HP_DCE_for_OpenVMS_Alpha_and_OpenVMS_I64____________ Installation and Configuration Guide Order Number: BA361-90001 January 2005 This guide describes the installation procedure and the system configuration utility for the HP Distributed Computing Environment (DCE) for OpenVMS Alpha and OpenVMS I64. Revision/Update Information: This guide supersedes the Compaq DCE for OpenVMS VAX and OpenVMS Alpha Installation and Configuration Guide Version 3.0. Operating System: OpenVMS Alpha Version 7.3-2 or higher OpenVMS I64 Version 8.2 Software Version: HP DCE for OpenVMS Version 3.2 Hewlett-Packard Company Palo Alto, California ________________________________________________________________ © Copyright 2005 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. All Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc., in the U.S. and other countries. Oracle is a US registered trademark of Oracle Corporation, Redwood City, California. OSF and Motif are trademarks of The Open Group in the US and other countries. UNIX is a registered trademark of The Open Group. Microsoft, Windows, Windows NT, and MS Windows are US registered trademarks of Microsoft Corporation. X/Open is a registered trademark, and the X device is a trademark of X/Open Company Ltd. in the UK and other countries. Printed in the US ZK6531 The HP OpenVMS documentation set is available on CD-ROM. _________________________________________________________________ Preface This guide describes the installation procedure and the system configuration utility for the HP Distributed Computing Environment (DCE) for OpenVMS Alpha and OpenVMS Industry Standard 64 (I64) Version 3.2, which consists of the following services: o Remote Procedure Call (RPC) service provides connectivity between individual procedures in an application across heterogeneous systems in a transparent way. o Interface Definition Language (IDL) compiler is required for developing distributed DCE applications. o Threads service provides user-mode control and synchronization of multiple operations. Threads is packaged with the base operating system. o Cell Directory Service (CDS) provides a location- independent method of identifying resources within a cell. A cell is the smallest group of DCE systems that share a common naming and security domain. o DCE Security Service provides authentication and authorization within a cell and is based on MIT's Kerberos private key encryption system. o Distributed Time Service (DTS) provides date and time synchronization within a cell. Four kits are installed: Runtime Services Kit Application Developer's Kit CDS Server Kit Security Server Kit vii The Runtime Services Kit contains the following: o Authenticated CDS Advertiser and Client Support o CDS Browser o CDS Control Program (cdscp) o Authenticated DCE RPC runtime support (supports DECnet, TCP/IP, and UDP) o Authenticated RPC runtime support (supports DECnet, TCP /IP, and UDP via NTLM security protocol on OpenVMS Alpha Version 7.2-1 and higher.) o RTI (Remote Task Invocation) RPC for HPs ACMSxp TP product on OpenVMS Alpha systems o Security Client Support o Integrated Login o A DCE_LOGIN tool for obtaining credentials o A RGY_EDIT tool for registry maintenance functions o KINIT, KLIST, and KDESTROY Kerberos tools o An ACL_EDIT tool for access control lists (ACLs) for DCE objects o RPC Control Program (rpccp) o DCE Control Program (dcecp) o Name Service Interface Daemon (nsid); also known as the PC Nameserver Proxy o Native Kerberos o XDS Directory Services o XDS Object Management The Application Developer's Kit contains the following: o The contents of the Runtime Services Kit o Required DCE application development header files o Interface Definition Language (IDL) compiler o Object-Oriented RPC o Generic Security Service (GSSAPI) viii o LSE Templates for IDL o UUID Generator o The .H (Include) files and .IDL files for application development o Sample DCE applications The CDS Server Kit contains the following: o CDS server (cdsd) o Global Directory Agent (GDA) o PC Name Service Interface Daemon (nsid) The Security Server Kit contains the following: o Security server (secd) o Tool used to create the security database (sec_create_ db) o Security server administrative tool (sec_admin) Keep this document with your distribution kit. You will need it to install maintenance updates or to reinstall HP DCE. Intended Audience This guide is intended for managers of distributed computing environments on one or more systems and installers of the HP DCE for OpenVMS Alpha or OpenVMS I64 Version 3.2. Document Structure This guide is organized as follows: o Chapter 1 describes the requirements and procedures that you must complete before installing the software. o Chapter 2 