Global Server to a DTS Clerk. You will not affect the rest of your system's DCE configuration. _5._1_3 _A_d_d_i_n_g _a _N_u_l_l _T_i_m_e _P_r_o_v_i_d_e_r If your site has an external time provider (such as a radio clock) and uses Network Time Protocol (NTP) to set system time, you might want to add a null time provider to your system. The null time provider allows DTS to set the inaccuracy without setting the time. Refer to the _O_S_F _D_C_E _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s volume for further information about getting time from NTP time sources. If you want to add a null time provider to your system, choose option 5 (Add Null Time Provider) from the Modify Configuration Menu. The configuration adds and starts the null time provider, displaying the following messages: Starting Null Time Provider (dts_null_provider)... Press to continue: Press . The procedure displays the Configuration Choice Menu. _5._1_4 _A_d_d_i_n_g _a_n _N_T_P _T_i_m_e _P_r_o_v_i_d_e_r If your site uses Network Time Protocol (NTP) to set system time, you can use those time signals to synchronize DTS. Briefly, one DTS server uses the NTP time provider software to synchronize with NTP. That DTS server synchronizes with other DTS servers using DTS time signals. Refer to the _O_S_F _D_C_E Configuring the Digital DCE Kit 5-41 _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e - _C_o_r_e _C_o_m_p_o_n_e_n_t_s volume for further information about getting time from NTP time sources. If you want to add an NTP time provider to your system, choose option 6 (Add NTP Time Provider) from the Modify Configuration Menu. The configuration adds and starts the null time provider, displaying the following messages: Starting NTP Time Provider (dts_ntp_provider)... Enter the hostname where the NTP server is running: dcedts.lkg.dec.com Press to continue: Press . The procedure displays the Configuration Choice Menu. _5._1_5 _E_n_a_b_l_i_n_g _A_u_d_i_t_i_n_g DCE auditing facilities help detect and record critical events in distributed applications. To enable DCE auditing facilities on your machine, choose option 7 (Enable Auditing) from the Modify Configuration Menu. The procedure begins configuring the Audit daemon and prompts you to log in to the cell. Configuring Audit daemon (auditd) This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: Password: After you log in, the procedure creates default filters and completes configuring the Audit daemon. Creating default filters for security, dts, and audit Successfully configured Audit daemon Press to continue: If auditing is enabled on your system, option 7 shows "Disable Auditing". Choose this option if you want 5-42 Configuring the Digital DCE Kit to disable auditing on your system. _5._1_6 _U_s_i_n_g _S_I_A An SIA configuration file, ////eeeettttcccc////ssssiiiiaaaa////mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff, selects the appropriate configured security mechanism. This configuration file contains entries for a set of ssssiiiiaaaadddd routines. The operating system is provided with a default mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file that contains only BSD entries. Layered products that choose to use another security mechanism must modify this configuration file. Depending on how mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff is set up on the local system (Digital recommends that you place the DCE entries in front of the BSD entries), the SIA layer calls the corresponding ssssiiiiaaaadddd routines in each of the configured mechanisms in order. Therefore, the ssssiiiiaaaadddd____sssseeeessss____iiiinnnniiiitttt routine from DCE is called before the routine from BSD if the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file includes the following line: siad_ses_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so) _5._1_6._1 _L_o_c_a_l _S_e_c_u_r_i_t_y _M_e_c_h_a_n_i_s_m_s The DEC OSF/1 operating system provides two local security mechanisms: Berkeley Standard Distribution (BSD) security and C2 class security. The default OSF/1 configuration has BSD security enabled. The DCE SIA feature is not compatible with C2 security. If you run DCE on a C2 system, DCE SIA must be disabled. _5._1_6._2 _T_u_r_n_i_n_g _O_n _D_C_E _S_I_A In DCE for Digital UNIX, DCE SIA is turned on, by default. To turn on DCE SIA security, choose option 8 (Enable DCE SIA) from the Modify Configuration Menu. After you choose this option, ddddcccceeeesssseeeettttuuuupppp executes the shell script ////oooopppptttt////ddddcccceeeellllooooccccaaaallll////eeeettttcccc////sssseeeecccc____iiiinnnnsssseeeerrrrtttt____ddddcccceeee____eeeennnnttttrrrriiiieeeessss....sssshhhh to perform the following operations: 1. Checks whether KKKKRRRRBBBB5555CCCCCCCCNNNNAAAAMMMMEEEE exists in the ////uuuussssrrrr////lllliiiibbbb////XXXX11111111////xxxxddddmmmm////xxxxddddmmmm----ccccoooonnnnffffiiiigggg file on the local system. If it does exist, the script continues to step 3. If it does not exist, the script saves the original xxxxddddmmmm----ccccoooonnnnffffiiiigggg file with the name xxxxddddmmmm---- ccccoooonnnnffffiiiigggg....ssssaaaavvvv _n (where _n is the next available number). Configuring the Digital DCE Kit 5-43 _N_o_t_e You are responsible for deleting all the ....ssssaaaavvvv**** files created by enabling or disabling DCE SIA. 2. Adds KKKKRRRRBBBB5555CCCCCCCCNNNNAAAAMMMMEEEE to the ////uuuussssrrrr////lllliiiibbbb////XXXX11111111////xxxxddddmmmm////xxxxddddmmmm----ccccoooonnnnffffiiiigggg file, so that the console login preserves the credential handle, KKKKRRRRBBBB5555CCCCCCCCNNNNAAAAMMMMEEEE, after a successful login to DCE. 3. Checks whether DCE entries exist in the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file. If DCE entries exist, the script ends; if no entries exist, the script performs steps 4 and 5. 4. Saves the original mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file with the name mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff....ssssaaaavvvv _n (where _n is the next available number) in the ////eeeettttcccc////ssssiiiiaaaa directory. 5. Inserts DCE entries for all ssssiiiiaaaadddd routines in the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file. For example, before modification, the entry might look as follows: siad_init=(BSD,libc.so) After modification, the new entry looks as follows: siad_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so) where lllliiiibbbbddddcccceeeessssiiiiaaaadddd....ssssoooo, installed by DCE, is a shared library containing all the DCE ssssiiiiaaaadddd routines. _5._1_6._3 _T_u_r_n_i_n_g _O_f_f _D_C_E _S_I_A _S_e_c_u_r_i_t_y To turn off DCE SIA security, choose option 8 (Disable DCE SIA) from the Modify Configuration Menu. After you choose this option, ddddcccceeeesssseeeettttuuuupppp executes the ////oooopppptttt////ddddcccceeeellllooooccccaaaallll////eeeettttcccc////sssseeeecccc____rrrreeeemmmmoooovvvveeee____ddddcccceeee____eeeennnnttttrrrriiiieeeessss....sssshhhh shell script to perform the following operations: 1. Checks whether KKKKRRRRBBBB5555CCCCCCCCNNNNAAAAMMMMEEEE exists in the ////uuuussssrrrr////lllliiiibbbb////XXXX11111111////xxxxddddmmmm////xxxxddddmmmm----ccccoooonnnnffffiiiigggg file on the local system. If it does not exist, the script continues to step 3. If it does exist, the script saves the original xxxxddddmmmm----ccccoooonnnnffffiiiigggg file with the name xxxxddddmmmm----ccccoooonnnnffffiiiigggg....ssssaaaavvvv _n (where _n is the next available number). 2. Removes KKKKRRRRBBBB5555CCCCCCCCNNNNAAAAMMMMEEEE in ////uuuussssrrrr////lllliiiibbbb////XXXX11111111////xxxxddddmmmm////xxxxddddmmmm----ccccoooonnnnffffiiiigggg. 5-44 Configuring the Digital DCE Kit 3. Checks whether DCE entries exist in the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file. If they do not, the script ends; if they do exist, the script performs steps 4 and 5. 4. Saves the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file with the name mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff....ssssaaaavvvv _n (where _n is the next available number) in the ////eeeettttcccc////ssssiiiiaaaa directory. (The script saves the existing configuration file instead of reusing the prior one that had DCE SIA turned off, in case other layered products have added their security mechanisms in the interim.) _N_o_t_e You are responsible for deleting all the ....ssssaaaavvvv**** files created by enabling or disabling DCE SIA. 5. Removes DCE entries from all ssssiiiiaaaadddd routines in the mmmmaaaattttrrrriiiixxxx....ccccoooonnnnffff file. For example, before modification, the entry might look as follows: siad_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so) After modification, the new entry looks as follows: siad_init=(BSD,libc.so) _5._1_7 _M_i_g_r_a_t_i_n_g _Y_o_u_r _C_e_l_l Some DCE cells may be running security or CDS servers on hosts with different versions of DCE. This might happen because a cell has DCE software from multiple vendors, each supplying upgrades at different times. Or perhaps upgrading all the hosts simultaneously is not feasible. Digital DCE Version 2.0 security servers and CDS servers can interoperate with older servers (based on OSF DCE Release 1.0.3, 1.0.2, and so on). However, new DCE security features associated with OSF DCE Release 1.1 will generally not be available until all security server replicas in your cell are based on OSF DCE Release 1.1. Additionally, new CDS capabilities will not be available until all security servers and some or all CDS servers are based on OSF DCE Release 1.1. Configuring the Digital DCE Kit 5-45 If your cell contains older versions of security or CDS servers, you will need to mmmmiiiiggggrrrraaaatttteeee (gradually upgrade) older servers until all of them are running DCE server software based on OSF DCE Release 1.1. Once all security or CDS servers have been upgraded, you must perform some additional steps so that your servers can provide the new security and CDS capabilities. Security servers and CDS servers use separate procedures to complete migration. Section 5.17.1 provides the instructions for completing Security server migration. Section 5.17.2 provides the instructions for completing CDS server migration. _5._1_7._1 _S_e_c_u_r_i_t_y _M_i_g_r_a_t_i_o_n After you install the new security server version