describes the installation process. o Chapter 3 describes procedures that you must complete after the installation. o Chapter 4 describes the steps necessary to set up a DCE cell, and the DCE system configuration utility for HP DCE for OpenVMS Alpha and OpenVMS I64. ix o Chapter 5 explains how to create a cell and configure the Security server and CDS server on the same system. It also discusses how to configure a client system into an existing DCE cell. o Chapter 6 describes the steps you need to complete to modify a cell configuration. o Appendix A lists the directories and files created by the installation procedure and system configuration utility. o Appendix B contains sample logs of the installation procedure. o Appendix C contains sample logs of the configuration procedure. Related Documents For additional information about HP OpenVMS products and services, visit the following World Wide Web address: http://www.hp.com/go/openvms Reader's Comments HP welcomes your comments on this manual. Please send comments to either of the following addresses: Internet openvmsdoc@hp.com Postal Hewlett-Packard Company Mail OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698 How To Order Additional Documentation For information about how to order additional documentation, visit the following World Wide Web address: http://www.hp.com/go/openvms/doc/order x Conventions VMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references in this document to OpenVMS Clusters or clusters are synonymous with VMSclusters. The following conventions are used in this guide: Ctrl/x A sequence such as Ctrl/x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button. italic text Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER=name), and in command parameters in text (where device- name contains up to five alphanumeric characters). UPPERCASE TEXT Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege. Monospace text Monospace text indicates code examples and interactive screen displays. In the C programming language, monospace text identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example. Case- OpenVMS operating system commands do sensitivity not differentiate between uppercase and lowercase. However, many DCE commands do make this distinction. In particular, the system configuration utility interprets names in a case-sensitive manner. xi 1 _________________________________________________________________ Preparing for Installation This chapter describes the preparations you must make before you install and configure the HP Distributed Computing Environment (DCE) for OpenVMS Alpha and OpenVMS I64 software. HP DCE is an enabling software technology for the development of distributed applications. It provides a variety of common services needed for the development of distributed applications, such as name services and a standard remote procedure call interface. 1.1 Planning for Installation and Configuration This section helps you plan for the installation and configuration of the HP DCE. It presents a brief overview of some concepts that you need to understand before you install and configure HP DCE software. This understanding can help you decide how to configure DCE. Refer to Understanding DCE for detailed explanations of DCE concepts. The installation and configuration procedures set up the DCE environment so that you can use DCE services. Before you can use HP DCE software, you must both install the software and configure DCE on your system. 1.1.1 What Is a Cell? A cell is the basic DCE unit consisting of a group of nodes that share a directory service namespace and a security service registry under a common administration. Usually, the nodes in a cell are in the same geographic area, but cell boundaries are not limited by geography. Although a cell can contain from one to several thousand nodes, each node can belong only to one cell at a time. Preparing for Installation 1-1 Preparing for Installation 1.1 Planning for Installation and Configuration The system configuration utility allows you to join an existing cell. The cell must provide a directory server and a security server. These servers may be resident on the same system or may be running on separate systems. Note that if you rely on DCE time services for time synchronization, by default, you need a minimum of three time servers to synchronize time in a cell. See the section on the DCE Distributed Time Service in the OSF DCE Administration Guide for more information. 1.1.2 Creating a Cell See Chapter 4 for cell configuration guidelines. 1.1.3 Joining a Cell You need the following information to join a DCE cell: o Full cell name o Host name of the DCE Security Server o Security principal name and password authorized to perform cell administration operations o Location of the cell's CDS server (on or not on the same LAN as you are) When the client joining the cell is on the same LAN as the CDS directory master server, the CDS advertiser automatically determines the server's location by using IP (Internet Protocol) broadcast packets. If the CDS master server is not on the LAN, then you need to provide the host name where the CDS master server is running. 1.2 Inspecting the Distribution Kit The Software Bill of Materials (BOM) included with your distribution kit specifies the contents of your distribution kit. Carefully compare the items you received with the items listed in the BOM. If any components are missing or damaged, contact your HP customer service representative before you continue with the installation. The Read Before Installing letter listed on your BOM provides important information that you should be aware of before you install HP DCE. Some of this information may not be included in either this guide or the release notes. 1-2 Preparing for Installation Preparing for Installation 1.2 Inspecting the Distribution Kit HP DCE provides online release notes. Read the release notes before you install the product. They contain information about changes to the product. 1.3 Troubleshooting The HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide includes a chapter on troubleshooting. Read this chapter if you are having installation or configuration problems. For example, the Troubleshooting chapter discusses problems you may encounter with time and time zones. 1.4 Installation Procedure Requirements The following sections discuss the requirements for installing HP DCE. The length of time the installation takes to complete depends on the type of machine, the load on that machine, and the kit you choose to install. 1.4.1 Required Hardware To perform the installation, you need the following hardware: o A processor running OpenVMS I64 Version 8.2 or OpenVMS Alpha Version 7.3-2 or higher. o A software distribution device, if you are installing the software from media. You need a distribution device that corresponds with the software distribution media. ________________________ Note ________________________ Systems running OpenVMS Alpha should have access to a CD-ROM reader so you can install the software. Please check to see that you have a CD-ROM reader installed. ______________________________________________________ Preparing for Installation 1-3 Preparing for Installation 1.4 Installation Procedure Requirements 1.4.2 Required Software This section describes the software that must be installed on an OpenVMS system before you can properly perform the installation, configure the system, or use the software. In cases where the minimum version is not specified, refer to the Software Product Description (SPD) for more information. 1.4.2.1 On OpenVMS Alpha and I64 Systems Before installing HP DCE, you need the following software on your system: o OpenVMS I64 Version 8.2 or OpenVMS Alpha Version 7.3-2 or higher. o DECnet Phase IV or DECnet/OSI DECnet is required only if you run applications that use DECnet as their transport. o HP TCP/IP Services Version 5.0 or higher You must have HP TCP/IP Services installed and configured on each host from which you plan to execute DCE applications. See HP TCP/IP Services for OpenVMS Installation and Configuration for more information about the UDP/IP and TCP/IP transports. If you plan to use MultiNet or TCPware from Process Software (instead of HP's TCP/IP Services for OpenVMS), please see the release notes for more information. o If you are installing the Application Developer's Kit and plan on using the LSE templates, LSE and an appropriate license must be installed before you install DCE. 1.4.3 Time Required for Installation Depending on your configuration, the installation can take from 10 to 30 minutes. 1-4 Preparing for Installation Preparing for Installation 1.4 Installation Procedure Requirements 1.4.4 Disk Space, Global Pages, and Global Sections Required The disk space, global pages, and global sections requirements of HP DCE are different for the DCE Runtime Services Kit (RTK) and for the Application Developer's Kit (ADK). These requirements also differ on OpenVMS Alpha and on OpenVMS I64 systems. Table 1-1 lists the requirements before the installation for each kit on each platform. (Disk space requirements are listed in blocks.) Note that the DCE CDS Server and Security Server images are part of the DCE Kit and are enabled by license PAKs. Table 1-1 Disk Space, Global Pages, and Global Sections __________Requirements_____________________________________ Global Global Kit___________________Disk_Space__Pages_______Sections_____ OpenVMS Alpha RTK 48,000 7350 35 OpenVMS Alpha RTK & 58,000 7350 35 ADK OpenVMS I64 RTK 101,000 17,500 90 OpenVMS I64 RTK & 113,000 17,500 90 ADK________________________________________________________ To determine how much free disk space is on your system disk, enter the following command: $ SHOW DEVICE SYS$SYSDEVICE The system responds with a short table; the column labeled Free Blocks shows the amount of storage space remaining on your system disk. If there is not enough disk space to install or to run HP DCE, work with your system manager to delete and purge files that are no longer needed. To determine the number of free global pages and global sections on your system, enter the following commands: $ WRITE SYS$OUTPUT F$GETSYI("FREE_GBLPAGES") $ WRITE SYS$OUTPUT F$GETSYI("FREE_GBLSECTS") Preparing for Installation 1-5 Preparing for Installation 1.4 Installation Procedure Requirements If the values displayed by the system are greater than the minimum required, your system has adequate free global pages and global sections. If the values are less than the minimum required, use the AUTOGEN command procedure to increase the values, as follows: $ EDIT SYS$SYSTEM:MODPARAMS.DAT For details on using AUTOGEN, see the HP OpenVMS System Manager's Manual. 1.4.5 Privileges and Quotas Required To install HP DCE for OpenVMS Alpha and OpenVMS I64, log in to the system manager account. If you are not logged in to the system manager's account during installation, you must have at least the SETPRV privilege. To determine the privileges you have, enter the following command: $ SHOW PROCESS/PRIVILEGES If you do not have sufficient privileges to install HP DCE, see your system manager. The DCE system management utility requires WORLD privileges for the SHOW command and WORLD, SYSPRV, and CMKRNL privileges for all other commands. You should also check to make sure you have adequate quotas for the installation. You need the following quota values: o ASTLM = 24 o BIOLM = 18 o BYTLM = 18000 o DIOLM = 18 o ENQLM = 30 o FILLM = 20 Use the OpenVMS Authorize Utility if you want to verify and change process quotas for the installation account in the user authorization file (UAF). For example, to change the BYTLM quota for your installation account, enter the following command sequence: 1-6 Preparing for Installation Preparing for Installation 1.4 Installation Procedure Requirements $ RUN SYS$SYSTEM:AUTHORIZE UAF> MODIFY account-name /BYTLM = 18000 UAF> SHOW account-name UAF> EXIT $ LOGOUT After you change the quotas for your installation account, log out of the installation account and log in again for the new quotas to take effect. You can then proceed with the installation. User account quotas are stored in the file SYSUAF.DAT. For more information on modifying account quotas, see the description of the Authorize Utility in the OpenVMS system management documentation. 1.4.6 Completing License Management Facility Requirements If you are installing only the Runtime Services Kit of HP DCE, you do not need a separate license. The right to use the HP DCE Runtime Services Kit is granted with the OpenVMS operating system. The installation procedure for DCE installs the following kits by default without checking for licenses: DCE Runtime Services, CDS Server Kit, and the Security Server Kit. To install the Application Developer's Kit, you must override the installation defaults by answering NO to the following question: Do you want the defaults for all options? [YES] If you are installing the Application Developer's Kit and plan on using LSE templates, LSE and an appropriate license must be installed before you install DCE. To register a license under OpenVMS, first log in to the system manager's account, SYSTEM. Then use either of two ways to perform the registration: o Invoke the SYS$UPDATE:VMSLICENSE.COM procedure. When it prompts you for information, respond with data from your License PAK. o At the DCL prompt, enter the LICENSE REGISTER command with the appropriate qualifiers that correspond to License PAK information. Preparing for Installation 1-7 Preparing for Installation 1.4 Installation Procedure Requirements The license for the Application Developer's Kit is DCE- APP-DEV. The license for the Security Server Kit is DCE- SECURITY. The license for the CDS Server Kit is DCE-CDS. Although it is necessary to have only one license active for this product, the License Management Facility (LMF) checks for the existence of any valid license. If LMF displays license failures for some of these other licenses, disregard the messages. If you plan to use HP DCE on more than one node in a VMScluster environment, you must register and load a license for each of the other nodes before you configure them. For complete information about using LMF, see the HP OpenVMS License Management Utility Manual. 