on a host where an older version security replica (master or slave) exists, that replica will operate with the new security server, but with the behavior of the older version server. Note that a server based on OSF DCE 1.1 cannot create a new replica and operate it as an older version replica. Once OSF DCE Release 1.1 has been installed on all hosts that have security replicas, you must issue a single cell-wide command that simultaneously migrates all the replicas to operate at the level of DCE 1.1. At this point the cell will support new security features such as extended registry attributes. _N_o_t_e Once you have migrated the security servers to DCE 1.1, it will not be possible to create a replica on a host running an earlier version. If all of the Security server replicas in your cell are based on OSF DCE Release 1.1, you can perform the final migration steps in this section. If your cell is still running any security servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database attributes. Older servers cannot operate on newer version databases. Once you have installed and configured Digital DCE Version 2.0 Security servers in your cell, perform the following actions as cell administrator: 5-46 Configuring the Digital DCE Kit 1. Ensure that at lease one security replica can write to the cell profile. Use the following operation to check the cell-profile ACL for: uuuusssseeeerrrr::::ddddcccceeee----rrrrggggyyyy::::rrrrwwww----tttt------------. # _d_c_e_c_p -_c _a_c_l _s_h_o_w -_i_o /.:/_c_e_l_l-_p_r_o_f_i_l_e 2. On all Security servers, set the server version to: sssseeeeccccdddd....ddddcccceeee....1111....1111. # _d_c_e_c_p -_c _r_e_g_i_s_t_r_y _m_o_d_i_f_y -_v_e_r_s_i_o_n _s_e_c_d._d_c_e._1._1 3. Verify that the version has been set to sssseeeeccccdddd....ddddcccceeee....1111....1111. # _d_c_e_c_p -_c _r_e_g_i_s_t_r_y _s_h_o_w _N_o_t_e If you have not updated all 1.0.3 security replicas to DCE 1.1, any original 1.0.3 replicas will be stopped when you move the registry version forward to DCE 1.1. You may wish to verify that any original 1.0.3 replicas are no longer running. _5._1_7._2 _C_D_S _M_i_g_r_a_t_i_o_n If you have installed and configured DCE Version 2.0 for Digital UNIX CDS servers in your cell, you might need to perform additional steps to complete the upgrade process. If you created a new DCE cell and, during the ddddcccceeeesssseeeettttuuuupppp process, you set the default directory version information for each CDS server to Version 4.0, you do not need to perform the migration steps in this section. If your cell is still running any security or CDS servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database and CDS directory attributes. Older servers cannot operate on newer version databases or directories. Configuring the Digital DCE Kit 5-47 DCE Version 2.0 for Digital UNIX (or equivalent) features such as hierarchical cells and cell aliasing features will be available only when all of your cell's security and CDS servers are running Digital DCE Version 2.0 and the upgrade steps have been completed. Refer to the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e and to the OSF DCE documentation for descriptions of available features. Once the necessary DCE servers have been upgraded to DCE software based on OSF DCE Release 1.1, you can perform the migration steps in this section. The migration steps will enable the use of hierarchical cells, cell aliasing, and delegation. _N_o_t_e Directory version information can only be set forward. If you migrate a CDS server to OSF DCE 1.1 behavior, you cannot revert that server to 1.0.3 behavior. Once you have installed and configured DCE Version 2.0 for Digital UNIX (or equivalent) security servers and CDS servers, perform the following actions as cell administrator: 1. If you have not done so, perform the security migration steps in Section 5.17.1. 2. For all CDS clearinghouses manually update the CCCCDDDDSSSS____UUUUppppggggrrrraaaaddddeeeeTTTToooo attribute to 4.0. The following two operations ensure that new directories created in this clearinghouse will receive the correct directory version number: # _d_c_e_c_p -_c _c_l_e_a_r_i_n_g_h_o_u_s_e _m_o_d_i_f_y _c_h_n_a_m_e \ -_a_d_d \{_C_D_S__U_p_g_r_a_d_e_T_o _4._0\} # _d_c_e_c_p -_c _c_l_e_a_r_i_n_g_h_o_u_s_e _v_e_r_i_f_y _c_h_n_a_m_e 3. Manually upgrade all older directory version information to 4.0 as follows: # _d_c_e_c_p -_c _d_i_r_e_c_t_o_r_y _m_o_d_i_f_y /.: -_u_p_g_r_a_d_e -_t_r_e_e The ----ttttrrrreeeeeeee option operates recursively on all subdirectories (in this example, it operates on the entire cell). This command does not work unless all CDS servers housing the affected directories are running Digital DCE Version 2.0. This command can take a long time to execute depending on the size of the namespace. 5-48 Configuring the Digital DCE Kit _5._1_8 _R_u_n_n_i_n_g _t_h_e _D_C_E _C_o_n_f_i_g_u_r_a_t_i_o_n _V_e_r_i_f_i_c_a_t_i_o_n _P_r_o_g_r_a_m Once the DCE daemons are started, you can run the DCE Configuration Verification Program (CVP) to ensure that the DCE services are properly installed. The procedure prompts you with the following message: Do you want to run the DCE Configuration Verification Program?(y/n) [y]: If you type yyyy or press , the procedure indicates that the CVP is running. Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) Copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... The CVP invokes tests of the 10 DCE RPC interfaces, printing a dot (.) as each test is successful. A completely successful test execution results in 10 dots printed in succession. When the CVP tests are completed successfully, you receive the following message: Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully _N_o_t_e You can repeat the CVP whenever you want by choosing option 8 (Run Configuration Verification Program) from the DCE Setup Main Menu. After you run the CVP, the configuration procedure updates your system startup procedure so that the daemons restart automatically whenever the system is rebooted. Configuring the Digital DCE Kit 5-49 _5._1_9 _E_r_r_o_r _R_e_c_o_v_e_r_y _D_u_r_i_n_g _C_o_n_f_i_g_u_r_a_t_i_o_n If the procedure encounters any errors during DCE system configuration, it displays error messages. Some errors are not fatal, and the procedure attempts to continue. Other errors are fatal, and the procedure terminates. If a fatal error is encountered while the procedure is starting the DCE daemons, the procedure attempts to stop any daemons that have already been started. This returns the system to its original state before you began the configuration. If you receive an error message at any time while running the DCE System Configuration utility, you can get more detailed information about the cause of the error by examining the associated log file in ////oooopppptttt////ddddcccceeeellllooooccccaaaallll////ddddcccceeeesssseeeettttuuuupppp....lllloooogggg. (If ddddcccceeeesssseeeettttuuuupppp is run without rrrrooooooootttt privileges, the log file will be located in /_t_m_p/_d_c_e_s_e_t_u_p .username._l_o_g. ) This log file contains a record of the operations invoked by the System Configuration utility the last time it was executed, and may help you diagnose the cause of the problem. Sometimes the cause of an error is transitory and may not recur if you repeat the operation. Use the command ////uuuussssrrrr////ssssbbbbiiiinnnn////ddddcccceeeesssseeeettttuuuupppp restart to retry if errors are encountered during the startup of the DCE daemons. For more information about this command, see the _D_C_E _f_o_r _D_i_g_i_t_a_l _U_N_I_X _P_r_o_d_u_c_t _G_u_i_d_e. 5-50 Configuring the Digital DCE Kit Files Installed on Your System A When you install Digital DCE, the sssseeeettttlllldddd command copies requested subsets to the ////uuuussssrrrr////oooopppptttt////DDDDCCCCEEEE222200000000 directory, and it creates the ////oooopppptttt tree. This appendix shows the tree structure and lists the directories and files that are installed on your system in ////uuuussssrrrr////oooopppptttt////DDDDCCCCEEEE222200000000. _A._1 _D_i_r_e_c_t_o_r_y _T_r_e_e _S_t_r_u_c_t_u_r_e The following figure shows the directory tree structure. A-2 Files Installed on Your System _A._2 _F_i_l_e_s _I_n_s_t_a_l_l_e_d The following sections list the files that are installed with each subset. Appropriate links to these files are created in ////uuuussssrrrr////bbbbiiiinnnn,,,, ////uuuussssrrrr////ssssbbbbiiiinnnn,,,, ////uuuussssrrrr////sssshhhhlllliiiibbbb,,,, ////uuuussssrrrr////iiiinnnncccclllluuuuddddeeee////ddddcccceeee,,,, and ////uuuussssrrrr////eeeexxxxaaaammmmpppplllleeeessss////ddddcccceeee. _A._2._1 _D_C_E _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200 COPYRIGHT.DCE DCE200/bin acl_edit auditd cdsadv cdsbrowser cdsbrowser.uid cdsclerk cdscp csrc dce_login dcecf_postproc dcecp dced dcesetup dcesx dts_acts_provider dts_hopf_provider dts_ntp_provider dts_null_provider dts_spectracom_provider dts_traconex_provider dtscp dtsd dtsd getcellinfo getcellname getcells getip kdestroy kinit klist nsid passwd_export passwd_import remove_replica remove_replica.awk rgy_edit Files Installed on Your System A-3 rpccp rpclm sec_admin sec_insert_dce_entries.sh sec_remove_dce_entries.sh svcdumplog uuidgen DCE200/dcecp attr_eval.tcl attrlist.dcp bckp_cds.dcp bckp_sec.dcp cell.dcp cellalias.dcp dir_ops.dcecp dts.dcp help.dcp host.dcp init.dcecp parseargs.dcp registry.dcp user.dcp verb-object.dcp DCE200/dt/appconfig/appmanager /C/System_Admin/Configuration dcesetup DCE200/dt/appconfig/icons/C dcesetup.l.pm dcesetup.m.pm dcesetup.s.pm dcesetup.t.pm dcesetup.dt DCE200/etc/audit/ec dce_audit_admin_modify dce_audit_admin_query dce_audit_filter_modify dce_audit_filter_query dce_dts_mgt_modify dce_dts_mgt_query dce_dts_synch dce_dts_time_provider dce_sec_authent dce_sec_control dce_sec_modify dce_sec_query dce_sec_server DCE200/etc cds_attributes cds_globalnames cdscp.bpt A-4 Files Installed on Your System dtscp.bpt DCE200/nls/csr code_set_registry.db code_set_registry.txt DCE200/nls/msg/en_US.ASCII dceaud.cat dcecds.cat dcecsr.cat dcedcp.cat dcedhd.cat dcedts.cat dcegss.cat dcekdb.cat dcekdc.cat dcekrb.cat dcelib.cat dcerpc.cat dcesad.cat dcesec.cat dcesvc.cat dcetcl.cat dceuid.cat idl.cat DCE200/nls/msg/en_US.ISO8859-1 dcesiad.cat DCE200/nosupport/nsedit README