1.4.7 Performing System Backup Back up your system disk before installing any software. Use the backup procedures established at your site. For details on backing up a system disk, see the OpenVMS Backup Utility Manual. 1.4.8 Installing DCE Version 3.2 Over Previous Versions If you are installing HP DCE for OpenVMS Alpha Version 3.2 over a previous version of DCE - V3.0 or V3.1 for OpenVMS Alpha, you do not have to reconfigure DCE after the installation. Before the installation, stop the DCE daemons with the following command: $ @SYS$MANAGER:DCE$SETUP CLEAN Then, after the installation, enter the following command: $ @SYS$MANAGER:DCE$SETUP START 1-8 Preparing for Installation 2 _________________________________________________________________ Installing DCE This chapter describes the installation procedure for HP DCE for OpenVMS Alpha and OpenVMS I64. You can use different media to install HP DCE. The examples in this chapter show the installation procedure using disk files. See Appendix B for logs of sample installations. 2.1 About the OpenVMS Installation Procedure This section gives a brief overview of the OpenVMS installation procedure for HP DCE Version 3.2 called DCE$INSTALL.COM. The OpenVMS installation command has the following format: $ @DKA300:[000000]DCE$INSTALL [HELP] where: o DKA300: is a device name on which the distribution volumes will be mounted. Remember that all Alpha systems come with CD-ROM readers. o DCE$INSTALL is the supplied command procedure that drives the installation. It is not necessary to use the console drive to install DCE. If you do use the console drive, replace any media you remove from the drive. Include the optional parameter HELP if you want PCSI to display help information. When you invoke DCE$INSTALL, it checks the following conditions: o Whether you are logged in to a privileged account. Install software from the system manager's account with your default device and directory set to SYS$UPDATE. Installing DCE 2-1 Installing DCE 2.1 About the OpenVMS Installation Procedure o Whether you have adequate quotas for installation. See Section 1.4.5 for more information on quota values. You can stop the installation at any time by pressing Ctrl /C or Ctrl/Y. However, files created up to that point are not deleted. You must delete these files manually, using the OpenVMS DELETE command. Appendix A lists the files and directories created during the installation procedure. 2.2 Starting the HP DCE Installation Procedure See Section 1.4.2 for more information about software requirements. Start the installation procedure as follows: 1. Log in to the account from which you are installing the HP DCE. 2. If you are installing a kit other than the Runtime Services Kit, make sure you have registered the appropriate LMF PAK. 3. Invoke the following command procedure, substituting the correct name of your media device and directory for DKA300 (used in the example): $ @DKA300:[000000]DCE$INSTALL HELP 2.3 Continuing the Installation This section describes the part of the installation procedure that is specific to DCE. $ @DKA300:[000000]dce$install help Performing DCE pre-installation tasks...please wait. Creating a DCE$SERVER Account If you do not already have a DCE$SERVER account, the installation procedure creates one for you with TMPMBX, NETMBX, DETACH, and SYSPRV privileges. This installation procedure has detected an existing DCE$SERVER account. Correct operation of DCE on this system requires that the DCE$SERVER account have TMPMBX, NETMBX, DETACH and SYSPRV privileges. The installation procedure will modify the DCE$SERVER account to ensure that the prerequisite privileges are present. 2-2 Installing DCE Installing DCE 2.3 Continuing the Installation %UAF-I-MDFYMSG, user record(s) updated The following product has been selected: DEC AXPVMS DCE V3.2 Layered Product [Installed] Do you want to continue? [YES] Configuration phase starting ... You will be asked to choose options, if any, for each selected product and for any products that may be installed to satisfy software dependency requirements. DEC AXPVMS DCE V3.2: DCE V3.2 for OpenVMS Alpha Description of Kits The installation procedure displays information about the four HP DCE kits (Runtime Services Kit, Application Developers' Kit, Security Server Kit, and CDS Server Kit). Depending on the kit, the procedure displays specific information about the kit that will be installed. Greetings! This is DCE V3.2 for OpenVMS Alpha. There are four components: the DCE Runtime Services, the DCE Application Development Kit, the DCE Security Server, and the DCE CDS Server. 1. The Runtime Services provides the core services necessary to execute and manage DCE applications. 2. The Application Development Kit provides the services and tools required to develop, execute, and manage DCE applications. The Runtime Services capability is automatically provided with the Application Development Kit. 3. The security server supplies support for a cell wide security database. A cell must have at least one system running a security server. 4. The CDS server supplies support for a cell wide naming database. A cell must have at least one system running a CDS server. (C) Copyright 2005 Hewlett-Packard Development Company, LP. Installing DCE 2-3 Installing DCE 2.3 Continuing the Installation Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation and Technical Data for Commercial use. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing here in should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. This product uses the following PAKS: DCE-SECURITY, DCE-CDS, DCE-APP-DEV Do you want the defaults for all options? [YES] NO The Application Development Kit is optional and enabled with a PAK. It provides the services and tools required to develop, execute, and manage DCE applications. The Application Development Kit installs: + Required DCE application development header files + Interface Definition Language Compiler (IDL) + Language-Sensitive Editor (LSE) Templates for the Interface Definition Language + Unique User Identifier (UUID) Generator + Sample DCE Applications The Application Development Kit [NO] YES Do you want to review the options? [NO] Execution phase starting ... The following product will be installed to destination: DEC AXPVMS DCE V3.2 DISK$SYSTEM:[VMS$COMMON.] Portion done: 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% The following product has been installed: DEC AXPVMS DCE V3.2 Layered Product *** DCE Product installation successful...beginning post-installation. The rights identifier NET$DECLAREOBJECT will now be granted to the DCE$SERVER account. You may IGNORE the message: 2-4 Installing DCE Installing DCE 2.3 Continuing the Installation "%UAF-E-GRANTERR, unable to grant identifier NET$DECLAREOBJECT to DCE$SERVER-SYSTEM-F-DUPIDENT, duplicate identifier" if it should occur. Press return to Continue %UAF-E-GRANTERR, unable to grant identifier NET$DECLAREOBJECT to DCE$SERVER-SYSTEM-F-DUPIDENT, duplicate identifier Installing Language Sensitive Editor (LSE) Templates for IDL If you are installing DCE on a cluster on which the Language Sensitive Editor (LSE) is installed, the system or the user must have a license to run LSE in order for DCE to install the LSE templates for the Interface Definition Language (IDL) compiler. Type YES to the following question if you have a license to run LSE. Load the Language-Sensitive Editor (LSE) templates for IDL? [Y]: NO NOTE: Please add the following to your system's SYS$MANAGER:SYLOGIN.COM. These files define foreign commands for using DCE on OpenVMS. $ @SYS$MANAGER:DCE$DEFINE_REQUIRED_COMMANDS.COM $ @SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM Selecting a TCP/IP Product You are now asked to update SYS$STARTUP:SYSTARTUP_VMS.COM and choose a TCP/IP product. Please add the following command to SYS$STARTUP:SYSTARTUP_VMS.COM on your system. This ensures that DCE$STARTUP.COM is executed at system boot. The parameters supplied to DCE$STARTUP.COM depend on the specific TCP/IP product you intend to use. You will now be asked to select the name of this TCP/IP product, and the installation will supply you with the correct command for SYS$STARTUP:SYSTARTUP_VMS.COM. TCP/IP product Keyword HP's TCP/IP Services for OpenVMS UCX Multinet from TGV MULTINET TCPware from Process Software TCPWARE No TCP/IP Available at this time NONE Enter one of the keywords from the table above [UCX]: Installing DCE 2-5 Installing DCE 2.3 Continuing the Installation See the release notes for more information on UCX, MultiNet and TCPware. Enter $ @SYS$STARTUP:DCE$STARTUP in your SYS$STARTUP:SYSTARTUP_VMS.COM %DCE-S-INSTALL, Installation of OpenVMS DCE V3.2 completed 2.4 Installing on a VMScluster On a VMScluster with a common system disk, you need only install HP DCE once. After the initial installation, ensure that a separate license is registered and loaded on each cluster member that you plan to use for DCE services. If you are installing DCE for OpenVMS over an existing version of DCE on a common system disk in a VMScluster environment, be sure to shut down DCE on all nodes that share the common system disk before the installation. ________________________ Note ________________________ You must configure each node separately. ______________________________________________________ To configure each node separately, enter the following command on each node: $ @SYS$MANAGER:DCE$SETUP.COM CONFIG If you are installing HP DCE on a VMScluster that does not have a common system disk, you must install the software on each node and configure each node that you plan to use for DCE services. 