guide.ps nsedit nsedit.1p DCE200/ DCE200_Relnotes.ps DCE200_Relnotes.txt DCE200/share/var/svc routing DCE200/tcl init.tcl parray.tcl tclIndex DCE200/usr/lib/X11/help/cdsbrowser About Glossary Overview DCE200/usr/shlib libdce.so Files Installed on Your System A-5 libdcesiad.so libdxdcds.so libdxdutil.so libidlcxx.so libxds.so _A._2._2 _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200/bin idl sams DCE200/share/include/dce acct.h acct.idl aclbase.h aclbase.idl aclif.h assert.h audit.h audit_control.h audit_control.idl audit_log.h binding.h binding.idl cdsclerk.h codesets.h codesets.idl codesets_stub.h conv.h conv.idl convc.h convc.idl daclif.h daclif.idl daclmgr.h daclmgr.idl database.h database.idl dbif.h dce.h dce64.h dce_cf.h dce_cf_const.h dce_cf_const.idl dce_error.h dce_msg.h A-6 Files Installed on Your System dce_svc.h dce_utils.h dceacl.h dceacl.idl dceaudmsg.h dcecdsmac.h dcecdsmsg.h dcecdssvc.h dcecfgmsg.h dced.h dced_aclbits.h dced_aclbits.idl dced_base.h dced_base.idl dced_data.h dcedhdmsg.h dcedtsmsg.h dcegssmsg.h dcelibmsg.h dcesvcmsg.h dnsclerk.h dnsmessage.h dnsmessage.idl dtsprovider.acf dtsprovider.h dtsprovider.idl ep.h ep.idl gssapi.h hashtab.hxx id_base.h id_base.idl id_encode.h id_encode.idl id_epac.h id_epac.idl idl_es.h idlbase.h idlddefs.h ifacemgr.hxx iovector.h iovector.idl kdb5_err.h kdc5_err.h keymgmt.h keymgmt.idl krb5_err.h lbase.h lbase.idl marshall.h mgmt.h mgmt.idl misc.h misc.idl Files Installed on Your System A-7 nbase.for nbase.for_h nbase.h nbase.idl ncastat.h ncastat.idl ndr_rep.h ndrold.h ndrold.idl ndrtypes.h nsattrid.h objref.hxx objtable.hxx oride_base.h oride_base.idl override.h override.idl passwd.h passwd.idl pgo.h pgo.idl pkl.h pkl.idl pklbase.h pklbase.idl policy.h policy.idl priv_attr_trig.h priv_attr_trig.idl proxymgr.hxx pvtutl.h pvtutl.idl rdaclbase.h rdaclbase.idl rdaclif.h rdaclif.idl rdaclifv0.h rdaclifv0.idl reclaim.h repadm.h repadm.idl replist.h replist.idl rgybase.h rgybase.idl rgynbase.h rgynbase.idl rpc.h rpc.idl rpcbase.h rpcbase.idl rpcexc.h rpcpvt.h rpcpvt.idl A-8 Files Installed on Your System rpcsts.h rpcsts.idl rpctypes.h rpctypes.idl rpladmn.h rpladmn.idl rplbase.h rplbase.idl rpriv_1_0.h rpriv_1_0.idl rs_bind.h rs_bind.idl rs_login_activity.h rs_login_activity.idl rs_login_base.h rs_login_base.idl rs_pwd_mgmt.h rs_pwd_mgmt.idl rsec_login.h rsec_login.idl rsec_pwd_mgmt.h rsec_pwd_mgmt.idl sec_acl_encode.h sec_acl_encode.idl sec_attr_base.h sec_attr_base.idl sec_attr_tools.h sec_attr_trig.h sec_attr_trig.idl sec_attr_util.h sec_attr_util.idl sec_authn.h sec_authn.idl sec_base.h sec_base.idl sec_cert.h sec_cert.idl sec_cred.h sec_cred.idl sec_login.h sec_login.idl sec_pwd_mgmt.h sec_pwd_mgmt.idl sec_rgy_attr.h sec_rgy_attr.idl sec_rgy_attr_sch.h sec_rgy_attr_sch.idl sec_rgy_attr_srch.h sec_rgy_attr_srch.idl sec_rgy_login_activity.h sec_rgy_login_activity.idl secidmap.h secidmap.idl secsts.h Files Installed on Your System A-9 secsts.idl service.h service.idl stubbase.h svcbin.h svcbin.idl svcfilter.h svclog.h svcremote.h trace.hxx twr.h twr.idl unix.h unix.idl utc.h utctypes.h utctypes.idl uuid.h uuid.idl DCE200/share/include/ xds.h xdsbdcp.h xdscds.h xdsdec.h xdsgds.h xdsmdup.h xdssap.h xmhp.h xom.h xomi.h DCE200/usr/examples/dts Makefile.tp dts_acts_provider.c dts_hopf_provider.c dts_ntp_provider.c dts_null_provider.c dts_provider_util.c dts_provider_util.h dts_spectracom_provider.c dts_traconex_provider.c DCE200/usr/examples/generic_app Makefile.generic_app README sample.acf sample.idl sample_bind.acf sample_bind.c sample_bind.idl sample_client.c sample_db.acf sample_db.idl A-10 Files Installed on Your System sample_manager.c sample_server.c sample_server.h smp.sams DCE200/usr/examples/gssapi Makefile.echo README echo_client.c echo_inet.h echo_server.c echo_utils.c echo_utils.h DCE200/usr/examples/pwd_mgmt README gen.c gen.h makefile.pwd_mgmt pwd_cache.c pwd_cache.h pwd_strengthd.c DCE200/usr/examples/rpc/book README book.acf book.c book.idl book_main.c book_mgr.c makefile.book rpcserver.c rpcserver.h DCE200/usr/examples/rpc/context_app Makefile.context_app README context.acf context.idl context_client.c context_manager.c context_server.c DCE200/usr/examples/rpc/data_test_app Makefile.data_test_app README Test_File data_test.acf data_test.idl data_test_client.c data_test_manager.c data_test_server.c data_test_xmit.c Files Installed on Your System A-11 DCE200/usr/examples/rpc/payroll Makefile.unix README manager.for payroll.dat payroll.idl print_pay.for server.c DCE200/usr/examples/rpc/phonebook README client.c dosport.h manager.c phnbk.acf phnbk.dos phnbk.idl phnbk.nt phnbk.txt phnbk.unix server.c DCE200/usr/examples/rpc/test1 README makefile.test1 test1.c test1.idl test1_main.c test1_mgr.c DCE200/usr/examples/rpc/test2 README makefile.test2 test2.c test2.idl test2_main.c test2_mgr.c DCE200/usr/examples/rpc/test3 README makefile.test3 test3.c test3.idl test3_main.c test3_mgr.c DCE200/usr/examples/rpc/idlcxx README idlcxx_setup DCE200/usr/examples/rpc/idlcxx/account README account.acf account.idl A-12 Files Installed on Your System checking.idl client.cxx makefile nowaccount.h objectid.h savings.idl server.cxx server.hxx svrlib.cxx test_com.h DCE200/usr/examples/rpc/idlcxx/accountc README account.acf account.idl checking.idl client.c makefile nowaccount.h objectid.h savings.idl server.cxx server.hxx svrlib.cxx test_com.h DCE200/usr/examples/rpc/idlcxx/card README card.acf card.idl cardimpl.cxx client.cxx iplayer.acf iplayer.idl makefile myexc_handling.h player.cxx player.h server.cxx server.hxx svrlib.cxx test_com.h util.cxx DCE200/usr/examples/rpc/idlcxx/stack README calculator.h client.cxx icalculate.acf icalculate.idl istack.acf istack.idl makefile server.cxx Files Installed on Your System A-13 server.hxx stack.h svrlib.cxx test_com.h DCE200/usr/examples/svc/hello_svc Makefile.hello_svc README hel.sams hel_svc.h hello_svc.c DCE200/usr/examples/svc/timop_svc Makefile.timop_svc README timop_svc.acf timop_svc.idl timop_svc_aux.h timop_svc_client.c timop_svc_client.h timop_svc_manager.c timop_svc_refmon.c timop_svc_server.c timop_svc_server.h timop_svc_setup.dcecp timop_svc_svc.c timop_svc_unsetup.dcecp tsv.sams _A._2._3 _D_C_E _S_e_c_u_r_i_t_y _S_e_r_v_i_c_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200/bin sec_create_db sec_salvage_db secd _A._2._4 _C_e_l_l _D_i_r_e_c_t_o_r_y _S_e_r_v_i_c_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200/bin cdsd A-14 Files Installed on Your System gdad x500_addcell _A._2._5 _D_C_E _C_o_m_m_a_n_d _M_a_n_u_a_l _P_a_g_e_s _S_u_b_s_e_t PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee man1/rpc_intro.1rpc man8/link.8dce man1/sams.1dce man8/list_child.8cds man1/svcdumplog.1dce man8/list_clearinghouse.8cds man1/uuidgen.1rpc man8/list_directory.8cds man5/aud_audit_events.5sec man8/list_link.8cds man5/dts_audit_events.5sec man8/list_object.8cds man5/event_class.5sec man8/log.8dce man5/group_override.5sec man8/merge_file.8cds man5/passwd_override.5sec man8/merge_subtree.8cds man5/sec_audit_events.5sec man8/name.8dce man5/sec_intro.5sec man8/object.8dce man5/svcroute.5dce man8/organization.8dce man5/v5srvtab.5sec man8/passwd_export.8sec man8/account.8dce man8/passwd_import.8sec man8/acl.8dce man8/principal.8dce man8/acl_edit.8sec man8/pwd_strengthd.8sec man8/add_directory.8cds man8/quit.8dts man8/add_object.8cds man8/recreate_directory.8cds man8/advertise.8dts man8/recreate_link.8cds man8/attrlist.8dce man8/recreate_object.8cds man8/aud.8dce man8/registry.8dce man8/audevents.8dce man8/remove_directory.8cds man8/audfilter.8dce man8/remove_link.8cds man8/auditd.8sec man8/remove_object.8cds man8/audtrail.8dce man8/replace_link.8cds man8/cds_intro.8cds man8/replace_object.8cds man8/cdsadv.8cds man8/replace_subtree.8cds man8/cdsalias.8dce man8/rgy_edit.8sec man8/cdsbrowser.8cds man8/rpc_intro.8rpc man8/cdscache.8dce man8/rpccp.8rpc man8/cdsclerk.8cds man8/rpccp_add_element.8rpc man8/cdscp.8cds man8/rpccp_add_entry.8rpc man8/cdsd.8cds man8/rpccp_add_mapping.8rpc man8/cell.8dce man8/rpccp_add_member.8rpc man8/cellalias.8dce man8/rpccp_export.8rpc man8/change.8dts man8/rpccp_help.8rpc man8/chpass.8sec man8/rpccp_import.8rpc man8/clear_cached_server.8cds man8/rpccp_remove_element.8rpc man8/clear_clearinghouse.8cds man8/rpccp_remove_entry.8rpc man8/clearinghouse.8dce man8/rpccp_remove_group.8rpc man8/clock.8dce man8/rpccp_remove_mapping.8rpc man8/create.8dts man8/rpccp_remove_member.8rpc Files Installed on Your System A-15 man8/create_child.8cds man8/rpccp_remove_profile.8rpc man8/create_clearinghouse.8cds man8/rpccp_show_entry.8rpc man8/create_directory.8cds man8/rpccp_show_group.8rpc man8/create_link.8cds man8/rpccp_show_mapping.8rpc man8/create_object.8cds man8/rpccp_show_profile.8rpc man8/create_replica.8cds man8/rpccp_show_server.8rpc man8/csrc.8dce man8/rpccp_unexport.8rpc man8/dce_config.8dce man8/rpcentry.8dce man8/dce_intro.8dce man8/rpcgroup.8dce man8/dce_login.8sec man8/rpcprofile.8dce man8/dcecp.8dce man8/sec_admin.8sec man8/dced.8dce man8/sec_create_db.8sec man8/dcesetup.8dce man8/sec_intro.8sec man8/define_cached_server.8cds man8/sec_salvage_db.8sec man8/delete.8dts man8/secd.8sec man8/delete_child.8cds man8/secval.8dce man8/delete_clearinghouse.8cds man8/server.8dce man8/delete_directory.8cds man8/set.8dts man8/delete_link.8cds man8/set_cdscp_confidence.8cds man8/delete_object.8cds man8/set_cdscp_preferred_clearinghouse.8cds man8/delete_replica.8cds man8/set_directory.8cds man8/delete_subtree.8cds man8/set_directory_epoch.8cds man8/directory.8dce man8/set_directory_skulk.8cds man8/disable.8dts man8/set_link.8cds man8/disable_clerk.8cds man8/set_object.8cds man8/disable_server.8cds man8/show.8dts man8/dts.8dce man8/show_cached_clearinghouse.8cds man8/dts_intro.8dts man8/show_cached_server.8cds man8/dtscp.8dts man8/show_cdscp_confidence.8cds man8/dtsd.8dts man8/show_cdscp_preferred_clearinghouse.8cds man8/dtsdate.8dts man8/show_cell.8cds man8/dump_clerk_cache.8cds man8/show_child.8cds man8/dump_subtree.8cds man8/show_clearinghouse.8cds man8/enable.8dts man8/show_clerk.8cds man8/endpoint.8dce man8/show_directory.8cds man8/exit.8dts man8/show_link.8cds man8/gdad.8cds man8/show_object.8cds man8/getcellname.8dce man8/show_replica.8cds man8/getip.8dce man8/show_server.8cds man8/group.8dce man8/su.8sec man8/help.8dts man8/synchronize.8dts man8/host.8dce