2-6 Installing DCE 3 _________________________________________________________________ Postinstallation Procedures This chapter describes postinstallation steps that you need to take and lists ways to recover from errors that you encounter during the installation. 3.1 Postinstallation Tasks After the installation is completed successfully, note the following. 1. DCE Version 3.2 provides support for the RPC runtime environment and RPC applications (which are not dependent on DCE services) to remain active when DCE is shut down. This requires the use of separate startup files: SYS$STARTUP:DCE$RPC_STARTUP.COM and SYS$STARTUP:DCE$STARTUP.COM. On OpenVMS Alpha Version 7.2 and higher and on OpenVMS I64 Version 8.2, the RPC runtime environment files are shipped with the operating system. When installing DCE Version 3.2 on OpenVMS Alpha Version 7.3-2, you MUST install the latest RPC Kit for 3.2 or an Operating System Update Kit that contains the 3.2 RPC Runtime files. If you want all of the configured DCE services to start with the system startup, add the following line to SYS$MANAGER:SYSTARTUP_VMS.COM after the startup commands for the network transports, DECnet, and/or HP TCP/IP services: $ @SYS$STARTUP:DCE$STARTUP.COM If you want only the RPC runtime environment to start with the system startup, add the following line to SYS$MANAGER:SYSTARTUP_VMS.COM: $ @SYS$STARTUP:DCE$RPC_STARTUP.COM Postinstallation Procedures 3-1 Postinstallation Procedures 3.1 Postinstallation Tasks It is not necessary to run both procedures. Invoking DCE$STARTUP.COM will first start the RPC Runtime, then the DCE services. See Chapter 4 for more information about configuring DCE. 2. Depending on your choice for system startup, add the following commands to SYS$MANAGER:SYSHUTDOWN.COM before the shutdown commands for the network transports, DECnet, and/or HP TCP/IP services: o If you have configured DCE services on your system: $ @SYS$STARTUP:DCE$SHUTDOWN.COM o If you have the RPC runtime environment only: $ @SYS$STARTUP:DCE$RPC_SHUTDOWN.COM NOCONFIRM If DCE$SHUTDOWN.COM is added to the system shutdown file, it will prompt you for a password before shutting down DCE. This will delay the shutdown until the password is specified. 3. Configure this node by entering the following command: $ @SYS$MANAGER:DCE$SETUP CONFIG You must configure the DCE services before you can use them. See Chapter 5 for more information about configuring DCE. 4. If you are running DCE server applications that are listening over the DECnet Phase IV (ncacn_dnet_nsp) protocol or the DECnet/OSI (ncacn_osi_dna) protocol, you must grant the NET$DECLAREOBJECT rights identifier to those processes from which the server runs. 5. Define foreign commands. There are two foreign command definition files: one file contains required commands and the other file is optional. Add the following line to the file SYS$MANAGER:SYLOGIN.COM: $ @SYS$MANAGER:DCE$DEFINE_REQUIRED_COMMANDS.COM DCE$DEFINE_REQUIRED_COMMANDS.COM, the required command definition file, defines the following foreign commands: o acl_edit, which invokes the ACL editor (Security) 3-2 Postinstallation Procedures Postinstallation Procedures 3.1 Postinstallation Tasks o cdscp, which invokes the CDS control program o chpass, which invokes the DCE change password utility o dce$uaf, which invokes the DCE Integrated Login User Authorization File utility o dtscp, which invokes the DTS control program o dce$export, which invokes the DCE Integrated Login EXPORT utility o dce$import, which invokes the DCE Integrated Login IMPORT utility o dce_config, which invokes the DCE configuration utility o dce_setup, which invokes the DCE configuration utility o dcecp, which invokes the DCE control program o dtscp, which invokes the DCE Time Control program o dce_login, which validates a principal's identity and obtains network credentials (Security) o kdestroy, which destroys a principal's login context (Security) o kinit, which obtains a ticket-granting ticket (Security) o klist, which lists tickets (Security) o rgy_edit, which invokes the registry database editor (Security) o rpccp, which invokes the RPC Control Program o sec_admin, which invokes the DCE Security Administration utility If you choose not to execute this command definition file, you cannot use any of the previous programs and commands. DCE$DEFINE_OPTIONAL_COMMANDS.COM, the optional command definition file, is installed with the Application Development kit and