man8/unadvertise.8dts man8/hostdata.8dce man8/update.8dts man8/kdestroy.8sec man8/user.8dce man8/keytab.8dce man8/utc.8dce man8/kinit.8sec man8/uuid.8dce man8/klist.8sec man8/xattrschema.8dce _A._2._6 _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t _M_a_n_u_a_l _P_a_g_e_s _S_u_b_s_e_t The following permanent files are installed in the A-16 Files Installed on Your System DDDDCCCCEEEE222200000000////mmmmaaaannnn directory. PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeeessss man1/idl.1rpc man3/DCE_SVC_DEBUG.3dce man3/DCE_SVC_DEBUG_ATLEAST.3dce man3/DCE_SVC_DEBUG_IS.3dce man3/DCE_SVC_DEFINE_HANDLE.3dce man3/DCE_SVC_INTRO.3dce man3/DCE_SVC_LOG.3dce man3/audit_intro.3sec man3/cs_byte_from_netcs.3rpc man3/cs_byte_local_size.3rpc man3/cs_byte_net_size.3rpc man3/cs_byte_to_netcs.3rpc man3/dce_acl_copy_acl.3sec man3/dce_acl_inq_acl_from_header.3sec man3/dce_acl_inq_client_creds.3sec man3/dce_acl_inq_client_permset.3sec man3/dce_acl_inq_permset_for_creds.3sec man3/dce_acl_inq_prin_and_group.3sec man3/dce_acl_is_client_authorized.3sec man3/dce_acl_obj_add_any_other_entry.3sec man3/dce_acl_obj_add_foreign_entry.3sec man3/dce_acl_obj_add_group_entry.3sec man3/dce_acl_obj_add_id_entry.3sec man3/dce_acl_obj_add_obj_entry.3sec man3/dce_acl_obj_add_unauth_entry.3sec man3/dce_acl_obj_add_user_entry.3sec man3/dce_acl_obj_free_entries.3sec man3/dce_acl_obj_init.3sec man3/dce_acl_register_object_type.3sec man3/dce_acl_resolve_by_name.3sec man3/dce_acl_resolve_by_uuid.3sec man3/dce_assert.3dce man3/dce_attr_intro.3dce man3/dce_attr_sch_bind.3dce man3/dce_attr_sch_bind_free.3dce man3/dce_attr_sch_create_entry.3dce man3/dce_attr_sch_cursor_alloc.3dce man3/dce_attr_sch_cursor_init.3dce man3/dce_attr_sch_cursor_release.3dce man3/dce_attr_sch_cursor_reset.3dce man3/dce_attr_sch_delete_entry.3dce man3/dce_attr_sch_get_acl_mgrs.3dce man3/dce_attr_sch_lookup_by_id.3dce man3/dce_attr_sch_lookup_by_name.3dce man3/dce_attr_sch_scan.3dce man3/dce_attr_sch_update_entry.3dce man3/dce_aud_close.3sec man3/dce_aud_commit.3sec man3/dce_aud_discard.3sec Files Installed on Your System A-17 man3/dce_aud_free_ev_info.3sec man3/dce_aud_free_header.3sec man3/dce_aud_get_ev_info.3sec man3/dce_aud_get_header.3sec man3/dce_aud_length.3sec man3/dce_aud_next.3sec man3/dce_aud_open.3sec man3/dce_aud_print.3sec man3/dce_aud_put_ev_info.3sec man3/dce_aud_set_trail_size_limit.3sec man3/dce_aud_start.3sec man3/dce_aud_start_with_name.3sec man3/dce_aud_start_with_pac.3sec man3/dce_aud_start_with_server_binding.3sec man3/dce_aud_start_with_uuid.3sec man3/dce_cf_binding_entry_from_host.3dce man3/dce_cf_dced_entry_from_host.3dce man3/dce_cf_find_name_by_key.3dce man3/dce_cf_free_cell_aliases.3dce man3/dce_cf_get_cell_aliases.3dce man3/dce_cf_get_cell_name.3dce man3/dce_cf_get_csrgy_filename.3dce man3/dce_cf_get_host_name.3dce man3/dce_cf_intro.3dce man3/dce_cf_prin_name_from_host.3dce man3/dce_cf_profile_entry_from_host.3dce man3/dce_cf_same_cell_name.3dce man3/dce_cs_loc_to_rgy.3rpc man3/dce_cs_rgy_to_loc.3rpc man3/dce_db_close.3dce man3/dce_db_delete.3dce man3/dce_db_delete_by_name.3dce man3/dce_db_delete_by_uuid.3dce man3/dce_db_fetch.3dce man3/dce_db_fetch_by_name.3dce man3/dce_db_fetch_by_uuid.3dce man3/dce_db_free.3dce man3/dce_db_header_fetch.3dce man3/dce_db_inq_count.3dce man3/dce_db_intro.3dce man3/dce_db_iter_done.3dce man3/dce_db_iter_next.3dce man3/dce_db_iter_next_by_name.3dce man3/dce_db_iter_next_by_uuid.3dce man3/dce_db_iter_start.3dce man3/dce_db_lock.3dce man3/dce_db_open.3dce man3/dce_db_std_header_init.3dce man3/dce_db_store.3dce man3/dce_db_store_by_name.3dce man3/dce_db_store_by_uuid.3dce man3/dce_db_unlock.3dce man3/dce_error_inq_text.3dce man3/dce_intro.3dce A-18 Files Installed on Your System man3/dce_msg_cat_close.3dce man3/dce_msg_cat_get_msg.3dce man3/dce_msg_cat_open.3dce man3/dce_msg_define_msg_table.3dce man3/dce_msg_get.3dce man3/dce_msg_get_cat_msg.3dce man3/dce_msg_get_default_msg.3dce man3/dce_msg_get_msg.3dce man3/dce_msg_intro.3dce man3/dce_msg_translate_table.3dce man3/dce_pgm_printf.3dce man3/dce_printf.3dce man3/dce_server_disable_service.3dce man3/dce_server_enable_service.3dce man3/dce_server_inq_attr.3dce man3/dce_server_inq_server.3dce man3/dce_server_inq_uuids.3dce man3/dce_server_intro.3dce man3/dce_server_register.3dce man3/dce_server_sec_begin.3dce man3/dce_server_sec_done.3dce man3/dce_server_unregister.3dce man3/dce_server_use_protseq.3dce man3/dce_svc_components.3dce man3/dce_svc_debug_routing.3dce man3/dce_svc_debug_set_levels.3dce man3/dce_svc_define_filter.3dce man3/dce_svc_filter.3dce man3/dce_svc_intro.3dce man3/dce_svc_log_close.3dce man3/dce_svc_log_get.3dce man3/dce_svc_log_open.3dce man3/dce_svc_log_rewind.3dce man3/dce_svc_printf.3dce man3/dce_svc_register.3dce man3/dce_svc_routing.3dce man3/dce_svc_set_progname.3dce man3/dce_svc_table.3dce man3/dce_svc_unregister.3dce man3/dced_binding_create.3dce man3/dced_binding_free.3dce man3/dced_binding_from_rpc_binding.3dce man3/dced_binding_set_auth_info.3dce man3/dced_entry_add.3dce man3/dced_entry_get_next.3dce man3/dced_entry_remove.3dce man3/dced_hostdata_create.3dce man3/dced_hostdata_delete.3dce man3/dced_hostdata_read.3dce man3/dced_hostdata_write.3dce man3/dced_initialize_cursor.3dce man3/dced_inq_id.3dce man3/dced_inq_name.3dce man3/dced_intro.3dce Files Installed on Your System A-19 man3/dced_keytab_add_key.3dce man3/dced_keytab_change_key.3dce man3/dced_keytab_create.3dce man3/dced_keytab_delete.3dce man3/dced_keytab_get_next_key.3dce man3/dced_keytab_initialize_cursor.3dce man3/dced_keytab_release_cursor.3dce man3/dced_keytab_remove_key.3dce man3/dced_list_get.3dce man3/dced_list_release.3dce man3/dced_object_read.3dce man3/dced_object_read_all.3dce man3/dced_objects_release.3dce man3/dced_release_cursor.3dce man3/dced_secval_start.3dce man3/dced_secval_status.3dce man3/dced_secval_stop.3dce man3/dced_secval_validate.3dce man3/dced_server_create.3dce man3/dced_server_delete.3dce man3/dced_server_disable_if.3dce man3/dced_server_enable_if.3dce man3/dced_server_modify_attributes.3dce man3/dced_server_start.3dce man3/dced_server_stop.3dce man3/dsX_trace_object.3xds man3/ds_abandon.3xds man3/ds_add_entry.3xds man3/ds_bind.3xds man3/ds_compare.3xds man3/ds_initialize.3xds man3/ds_intro.3xds man3/ds_list.3xds man3/ds_modify_entry.3xds man3/ds_modify_rdn.3xds man3/ds_read.3xds man3/ds_receive_result.3xds man3/ds_remove_entry.3xds man3/ds_search.3xds man3/ds_shutdown.3xds man3/ds_unbind.3xds man3/ds_version.3xds man3/dts_intro.3dts man3/gss_accept_sec_context.3sec man3/gss_acquire_cred.3sec man3/gss_compare_name.3sec man3/gss_context_time.3sec man3/gss_delete_sec_context.3sec man3/gss_display_name.3sec man3/gss_display_status.3sec man3/gss_import_name.3sec man3/gss_indicate_mechs.3sec man3/gss_init_sec_context.3sec man3/gss_inquire_cred.3sec A-20 Files Installed on Your System man3/gss_process_context_token.3sec man3/gss_release_buffer.3sec man3/gss_release_cred.3sec man3/gss_release_name.3sec man3/gss_release_oid_set.3sec man3/gss_seal.3sec man3/gss_sign.3sec man3/gss_unseal.3sec man3/gss_verify.3sec man3/gssapi_intro.3sec man3/gssdce_add_oid_set_member.3sec man3/gssdce_create_empty_oid_set.3sec man3/gssdce_cred_to_login_context.3sec man3/gssdce_extract_creds_from_sec_context.3sec man3/gssdce_login_context_to_cred.3sec man3/gssdce_register_acceptor_identity.3sec man3/gssdce_set_cred_context_ownership.3sec man3/gssdce_test_oid_set_member.3sec man3/idl_es_decode_buffer.3rpc man3/idl_es_decode_incremental.3rpc man3/idl_es_encode_dyn_buffer.3rpc man3/idl_es_encode_fixed_buffer.3rpc man3/idl_es_encode_incremental.3rpc man3/idl_es_handle_free.3rpc man3/idl_es_inq_encoding_id.3rpc man3/om_copy.3xom man3/om_copy_value.3xom man3/om_create.3xom man3/om_decode.3xom man3/om_delete.3xom man3/om_encode.3xom man3/om_get.3xom man3/om_instance.3xom man3/om_intro.3xom man3/om_put.3xom man3/om_read.3xom man3/om_remove.3xom man3/om_write.3xom man3/priv_attr_trig_query.3sec man3/rdacl_get_access.3sec man3/rdacl_get_manager_types.3sec man3/rdacl_get_mgr_types_semantics.3sec man3/rdacl_get_printstring.3sec man3/rdacl_get_referral.3sec man3/rdacl_lookup.3sec man3/rdacl_replace.3sec man3/rdacl_test_access.3sec man3/rdacl_test_access_on_behalf.3sec man3/rpc_binding_copy.3rpc man3/rpc_binding_free.3rpc man3/rpc_binding_from_string_binding.3rpc man3/rpc_binding_inq_auth_caller.3rpc man3/rpc_binding_inq_auth_client.3rpc man3/rpc_binding_inq_auth_info.3rpc Files Installed on Your System A-21 man3/rpc_binding_inq_object.3rpc man3/rpc_binding_reset.3rpc man3/rpc_binding_server_from_client.3rpc man3/rpc_binding_set_auth_info.3rpc man3/rpc_binding_set_object.3rpc man3/rpc_binding_to_string_binding.3rpc man3/rpc_binding_vector_free.3rpc man3/rpc_cs_binding_set_tags.3rpc man3/rpc_cs_char_set_compat_check.3rpc man3/rpc_cs_eval_with_universal.3rpc man3/rpc_cs_eval_without_universal.3rpc man3/rpc_cs_get_tags.3rpc man3/rpc_ep_register.3rpc man3/rpc_ep_register_no_replace.3rpc man3/rpc_ep_resolve_binding.3rpc man3/rpc_ep_unregister.3rpc man3/rpc_if_id_vector_free.3rpc man3/rpc_if_inq_id.3rpc man3/rpc_intro.3rpc man3/rpc_mgmt_ep_elt_inq_begin.3rpc man3/rpc_mgmt_ep_elt_inq_done.3rpc man3/rpc_mgmt_ep_elt_inq_next.3rpc man3/rpc_mgmt_ep_unregister.3rpc man3/rpc_mgmt_inq_com_timeout.3rpc man3/rpc_mgmt_inq_dflt_protect_level.3rpc man3/rpc_mgmt_inq_if_ids.3rpc man3/rpc_mgmt_inq_server_princ_name.3rpc man3/rpc_mgmt_inq_stats.3rpc man3/rpc_mgmt_is_server_listening.3rpc man3/rpc_mgmt_set_authorization_fn.3rpc man3/rpc_mgmt_set_cancel_timeout.3rpc man3/rpc_mgmt_set_com_timeout.3rpc man3/rpc_mgmt_set_server_stack_size.3rpc man3/rpc_mgmt_stats_vector_free.3rpc man3/rpc_mgmt_stop_server_listening.3rpc man3/rpc_network_inq_protseqs.3rpc man3/rpc_network_is_protseq_valid.3rpc man3/rpc_ns_binding_export.3rpc man3/rpc_ns_binding_import_begin.3rpc man3/rpc_ns_binding_import_done.3rpc man3/rpc_ns_binding_import_next.3rpc man3/rpc_ns_binding_inq_entry_name.3rpc man3/rpc_ns_binding_lookup_begin.3rpc man3/rpc_ns_binding_lookup_done.3rpc man3/rpc_ns_binding_lookup_next.3rpc man3/rpc_ns_binding_select.3rpc man3/rpc_ns_binding_unexport.3rpc man3/rpc_ns_entry_expand_name.3rpc man3/rpc_ns_entry_inq_resolution.3rpc man3/rpc_ns_entry_object_inq_begin.3rpc man3/rpc_ns_entry_object_inq_done.3rpc man3/rpc_ns_entry_object_inq_next.3rpc man3/rpc_ns_group_delete.3rpc man3/rpc_ns_group_mbr_add.3rpc A-22 Files Installed on Your System man3/rpc_ns_group_mbr_inq_begin.3rpc man3/rpc_ns_group_mbr_inq_done.3rpc man3/rpc_ns_group_mbr_inq_next.3rpc man3/rpc_ns_group_mbr_remove.3rpc man3/rpc_ns_import_ctx_add_eval.3rpc man3/rpc_ns_mgmt_binding_unexport.3rpc man3/rpc_ns_mgmt_entry_create.3rpc man3/rpc_ns_mgmt_entry_delete.3rpc man3/rpc_ns_mgmt_entry_inq_if_ids.3rpc man3/rpc_ns_mgmt_free_codesets.3rpc man3/rpc_ns_mgmt_handle_set_exp_age.3rpc man3/rpc_ns_mgmt_inq_exp_age.3rpc man3/rpc_ns_mgmt_read_codesets.3rpc man3/rpc_ns_mgmt_remove_attribute.3rpc man3/rpc_ns_mgmt_set_attribute.3rpc man3/rpc_ns_mgmt_set_exp_age.3rpc man3/rpc_ns_profile_delete.3rpc man3/rpc_ns_profile_elt_add.3rpc man3/rpc_ns_profile_elt_inq_begin.3rpc man3/rpc_ns_profile_elt_inq_done.3rpc man3/rpc_ns_profile_elt_inq_next.3rpc man3/rpc_ns_profile_elt_remove.3rpc man3/rpc_object_inq_type.3rpc man3/rpc_object_set_inq_fn.3rpc man3/rpc_object_set_type.3rpc man3/rpc_protseq_vector_free.3rpc man3/rpc_rgy_get_codesets.3rpc man3/rpc_rgy_get_max_bytes.3rpc man3/rpc_server_inq_bindings.3rpc man3/rpc_server_inq_if.3rpc man3/rpc_server_listen.3rpc man3/rpc_server_register_auth_info.3rpc man3/rpc_server_register_if.3rpc man3/rpc_server_unregister_if.3rpc man3/rpc_server_use_all_protseqs.3rpc man3/rpc_server_use_all_protseqs_if.3rpc man3/rpc_server_use_protseq.3rpc man3/rpc_server_use_protseq_ep.3rpc man3/rpc_server_use_protseq_if.3rpc man3/rpc_sm_allocate.3rpc man3/rpc_sm_client_free.3rpc man3/rpc_sm_destroy_client_context.3rpc man3/rpc_sm_disable_allocate.3rpc man3/rpc_sm_enable_allocate.3rpc man3/rpc_sm_free.3rpc man3/rpc_sm_get_thread_handle.3rpc man3/rpc_sm_set_client_alloc_free.3rpc man3/rpc_sm_set_thread_handle.3rpc man3/rpc_sm_swap_client_alloc_free.3rpc man3/rpc_ss_allocate.3rpc man3/rpc_ss_bind_authn_client.3rpc man3/rpc_ss_client_free.3rpc man3/rpc_ss_destroy_client_context.3rpc man3/rpc_ss_disable_allocate.3rpc Files Installed on Your System A-23 man3/rpc_ss_enable_allocate.3rpc man3/rpc_ss_free.3rpc man3/rpc_ss_get_thread_handle.3rpc man3/rpc_ss_set_client_alloc_free.3rpc man3/rpc_ss_set_thread_handle.3rpc man3/rpc_ss_swap_client_alloc_free.3rpc man3/rpc_string_binding_compose.3rpc man3/rpc_string_binding_parse.3rpc man3/rpc_string_free.3rpc man3/rpc_tower_to_binding.3rpc man3/rpc_tower_vector_free.3rpc man3/rpc_tower_vector_from_binding.3rpc man3/rsec_pwd_mgmt_gen_pwd.3sec man3/rsec_pwd_mgmt_str_chk.3sec man3/sec_acl_bind.3sec man3/sec_acl_bind_to_addr.3sec man3/sec_acl_calc_mask.3sec man3/sec_acl_get_access.3sec man3/sec_acl_get_error_info.3sec man3/sec_acl_get_manager_types.3sec man3/sec_acl_get_mgr_types_semantics.3sec man3/sec_acl_get_printstring.3sec man3/sec_acl_lookup.3sec man3/sec_acl_release.3sec man3/sec_acl_release_handle.3sec man3/sec_acl_replace.3sec man3/sec_acl_test_access.3sec man3/sec_acl_test_access_on_behalf.3sec man3/sec_attr_trig_query.3sec man3/sec_attr_trig_update.3sec man3/sec_cred_free_attr_cursor.3sec man3/sec_cred_free_cursor.3sec man3/sec_cred_free_pa_handle.3sec man3/sec_cred_get_authz_session_info.3sec man3/sec_cred_get_client_princ_name.3sec man3/sec_cred_get_deleg_restrictions.3sec man3/sec_cred_get_delegate.3sec man3/sec_cred_get_delegation_type.3sec man3/sec_cred_get_extended_attrs.3sec man3/sec_cred_get_initiator.3sec man3/sec_cred_get_opt_restrictions.3sec man3/sec_cred_get_pa_data.3sec man3/sec_cred_get_req_restrictions.3sec man3/sec_cred_get_tgt_restrictions.3sec man3/sec_cred_get_v1_pac.3sec man3/sec_cred_initialize_attr_cursor.3sec man3/sec_cred_initialize_cursor.3sec man3/sec_cred_is_authenticated.3sec man3/sec_id_gen_group.3sec man3/sec_id_gen_name.3sec man3/sec_id_parse_group.3sec man3/sec_id_parse_name.3sec man3/sec_intro.3sec man3/sec_key_mgmt_change_key.3sec A-24 Files Installed on Your System man3/sec_key_mgmt_delete_key.3sec man3/sec_key_mgmt_delete_key_type.3sec man3/sec_key_mgmt_free_key.3sec man3/sec_key_mgmt_garbage_collect.3sec man3/sec_key_mgmt_gen_rand_key.3sec man3/sec_key_mgmt_get_key.3sec man3/sec_key_mgmt_get_next_key.3sec man3/sec_key_mgmt_get_next_kvno.3sec man3/sec_key_mgmt_initialize_cursor.3sec man3/sec_key_mgmt_manage_key.3sec man3/sec_key_mgmt_release_cursor.3sec man3/sec_key_mgmt_set_key.3sec man3/sec_login_become_delegate.3sec man3/sec_login_become_impersonator.3sec man3/sec_login_become_initiator.3sec man3/sec_login_certify_identity.3sec man3/sec_login_cred_get_delegate.3sec man3/sec_login_cred_get_initiator.3sec man3/sec_login_cred_init_cursor.3sec man3/sec_login_disable_delegation.3sec man3/sec_login_export_context.3sec man3/sec_login_free_net_info.3sec man3/sec_login_get_current_context.3sec man3/sec_login_get_expiration.3sec man3/sec_login_get_groups.3sec man3/sec_login_get_pwent.3sec man3/sec_login_import_context.3sec man3/sec_login_init_first.3sec man3/sec_login_inquire_net_info.3sec man3/sec_login_newgroups.3sec man3/sec_login_purge_context.3sec man3/sec_login_refresh_identity.3sec man3/sec_login_release_context.3sec man3/sec_login_set_context.3sec man3/sec_login_set_extended_attrs.3sec man3/sec_login_setup_first.3sec man3/sec_login_setup_identity.3sec man3/sec_login_valid_and_cert_ident.3sec man3/sec_login_valid_from_keytable.3sec man3/sec_login_validate_first.3sec man3/sec_login_validate_identity.3sec man3/sec_pwd_mgmt_free_handle.3sec man3/sec_pwd_mgmt_gen_pwd.3sec man3/sec_pwd_mgmt_get_val_type.3sec man3/sec_pwd_mgmt_setup.3sec man3/sec_rgy_acct_add.3sec man3/sec_rgy_acct_admin_replace.3sec man3/sec_rgy_acct_delete.3sec man3/sec_rgy_acct_get_projlist.3sec man3/sec_rgy_acct_lookup.3sec man3/sec_rgy_acct_passwd.3sec man3/sec_rgy_acct_rename.3sec man3/sec_rgy_acct_replace_all.3sec man3/sec_rgy_acct_user_replace.3sec Files Installed on Your System A-25 man3/sec_rgy_attr_cursor_alloc.3sec man3/sec_rgy_attr_cursor_init.3sec man3/sec_rgy_attr_cursor_release.3sec man3/sec_rgy_attr_cursor_reset.3sec man3/sec_rgy_attr_delete.3sec man3/sec_rgy_attr_get_effective.3sec man3/sec_rgy_attr_lookup_by_id.3sec man3/sec_rgy_attr_lookup_by_name.3sec man3/sec_rgy_attr_lookup_no_expand.3sec man3/sec_rgy_attr_sch_aclmgr_strings.3sec man3/sec_rgy_attr_sch_create_entry.3sec man3/sec_rgy_attr_sch_cursor_alloc.3sec man3/sec_rgy_attr_sch_cursor_init.3sec man3/sec_rgy_attr_sch_cursor_release.3sec man3/sec_rgy_attr_sch_cursor_reset.3sec man3/sec_rgy_attr_sch_delete_entry.3sec man3/sec_rgy_attr_sch_get_acl_mgrs.3sec man3/sec_rgy_attr_sch_lookup_by_id.3sec man3/sec_rgy_attr_sch_lookup_by_name.3sec man3/sec_rgy_attr_sch_scan.3sec man3/sec_rgy_attr_sch_update_entry.3sec man3/sec_rgy_attr_test_and_update.3sec man3/sec_rgy_attr_update.3sec man3/sec_rgy_auth_plcy_get_effective.3sec man3/sec_rgy_auth_plcy_get_info.3sec man3/sec_rgy_auth_plcy_set_info.3sec man3/sec_rgy_cell_bind.3sec man3/sec_rgy_cursor_reset.3sec man3/sec_rgy_login_get_effective.3sec man3/sec_rgy_login_get_info.3sec man3/sec_rgy_pgo_add.3sec man3/sec_rgy_pgo_add_member.3sec man3/sec_rgy_pgo_delete.3sec man3/sec_rgy_pgo_delete_member.3sec man3/sec_rgy_pgo_get_by_eff_unix_num.3sec man3/sec_rgy_pgo_get_by_id.3sec man3/sec_rgy_pgo_get_by_name.3sec man3/sec_rgy_pgo_get_by_unix_num.3sec man3/sec_rgy_pgo_get_members.3sec man3/sec_rgy_pgo_get_next.3sec man3/sec_rgy_pgo_id_to_name.3sec man3/sec_rgy_pgo_id_to_unix_num.3sec man3/sec_rgy_pgo_is_member.3sec man3/sec_rgy_pgo_name_to_id.3sec man3/sec_rgy_pgo_name_to_unix_num.3sec man3/sec_rgy_pgo_rename.3sec man3/sec_rgy_pgo_replace.3sec man3/sec_rgy_pgo_unix_num_to_id.3sec man3/sec_rgy_pgo_unix_num_to_name.3sec man3/sec_rgy_plcy_get_effective.3sec man3/sec_rgy_plcy_get_info.3sec man3/sec_rgy_plcy_set_info.3sec man3/sec_rgy_properties_get_info.3sec man3/sec_rgy_properties_set_info.3sec A-26 Files Installed on Your System man3/sec_rgy_site_bind.3sec man3/sec_rgy_site_bind_query.3sec man3/sec_rgy_site_bind_update.3sec man3/sec_rgy_site_binding_get_info.3sec man3/sec_rgy_site_close.3sec man3/sec_rgy_site_get.3sec man3/sec_rgy_site_is_readonly.3sec man3/sec_rgy_site_open.3sec man3/sec_rgy_site_open_query.3sec man3/sec_rgy_site_open_update.3sec man3/sec_rgy_unix_getgrgrid.3sec man3/sec_rgy_unix_getgrnam.3sec man3/sec_rgy_unix_getpwnam.3sec man3/sec_rgy_unix_getpwuid.3sec man3/sec_rgy_wait_until_consistent.3sec man3/utc_abstime.3dts man3/utc_addtime.3dts man3/utc_anytime.3dts man3/utc_anyzone.3dts man3/utc_ascanytime.3dts man3/utc_ascgmtime.3dts man3/utc_asclocaltime.3dts man3/utc_ascreltime.3dts man3/utc_binreltime.3dts man3/utc_bintime.3dts man3/utc_boundtime.3dts man3/utc_cmpintervaltime.3dts man3/utc_cmpmidtime.3dts man3/utc_gettime.3dts man3/utc_getusertime.3dts man3/utc_gmtime.3dts man3/utc_gmtzone.3dts man3/utc_localtime.3dts man3/utc_localzone.3dts man3/utc_mkanytime.3dts man3/utc_mkascreltime.3dts man3/utc_mkasctime.3dts man3/utc_mkbinreltime.3dts man3/utc_mkbintime.3dts man3/utc_mkgmtime.3dts man3/utc_mklocaltime.3dts man3/utc_mkreltime.3dts man3/utc_mulftime.3dts man3/utc_multime.3dts man3/utc_pointtime.3dts man3/utc_reltime.3dts man3/utc_spantime.3dts man3/utc_subtime.3dts man3/uuid_compare.3rpc man3/uuid_create.3rpc man3/uuid_create_nil.3rpc man3/uuid_equal.3rpc man3/uuid_from_string.3rpc man3/uuid_hash.3rpc Files Installed on Your System A-27 man3/uuid_is_nil.3rpc man3/uuid_to_string.3rpc man3/wchar_t_from_netcs.3rpc man3/wchar_t_local_size.3rpc man3/wchar_t_net_size.3rpc man3/wchar_t_to_netcs.3rpc _A._2._7 _D_C_E _D_F_S _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200 DCE200/DCEDFS.Links DCE200/usr/bin bos bosserver cm dfsbind dfsd dfsexport flserver flserver_v13 fts ftserver fxd upclient upserver DCE200/usr/lib/nls/msg/en_US.ISO8859-1 dfsbbs.cat dfsbmb.cat dfsbos.cat dfsbss.cat dfscmc.cat dfscmd.cat dfscmp.cat dfscmu.cat dfsdau.cat dfsdcl.cat dfsdsb.cat dfsdsd.cat dfsfsh.cat dfsftl.cat dfsfts.cat dfsftt.cat dfsftu.cat dfsfxd.cat dfshst.cat A-28 Files Installed on Your System dfsicl.cat dfslsv.cat dfsncs.cat dfsrep.cat dfsscm.cat dfsscx.cat dfstkm.cat dfstsv.cat dfsubk.cat dfsudt.cat dfsupd.cat dfsvls.cat dfsxag.cat dfsxcr.cat dfsxvl.cat DCE200/usr/sbin dfssetup DCE200/usr/shlib libdcedfs.so _A._2._8 _D_C_E _D_F_S _K_e_r_n_e_l _B_i_n_a_r_i_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200/BINARY dcedfs_data.c dcedfs_subr_data.c files sec_min.mod spd_misc.mod stanza.static DCE200 DCEDFSBIN.Links _A._2._9 _D_C_E _D_F_S _N_F_S _G_a_t_e_w_a_y _S_e_r_v_i_c_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200 DCEDFSNFSSRV.Links Files Installed on Your System A-29 DCE200/usr/bin dfsgw dfsgwd DCE200/usr/lib/nls/msg/en_US.ISO8859-1 dfsgwy.cat _A._2._1_0 _D_C_E _D_F_S _U_t_i_l_i_t_i_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee DCE200 DCE200/DCEDFSUTL.Links DCE200/usr/bin bomb bomb_cat bomb_test dfstrace dump_dfscache flc flclient flmigrate.sh scout udebug DCE200/usr/lib libbomb.a DCE200/usr/lib/nls/msg/en_US.ISO8859-1 dfszbb.cat dfszbd.cat dfszcm.cat dfszdl.cat dfszdt.cat dfszfl.cat dfszfu.cat dfszhs.cat dfszkc.cat dfszpx.cat dfsztm.cat dfsztq.cat dfszuk.cat dfszxv.cat A-30 Files Installed on Your System _A._2._1_1 _D_C_E _D_F_S _M_a_n_u_a_l _P_a_g_e_s _S_u_b_s_e_t DDDDiiiirrrreeeeccccttttoooorrrryyyy PPPPeeeerrrrmmmmaaaannnneeeennnntttt FFFFiiiilllleeee man4/BosConfig.4dfs man8/dfsexport.8dfs man4/BosLog.4dfs man8/dfsgw.8dfs man4/CacheInfo.4dfs man8/dfsgw_add.8dfs man4/CacheItems.4dfs man8/dfsgw_apropos.8dfs man4/DfsgwLog.4dfs man8/dfsgw_delete.8dfs man4/FilesetItems.4dfs man8/dfsgw_help.8dfs man4/FlLog.4dfs man8/dfsgw_list.8dfs man4/FtLog.4dfs man8/dfsgw_query.8dfs man4/NoAuth.4dfs man8/dfsgwd.8dfs man4/UpLog.4dfs man8/dfstrace.8dfs man4/Vn.4dfs man8/dfstrace_apropos.8dfs man4/admin.bos.4dfs man8/dfstrace_clear.8dfs man4/admin.fl.4dfs man8/dfstrace_dump.8dfs man4/admin.ft.4dfs man8/dfstrace_help.8dfs man4/admin.up.4dfs man8/dfstrace_lslog.8dfs man4/dfstab.4dfs man8/dfstrace_lsset.8dfs man4/intro.4dfs man8/dfstrace_setlog.8dfs man8/bos.8dfs man8/dfstrace_setset.8dfs man8/bos_addadmin.8dfs man8/flserver.8dfs man8/bos_addkey.8dfs man8/fts.8dfs man8/bos_apropos.8dfs man8/fts_addsite.8dfs man8/bos_create.8dfs man8/fts_aggrinfo.8dfs man8/bos_delete.8dfs man8/fts_apropos.8dfs man8/bos_gckeys.8dfs man8/fts_clone.8dfs man8/bos_genkey.8dfs man8/fts_clonesys.8dfs man8/bos_getdates.8dfs man8/fts_create.8dfs man8/bos_getlog.8dfs man8/fts_crfldbentry.8dfs man8/bos_getrestart.8dfs man8/fts_crmount.8dfs man8/bos_help.8dfs man8/fts_crserverentry.8dfs man8/bos_install.8dfs man8/fts_delete.8dfs man8/bos_lsadmin.8dfs man8/fts_delfldbentry.8dfs man8/bos_lscell.8dfs man8/fts_delmount.8dfs man8/bos_lskeys.8dfs man8/fts_delserverentry.8dfs man8/bos_prune.8dfs man8/fts_dump.8dfs man8/bos_restart.8dfs man8/fts_edserverentry.8dfs man8/bos_rmadmin.8dfs man8/fts_help.8dfs man8/bos_rmkey.8dfs man8/fts_lock.8dfs man8/bos_setauth.8dfs man8/fts_lsaggr.8dfs man8/bos_setrestart.8dfs man8/fts_lsfldb.8dfs man8/bos_shutdown.8dfs man8/fts_lsft.8dfs man8/bos_start.8dfs man8/fts_lsheader.8dfs man8/bos_startup.8dfs man8/fts_lsmount.8dfs man8/bos_status.8dfs man8/fts_lsquota.8dfs man8/bos_stop.8dfs man8/fts_lsreplicas.8dfs man8/bos_uninstall.8dfs man8/fts_lsserverentry.8dfs man8/bosserver.8dfs man8/fts_move.8dfs man8/butc.8dfs man8/fts_release.8dfs man8/cm.8dfs man8/fts_rename.8dfs Files Installed on Your System A-31 man8/cm_apropos.8dfs man8/fts_restore.8dfs man8/cm_checkfilesets.8dfs man8/fts_rmsite.8dfs man8/cm_flush.8dfs man8/fts_setquota.8dfs man8/cm_flushfileset.8dfs man8/fts_setrepinfo.8dfs man8/cm_getcachesize.8dfs man8/fts_statftserver.8dfs man8/cm_getdevok.8dfs man8/fts_statrepserver.8dfs man8/cm_getsetuid.8dfs man8/fts_syncfldb.8dfs man8/cm_help.8dfs man8/fts_syncserv.8dfs man8/cm_lscellinfo.8dfs man8/fts_unlock.8dfs man8/cm_lsstores.8dfs man8/fts_unlockfldb.8dfs man8/cm_resetstores.8dfs man8/fts_update.8dfs man8/cm_setcachesize.8dfs man8/fts_zap.8dfs man8/cm_setdevok.8dfs man8/ftserver.8dfs man8/cm_setsetuid.8dfs man8/fxd.8dfs man8/cm_statservers.8dfs man8/intro.8dfs man8/cm_sysname.8dfs man8/scout.8dfs man8/cm_whereis.8dfs man8/udebug.8dfs man8/dfs_login.8dfs man8/upclient.8dfs man8/dfs_logout.8dfs man8/upserver.8dfs man8/dfsbind.8dfs man8/dfsd.8dfs A-32 Files Installed on Your System Sample Listings for Digital DCE Installation and Configuration B This appendix provides listings for the following procedures: +o Installation and configuration of the Digital DCE server +o Installation and configuration of the Digital DCE Runtime Services subset (client). _B._1 _S_a_m_p_l_e _S_t_a_n_d_a_r_d _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _C_o_n_f_i_g_u_r_a_t_i_o_n _o_f _t_h_e _D_C_E _S_e_r_v_e_r The following sample log illustrates a standard server installation and configuration: # _s_e_t_l_d -_l . The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) DCE Application Developers Kit V2.0 2) DCE Application Developers Manual Pages V2.0 3) DCE Cell Directory Server V2.0 4) DCE DFS Base V2.0 5) DCE DFS Kernel Binaries V2.0 6) DCE DFS Man Pages V2.0 7) DCE DFS NFS-DFS Secure Gateway Server V2.0 8) DCE DFS Utilities/Debug V2.0 9) DCE Runtime Services V2.0 --- MORE TO FOLLOW --- Enter your choices or press RETURN to display the next screen. Choices (for example, 1 2 4-6): 10) DCE Security Server V2.0 Or you may choose one of the following options: 11) ALL of the above 12) CANCEL selections and redisplay menus 13) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): 11 You are installing the following optional subsets: DCE Application Developers Kit V2.0 DCE Application Developers Manual Pages V2.0 DCE Cell Directory Server V2.0 DCE DFS Base V2.0 DCE DFS Kernel Binaries V2.0 DCE DFS Man Pages V2.0 DCE DFS NFS-DFS Secure Gateway Server V2.0 DCE DFS Utilities/Debug V2.0 DCE Runtime Services V2.0 DCE Security Server V2.0 Is this correct? (y/n): y Checking file system space required to install selected subsets: File system space checked OK. 10 subset(s) will be installed. Loading 1 of 10 subset(s).... DCE Runtime Services V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Working....Thu Jun 13 12:30:31 EDT 1996 Verifying Loading 2 of 10 subset(s).... DCE Security Server V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 3 of 10 subset(s).... DCE Cell Directory Server V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 4 of 10 subset(s).... DCE Application Developers Kit V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) B-2 Sample Listings for Digital DCE Installation and Configuration Verifying Loading 5 of 10 subset(s).... DCE Application Developers Manual Pages V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Working....Thu Jun 13 12:31:12 EDT 1996 Verifying Loading 6 of 10 subset(s).... DCE DFS Base V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 7 of 10 subset(s).... DCE DFS Kernel Binaries V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 8 of 10 subset(s).... DCE DFS Utilities/Debug V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 9 of 10 subset(s).... DCE DFS Man Pages V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying Loading 10 of 10 subset(s).... DCE DFS NFS-DFS Secure Gateway Server V2.0 Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Verifying 10 of 10 subset(s) installed successfully. Configuring "DCE Runtime Services V2.0" (DCERTS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to Sample Listings for Digital DCE Installation and Configuration B-3 restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. ================================================================== \ ===== Beginning configuration of DCE Version 2.0. You will be asked a few questions before configuration can proceed. On-line help is available where the prompt contains a "?" choice. ================================================================== \ ===== Directory /opt/dcelocal exists. It may contain the DCE databases. Do you want to delete the old DCE databases? (y/n/?) [n]: y The existing DCE databases will be removed upon the successful completion of installation of DCERTS200. IMPORTANT: For SECURITY reasons, you may want to make sure that the location you will type now is native to this host; i.e., is not NFS mounted! Please enter the location for new DCE local databases, or press for the default location [/var]: ================================================================== \ ===== There will be no more questions asked for the remainder of the configuration. ================================================================== \ ===== Creating DCE local directory structure Removing old DCE local databases as directed. Created new DCE local database directory /var/dcelocal Creating DCE File Links Adding DCE Setup desktop icon Configuring "DCE Security Server V2.0" (DCESEC200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved B-4 Sample Listings for Digital DCE Installation and Configuration under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Cell Directory Server V2.0" (DCECDS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Application Developers Kit V2.0" (DCEADK200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE Application Developers Manual Pages V2.0" (DCEADKMAN200) Sample Listings for Digital DCE Installation and Configuration B-5 Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Creating DCE File Links Configuring "DCE DFS Base V2.0" (DCEDFS200) Installation of the DCE DFS Base (DCEDFS200) subset is complete. Configuring "DCE DFS Kernel Binaries V2.0" (DCEDFSBIN200) Installation of the DCE DFS Kernel Binaries (DCEDFSBIN200) subset is complete. To configure DFS services, you must first build a DFS kernel. Type any others you desire). Copy the resulting kernel to /vmunix, reboot, then run '/usr/sbin/dfssetup' to configure DFS, if necessary. Configuring "DCE DFS Utilities/Debug V2.0" (DCEDFSUTL200) Installation of the DCE DFS Utilities/Debug (DCEDFSUTL200) subset is complete. ======================================================================== Installation of all the requested DCE subsets is completed. You have installed the DCE software which requires further action to configure and start it. To do so please invoke "/usr/sbin/dcesetup" and select option 1 (Configure DCE services) from the main menu. ======================================================================== Configuring "DCE DFS Man Pages V2.0" (DCEDFSMAN200) Installation of the DCE/DFS Man Pages (DCEDFSMAN200) subset is complete. B-6 Sample Listings for Digital DCE Installation and Configuration Configuring "DCE DFS NFS-DFS Secure Gateway Server V2.0" (DCEDFSNFSSRV200) Installation of the DCE DFS NFS-DFS Secure Gateway Server (DCEDFSNFSSRV200) subset is complete. # /usr/sbin/dcesetup *** DCE Setup Main Menu *** Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: 1 *** Configuration Choice Menu *** 1) Configure this system as a DCE Client 2) Create a new DCE cell 3) Add Master CDS Server 4) Configure DCE Distributed File Service (DFS) 5) Modify DCE cell configuration R) Return to previous menu Please enter your selection (or '?' for help): 2 At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Please enter the name of your DCE cell [dhaka_cell]: Please enter your DCE hostname [dhaka]: Do you wish to configure dhaka as a CDS server? (y/n/?) [y]: Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]: ******************************************************************** * If the system clocks on the machines running the security * * and CDS servers differ more than one or two minutes from * * other systems in the cell, configuration anomalies can occur. * Sample Listings for Digital DCE Installation and Configuration B-7 * Since this system's time will be used as a reference, please * * make sure that the system time is correct. * ******************************************************************** System time for dhaka.lkg.dec.com: Thu Jun 13 12:51:02 EDT 1996 Is this correct? (y/n/?) y Do you need the Distributed Time Service? (y/n/?) [y]: Do you want this system to be a DTS Server (y/n/?) [y]: Do you want this system to be a DTS Global Server (y/n/?) [n]: Does this cell use multiple LANs? (y/n/?) [n]: Do you want to enable DCE SIA? (y/n/?) [n]: You have made the following selections: DCE Cellname: dhaka_cell DCE Hostname: dhaka Multi-LAN Cell? No Use dhaka as a CDS Server? Yes Use dhaka as the Security Server? Yes Use dhaka as a DTS Local Server? Yes Enable DCE SIA? No Do you want to save this as your DCE system configuration? (y/n/?) [y]: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files ************************************************************* * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ************************************************************* Enter keyseed for initial database master key: Configuring security server (secd) B-8 Sample Listings for Digital DCE Installation and Configuration Please type new password for cell_admin (or '?' for help): Type again to confirm: Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Initializing dced (dced)... Starting dced (dced)... Creating security master Starting security server daemon (secd)... Starting sec_client service (please wait) .. Adding principals to the registry database Creating group /.:/subsys/dce/dced-admin... Configuring CDS server (cdsd) Adding CDS registry entries Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Starting CDS server daemon (cdsd)... Starting Global Directory Agent daemon (gdad)... Starting Name Service Interface daemon (nsid)... Testing access to CDS server (please wait) . Initializing the namespace Modifying acls on /.: ... Modifying acls on /.:/subsys/dce/sec ... Modifying acls on /.:/cell-profile Modifying acls on /.:/lan-profile Modifying acls on /.:/dhaka_ch Modifying acls on /.:/subsys/dce/dfs Modifying acls on /.:/subsys/dce/dfs/bak Modifying acls on /.:/hosts Modifying acls on /.:/hosts/dhaka Modifying acls on /.:/sec Modifying acls on /.:/sec-v1 Modifying acls on /.:/hosts/dhaka/self Modifying acls on /.:/hosts/dhaka/cds-clerk Modifying acls on /.:/hosts/dhaka/cds-server Modifying acls on /.:/hosts/dhaka/cds-gda Modifying acls on /.:/hosts/dhaka/profile Modifying acls on /.:/fs Modifying acls on: principal principal/krbtgt principal/krbtgt/dhaka_cell principal/hosts principal/hosts/dhaka principal/hosts/dhaka/self principal/hosts/dhaka/cds-server principal/hosts/dhaka/gda group group/acct-admin group/subsys group/subsys/dce group/subsys/dce/sec-admin Sample Listings for Digital DCE Installation and Configuration B-9 group/subsys/dce/dts-admin group/subsys/dce/dts-servers group/subsys/dce/dfs-admin group/subsys/dce/dfs-fs-servers group/subsys/dce/dfs-bak-servers group/subsys/dce/cds-admin group/subsys/dce/cds-server org policy principal/nobody principal/root principal/daemon principal/sys principal/bin principal/uucp principal/who principal/mail principal/tcb principal/dce-ptgt principal/dce-rgy group/none group/system group/daemon group/uucp group/bin group/kmem group/mail group/tty group/tcb org/none replist subsys/dce/sec sec Modifying acls on /.:/subsys/DEC/pc Stopping sec_client service... Starting sec_client service (please wait) . Modifying acls on /.:/hosts/dhaka/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata/dce_cf.db hostdata/cell_name hostdata/pe_site hostdata/cds_attributes hostdata/cds_globalnames hostdata/host_name hostdata/cell_aliases hostdata/post_processors hostdata/svc_routing hostdata/cds.conf hostdata/passwd_override B-10 Sample Listings for Digital DCE Installation and Configuration hostdata/group_override hostdata/krb.conf srvrconf Configuring DTS daemon as server (dtsd) Stopping sec_client service... Starting sec_client service (please wait) . Starting DTS daemon (dtsd)... Waiting for DTS daemon to synchronize (please wait) . Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) Copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... *** DCE Setup Main Menu *** Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: x # _B._2 _S_a_m_p_l_e _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _C_o_n_f_i_g_u_r_a_t_i_o_n _o_f _t_h_e _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s The following sample log illustrates an installation and configuration of the DCE runtime services (DCE client). Sample Listings for Digital DCE Installation and Configuration B-11 # _s_e_t_l_d -_l . The subsets listed below are optional: There may be more optional subsets than can be presented on a single screen. If this is the case, you can choose subsets screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any subsets are installed. 1) DCE Application Developers Kit V2.0 2) DCE Application Developers Manual Pages V2.0 3) DCE Cell Directory Server V2.0 4) DCE Command Reference Manual Pages V2.0 5) DCE DFS Base V2.0 6) DCE DFS Kernel Binaries V2.0 7) DCE DFS Man Pages V2.0 8) DCE DFS NFS-DFS Secure Gateway Server V2.0 9) DCE DFS Utilities/Debug V2.0 --- MORE TO FOLLOW --- Enter your choices or press RETURN to display the next screen. Choices (for example, 1 2 4-6): 10) DCE Runtime Services V2.0 11) DCE Security Server V2.0 Or you may choose one of the following options: 12) ALL of the above 13) CANCEL selections and redisplay menus 14) EXIT without installing any subsets Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): 10 You are installing the following optional subsets: DCE Runtime Services V2.0 Is this correct? (y/n): y Checking file system space required to install selected subsets: File system space checked OK. 1 subset(s) will be installed. Loading 1 of 1 subset(s).... DCE Runtime Services V2.0 B-12 Sample Listings for Digital DCE Installation and Configuration Copying from /project/dce/build/decdce2.0bl4.0/DCE200_kit (disk) Working....Thu Jun 13 14:32:10 EDT 1996 Verifying 1 of 1 subset(s) installed successfully. Configuring "DCE Runtime Services V2.0" (DCERTS200) Copyright (c) Digital Equipment Corporation, 1993, 1994, 1995, 1996 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Possession, use, or copying of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. ======================================================================== Beginning configuration of DCE Version 2.0. You will be asked a few questions before configuration can proceed. On-line help is available where the prompt contains a "?" choice. ======================================================================== Directory /opt/dcelocal exists. It may contain the DCE databases. Do you want to delete the old DCE databases? (y/n/?) [n]: ======================================================================== There will be no more questions asked for the remainder of the configuration. ======================================================================== Creating DCE local directory structure Creating DCE File Links Adding DCE Setup desktop icon snafu.lkg.dec.com# dcesetup dcesetup: Command not found. snafu.lkg.dec.com# /usr/sbin/dcesetup *** DCE Setup Main Menu *** Sample Listings for Digital DCE Installation and Configuration B-13 Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: 1 *** Configuration Choice Menu *** 1) Configure this system as a DCE Client 2) Create a new DCE cell 3) Add Master CDS Server 4) Configure DCE Distributed File Service (DFS) 5) Modify DCE cell configuration R) Return to previous menu Please enter your selection (or '?' for help): 1 At each prompt, enter to take the default displayed in [braces] or enter '?' for help. Press to continue: Shutting down DCE services DCE services stopped Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing dced (dced)... Starting dced (dced)... Would you like to search the LAN for known cells? (y/n) [y] : Gathering list of currently accessible cells Please enter your DCE hostname [snafu]: The following cells were discovered within broadcast range of this system: B-14 Sample Listings for Digital DCE Installation and Configuration brain_cell dhaka_cell my_cell xircon_cell Please enter the name of your DCE cell (or '?' for help) [brain_cell]: dhaka_cell Stopping dced... Initializing dced (dced)... Starting dced (dced)... Starting CDS advertiser daemon (cdsadv)... Testing access to CDS server (please wait) . Attempting to locate security server Found security server Creating /opt/dcelocal/etc/security/pe_site file Checking local system time Looking for DTS servers in the LAN profile Found DTS server The local system time is: Thu Jun 13 14:34:44 1996 Is this time correct? (y/n): y Do you need the Distributed Time Service? (y/n/?) [y]: Do you want to enable DCE SIA? (y/n/?) [n]: Stopping cdsadv... This operation requires that you be authenticated as a member of the sec-admin group. Please login. Enter Principal Name: cell_admin Password: Configuring security client Creating /krb5/krb.conf file Adding kerberos5 entry to /etc/services Creating ktab entry for client Stopping dced... Initializing dced (dced)... Starting dced (dced)... Starting sec_client service (please wait) . This machine is now a security client. Configuring CDS client Creating the cds.conf file Starting CDS advertiser daemon (cdsadv)... Sample Listings for Digital DCE Installation and Configuration B-15 Testing access to CDS server (please wait) . Creating hosts/snafu objects in name space This machine is now a CDS client. Stopping sec_client service... Starting sec_client service (please wait) . Modifying acls on /.:/hosts/snafu/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata/dce_cf.db hostdata/cell_name hostdata/pe_site hostdata/cds_attributes hostdata/cds_globalnames hostdata/host_name hostdata/cell_aliases hostdata/post_processors hostdata/svc_routing hostdata/cds.conf hostdata/passwd_override hostdata/group_override hostdata/krb.conf srvrconf Configuring DTS daemon as client (dtsd) Starting DTS daemon (dtsd)... Waiting for DTS daemon to synchronize (please wait) This machine is now a DTS clerk. Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: Executing Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP (please wait) Copyright (c) Digital Equipment Corporation. 1996. All Rights Reserved. Verifying........... Digital DCE V2.0 (Rev. 509) for Digital UNIX CVP completed successfully Modifying system startup procedure... *** DCE Setup Main Menu *** Version V2.0 (Rev. 509) 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons B-16 Sample Listings for Digital DCE Installation and Configuration 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) CVP Run Configuration Verification Program 9) Version Show DCE Version number X) Exit Please enter your selection: x # Sample Listings for Digital DCE Installation and Configuration B-17 Configuration Worksheet C This chapter provides a worksheet for you to fill out before you install and configure Digital DCE. The worksheet provides a place to keep track of the systems with which you may need to communicate and the system managers you may need to contact. Section C.1 displays a sample of the worksheet. Make additional copies for future use. _C._1 _S_a_m_p_l_e _W_o_r_k_s_h_e_e_t C-2 Configuration Worksheet _C._2 _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _C_o_n_f_i_g_u_r_a_t_i_o_n _W_o_r_k_s_h_e_e_t Configuration Worksheet C-3 Index _A _c_e_l_l (cont.) _a_b_o_r_t_i_n_g _i_n_s_t_a_l_l_a_t_i_o_n, 3-12 adding a master CDS _a_d_d_i_n_g _a _D_T_S _l_o_c_a_l _s_e_r_v_e_r, server, 2-11 2-11 adding a replica CDS _a_d_d_i_n_g _a _m_a_s_t_e_r _C_D_S _s_e_r_v_e_r, server, 2-11 2-11 configuration options, 3-4 _a_d_d_i_n_g _t_o _a_n _e_x_i_s_t_i_n_g _c_e_l_l, configuring, 5-2 5-9 convention for cell name, _A_d_m_i_n_i_s_t_r_a_t_i_o_n _M_a_n_u_a_l _P_a_g_e_s, 5-3 3-11 creating, 2-11, 2-15, 3-4, _a_d_v_e_r_t_i_s_e_r, 5-11 5-4 _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t, creating new, 2-16 3-10 defining cell names, 5-3 _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s _K_i_t definition, 2-1 _m_a_n_u_a_l _p_a_g_e_s, 3-11 joining, 3-5 _A_u_d_i_t _s_e_r_v_i_c_e naming, 3-4, 5-26 enabling, 5-42 naming in an intercell environment, 5-16 _c_e_l_l__a_d_m_i_n, 2-18, 2-20 _B _c_l_e_a_r_i_n_g_h_o_u_s_e, 5-18 specifying a name, 5-29 _b_a_c_k_i_n_g _u_p _t_h_e _s_y_s_t_e_m, 3-11 _c_l_i_e_n_t _B_I_N_D configuring, 2-11, 2-18 setting up, 5-17 _c_l_i_e_n_t _c_o_n_f_i_g_u_r_a_t_i_o_n, 5-9 _c_o_n_f_i_g_u_r_a_t_i_o_n defaults, 5-1 _C errors, 5-50 _C_D_S _a_d_v_e_r_t_i_s_e_r, 5-11 _c_o_n_f_i_g_u_r_a_t_i_o_n _c_h_o_i_c_e _m_e_n_u, _C_D_S _c_a_c_h_e 2-11 initializing, 5-14 _C_o_n_f_i_g_u_r_a_t_i_o_n _C_h_o_i_c_e _M_e_n_u, _C_D_S _d_i_r_e_c_t_o_r_y _v_e_r_s_i_o_n, 2-16, 2-16, 5-2 2-22, 5-21, 5-5, 5-8 options, 5-2 _C_D_S _r_e_p_l_i_c_a _s_e_r_v_e_r _c_o_n_f_i_g_u_r_a_t_i_o_n _p_r_o_c_e_d_u_r_e, 5-1 adding, 5-26 _c_o_n_f_i_g_u_r_a_t_i_o_n _v_e_r_i_f_i_c_a_t_i_o_n _C_D_S _s_e_r_v_e_r, 3-10 _p_r_o_g_r_a_m, 2-18 creating, 5-5 _c_o_n_f_i_g_u_r_i_n_g _c_d_s_c_a_c_h_e _o_p_e_r_a_t_i_o_n, 5-14 DCE client software, 2-18 _c_e_l_l DCE Distributed File about, 3-3 Service, 5-14 adding a DTS local server, Runtime Services, 2-19, 2-11 5-9 _c_o_n_f_i_g_u_r_i_n_g _a _c_l_i_e_n_t, 5-9 _D_E_C_n_e_t/_O_S_I _D_E_C_d_t_s _s_e_r_v_e_r_s, _c_o_n_f_i_g_u_r_i_n_g _a _D_C_E _c_l_i_e_n_t, 5-11 2-11 _d_i_r_e_c_t_o_r_y _t_r_e_e _c_o_n_f_i_g_u_r_i_n_g _D_C_E _s_e_r_v_i_c_e_s, structure, A-2 2-16 _d_i_s_k _s_p_a_c_e _c_o_n_v_e_n_t_i_o_n_s, ix prerequisites, 3-6 _c_r_e_a_t_i_n_g _a _n_e_w _c_e_l_l, 2-16 required for installation, _c_r_e_a_t_i_n_g _a _n_e_w _D_C_E _c_e_l_l, 3-7 2-11 requirements, 4-1 _C_V_P, 2-18, 5-14 _d_i_s_t_r_i_b_u_t_e_d _t_i_m_e _s_e_r_v_i_c_e -:_C_V_P DCE DTS, 5-6 configuration verification DECdts, 5-6 program, 5-49 _d_i_s_t_r_i_b_u_t_i_o_n _k_i_t _C_V_P inspecting, 3-6 running, 5-49 _D_T_S adding a global server, 5-37 _D adding a Null Time Provider, 5-41 _d_a_t_a_b_a_s_e_s adding an NTP Time deleting, 2-7 Provider, 5-41 local, 2-7, 4-6 _D_T_S _G_l_o_b_a_l _S_e_r_v_e_r _D_C_E _A_p_p_l_i_c_a_t_i_o_n _D_e_v_e_l_o_p_e_r'_s adding, 5-37 _K_i_t, 3-1 _D_T_S _l_o_c_a_l _s_e_r_v_e_r, 5-6 _D_C_E _C_e_l_l _D_i_r_e_c_t_o_r_y _S_e_r_v_i_c_e adding, 5-34 _S_e_r_v_e_r, 3-1 _D_C_E _d_a_t_a_b_a_s_e_s deleting, 2-7 _E _D_C_E _D_i_s_t_r_i_b_u_t_e_d _F_i_l_e _S_e_r_v_i_c_e configuring, 5-14 _e_r_r_o_r _m_e_s_s_a_g_e_s _D_C_E _D_T_S, 5-19, 5-22, 5-6 principals already exist, _D_C_E _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s, 3-1 5-28 _D_C_E _S_e_c_u_r_i_t_y _S_e_r_v_e_r, 3-1 _e_r_r_o_r _r_e_c_o_v_e_r_y, 3-12 _D_C_E _S_e_t_u_p _M_a_i_n _M_e_n_u, 2-15 during installation, 3-12 configuring DCE services, _e_r_r_o_r_s 2-16 during system options, 5-2 configuration, 5-50 _D_C_E _S_I_A during system enabling and disabling, installation, 3-13 2-11 _d_c_e__l_o_g_i_n _o_p_e_r_a_t_i_o_n, 2-20 _d_c_e_s_e_t_u_p _F location, 5-1 _f_i_l_e _s_y_s_t_e_m, A-2 main menu, 5-1 privileges required, 5-1 _d_c_e_s_e_t_u_p _l_o_g, 2-15 _G _D_E_C_d_t_s, 5-19, 5-22, 5-6 disabling, 5-11 _G_D_A, 3-10 _D_E_C_n_e_t/_O_S_I, 5-19, 5-22 _G_l_o_b_a_l _D_i_r_e_c_t_o_r_y _A_g_e_n_t distributed time service, (_G_D_A), 3-10 5-6 Index-2 _H _L _h_a_r_d_w_a_r_e _r_e_q_u_i_r_e_m_e_n_t_s, 3-8 _L_A_N _c_o_n_f_i_g_u_r_a_t_i_o_n, 5-10 _h_o_s_t_n_a_m_e _L_i_c_e_n_s_e _M_a_n_a_g_e_m_e_n_t _F_a_c_i_l_i_t_y defining, 5-4 requirements, 3-2 _l_i_c_e_n_s_e _r_e_g_i_s_t_r_a_t_i_o_n, 3-1, 3-2 _I _L_M_F, 3-1 _I_D_L _c_o_m_p_i_l_e_r, 3-10 _l_o_a_d_i_n_g _s_u_b_s_e_t_s, 2-3 _i_n_i_t_i_a_l_i_z_i_n_g _t_h_e _C_D_S _c_a_c_h_e, _l_o_c_a_l _d_a_t_a_b_a_s_e_s 5-14 definition, 4-6 _i_n_s_t_a_l_l_a_t_i_o_n _l_o_g_f_i_l_e brief instructions, 1-1 dcesetup.log, 5-50 detailed instructions, 1-1 errors during, 3-12 hardware requirements, 3-8 _M monitoring, 4-6 _m_a_n_p_a_g_e_s selecting subsets, 4-2 Administration Manual setld command, 4-2 Pages, 3-11 software requirements, 3-8 Application Developer's split server, 2-20, 5-18 Kit Manual Pages, 3-11 starting, 4-1 _m_a_s_t_e_r _C_D_S _s_e_r_v_e_r, 5-18, steps, 4-1 5-20 stopping, 2-3, 3-12 adding, 2-11, 5-18 troubleshooting, 2-15 _m_i_g_r_a_t_i_o_n, 5-45 _i_n_s_t_a_l_l_a_t_i_o_n _a_n_d CDS, 5-47 _c_o_n_f_i_g_u_r_a_t_i_o_n _p_r_o_c_e_d_u_r_e security, 5-46 sample listing, B-1, B-11 _m_o_u_n_t _c_o_m_m_a_n_d, 4-2 _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _m_u_l_t_i_p_l_e _L_A_N_s, 5-6 _C_o_n_f_i_g_u_r_a_t_i_o_n _W_o_r_k_s_h_e_e_t, C-1 _i_n_s_t_a_l_l_a_t_i_o_n _p_r_e_r_e_q_u_i_s_i_t_e_s _N disk space, 3-6 _i_n_s_t_a_l_l_a_t_i_o_n _p_r_o_c_e_d_u_r_e _n_s_i_d, 3-10 overview, 4-1 _N_T_P _T_i_m_e _P_r_o_v_i_d_e_r requirements, 3-8 adding, 5-41 _i_n_t_e_r_c_e_l_l _n_a_m_i_n_g _e_x_a_m_p_l_e, _N_u_l_l _T_i_m_e _P_r_o_v_i_d_e_r 5-16 adding, 5-41 _I_P _a_d_d_r_e_s_s error with, 5-22 locating, 5-24 _O _O_S_F_D_C_M_T, 2-2, 3-9 _O_S_F_P_G_M_R, 2-2, 3-9 _K _k_e_y_s_e_e_d _P entering, 2-18 _P_A_K, 3-2 required for installation, 3-1 required for subset installation, 3-1 Index-3 _P_C _N_a_m_e_s_e_r_v_e_r _P_r_o_x_y _A_g_e_n_t, installation, 2-3 3-10 _s_e_t_l_d (cont.) _p_r_e_i_n_s_t_a_l_l_a_t_i_o_n using to check subset hardware requirements, 3-8 installation (cont.) software requirements, 3-8 Book Title (cont.) _p_r_i_n_c_i_p_a_l_s _a_l_r_e_a_d_y _e_x_i_s_t 3-11 (cont.) _e_r_r_o_r _m_e_s_s_a_g_e, 5-28 (cont.) , 3-11 _p_r_i_v_i_l_e_g_e_s using to delete subsets, verifying, 3-8 2-3, 3-11 _P_r_o_d_u_c_t _A_u_t_h_o_r_i_z_a_t_i_o_n _K_e_y verifying subset (_P_A_K), 3-1 installation, 2-8 _s_h_o_w _c_o_m_m_a_n_d, 2-20 _s_o_f_t_w_a_r_e _r_e_q_u_i_r_e_m_e_n_t_s, 3-8 _R _s_p_l_i_t _s_e_r_v_e_r, 5-5 _s_p_l_i_t _s_e_r_v_e_r _i_n_s_t_a_l_l_a_t_i_o_n, _r_e_f_e_r_e_n_c_e _p_a_g_e_s, 3-11 2-20, 5-18 _r_e_i_n_s_t_a_l_l_i_n_g _D_C_E, 3-11 _s_u_b_s_e_t_s, 3-1 _r_e_l_e_a_s_e _n_o_t_e_s DCE Administration Manual location of, 3-1 Pages, 3-11 _r_e_p_l_i_c_a _C_D_S _s_e_r_v_e_r DCE Application adding, 2-11 Developer's Kit, 3-10 _r_e_p_l_i_c_a _s_e_r_v_e_r DCE Application adding, 5-26 Developer's Kit Manual _r_e_p_l_i_c_a_s, 5-18 Pages, 3-11 _R_u_n_t_i_m_e _S_e_r_v_i_c_e_s, 3-10 DCE CDS Server, 3-10 configuring, 2-19, 5-9 DCE DFS Base OFS Services V2.0 (DCEDFS200), 3-10 DCE DFS Kernel Binaries _S V1.2 (DCEDFSBIN200), _s_a_v_i_n_g _s_y_s_t_e_m _c_o_n_f_i_g_u_r_a_t_i_o_n, 3-10 5-7 DCE DFS NFS-DFS Secure _s_e_c_u_r_i_t_y Gateway Server V2.0 adding a security replica, (DCEDFSNFSSRV200), 3-10 5-30 DCE DFS Utilities and _s_e_c_u_r_i_t_y _r_e_p_l_i_c_a Debugging Tools V2.0 adding, 5-30 (DCEDFSUTIL200), 3-10 _S_e_c_u_r_i_t_y _s_e_r_v_e_r, 3-10, 5-20, DCE Runtime Services, 3-10 5-22 deleting, 2-3 _s_e_r_v_e_r_s loading, 2-4 adding a CDS replica monitoring loading server, 5-26 displays, 4-6 adding a master CDS removing, 2-3, 3-11 server, 5-18 selecting during adding DTS local server to installation, 4-2 cell, 5-34 selecting for loading, _s_e_t_l_d 3-10 -D option, 4-2 verifying installation of, error messages, 3-13 2-8 loading subsets, 2-3 _s_y_s_t_e_m _c_o_n_f_i_g_u_r_a_t_i_o_n using grep command with, saving, 5-7 2-8 _s_y_s_t_e_m _c_o_n_f_i_g_u_r_a_t_i_o_n using to check subset _c_o_m_m_a_n_d_s Index-4 _s_y_s_t_e_m _c_o_n_f_i_g_u_r_a_t_i_o_n _c_o_m_m_a_n_d_s (cont.) clean, 2-9 clobber, 2-11 config, 2-9 exit, 2-11 restart, 2-9 show, 2-9 start, 2-9 stop, 2-9 version, 2-9 _s_y_s_t_e_m _s_t_a_r_t_u_p, 5-14 _s_y_s_t_e_m _s_t_a_r_t_u_p _p_r_o_c_e_d_u_r_e, 2-18 _s_y_s_t_e_m _t_i_m_e setting, 5-6 _T _t_a_i_l _c_o_m_m_a_n_d, 2-15 _t_r_o_u_b_l_e_s_h_o_o_t_i_n_g dcesetup log, 2-15 during installation, 2-15 tail command, 2-15 _U _u_p_g_r_a_d_i_n_g CDS, 5-47 security, 5-46 _u_s_r _f_i_l_e _s_y_s_t_e_m, 3-13 _V _v_e_r_i_f_y_i_n_g _c_o_n_f_i_g_u_r_a_t_i_o_n using show command, 2-20 _v_e_r_i_f_y_i_n_g _s_u_b_s_e_t _i_n_s_t_a_l_l_a_t_i_o_n, 2-8 _W _W_A_N _c_o_n_f_i_g_u_r_a_t_i_o_n, 5-10 _W_o_r_k_s_h_e_e_t, C-1 Index-5