defines the following foreign commands: Postinstallation Procedures 3-3 Postinstallation Procedures 3.1 Postinstallation Tasks o idl, which invokes the IDL compiler o rpclm, which invokes the RPC Log Manager o uuidgen, which invokes the UUID generator utility By default, these utilities use DCL-style interfaces. If you execute the optional foreign commands file, you have access to the version of these utilities that uses the universal interface. There are three possible actions that you can take: o Define the universal interface for all users on your system to ensure that the same interface is available to users across operating system platforms. Note that all examples that document these four utilities use the universal interface. Include the following line in the file SYS$MANAGER:SYLOGIN.COM: $ @SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM o Give users access to only the DCL-style interface. In this case, you do not need to take any action. o Make the DCL-style interface available to some users, but allow others access to the universal interface. Do not define the optional commands in SYLOGIN.COM. Tell users who want to use the universal interface to include the following line in their account's LOGIN.COM procedure: $ @SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM 6. If you are installing DCE on a VMScluster, you must take the following steps: a. Ensure that a license is registered and loaded on each node in the cluster from which users plan to use DCE. (If you are installing only the HP DCE Runtime Services Kit, you already have a right to use the DCE Runtime Services Kit. This right was granted with the OpenVMS operating system license.) b. Configure each node in the cluster from which users plan to use DCE by entering the following command: $ @SYS$MANAGER:DCE$SETUP CONFIG 3-4 Postinstallation Procedures Postinstallation Procedures 3.2 Installation Error Recovery 3.2 Installation Error Recovery The following list describes errors that you may encounter during installation and provides suggestions about how to recover from those errors: o You try to install the OpenVMS I64 kit on an OpenVMS Alpha system (or vice versa). Reinstall with the correct kit. o The system does not have the required version of OpenVMS installed. Upgrade the operating system to at least the minimum required version and restart the installation procedure. o You run out of disk space. Either clean up your disk or install less of the kit. o If you plan to run DCE applications by IP, you must have TCP/IP Version 5.0 installed. Install the correct version of UCX. The installation procedure checks for the prerequisites. o No network transports were found. You must install and configure DECnet, UCX, or both before running any DCE applications. o SYS$SYSTEM:RIGHTSLIST.DAT does not exist on this system. RUN AUTHORIZE and then issue the CREATE/RIGHTS command. RIGHTSLIST.DAT is created for you. o Invalid UIC. Find and enter the correct UIC in the correct format. Postinstallation Procedures 3-5 4 _________________________________________________________________ Configuring a DCE Cell This chapter describes the steps necessary to set up a DCE cell, and the DCE system configuration utility for HP DCE for OpenVMS Alpha and OpenVMS I64. Note that DCE must be configured. 4.1 Overview of the DCE Cell A cell is the basic DCE unit. It is a group of networked systems and resources that share common DCE services. Usually, the systems in a cell are in the same geographic area, but cell boundaries are not limited by geography. A cell can contain from one to several thousand systems. The boundaries of a cell are typically determined by its purpose, as well as by security, administrative, and performance considerations. A DCE cell is a group of systems that share a namespace under a common administration. The configuration procedure allows you to configure your system as a DCE client, create a new DCE cell, add a master Cell Directory Service (CDS) server, add a replica CDS server, and add a Distributed Time Service (DTS) local server. When you create a new cell, you automatically configure a Security server. You do not need to create a DCE cell if you are using only the DCE Remote Procedure Call (RPC) and if your applications use only explicit RPC string bindings to provide the binding information that connects server to clients. If there are other systems in your network already using DCE services, it is possible there may be an existing cell that your system can join. If you are not sure, consult your network administrator to find out which DCE services may already be in use in your network. Configuring a DCE Cell 4-1 Configuring a DCE Cell 4.1 Overview of the DCE Cell At a minimum, a cell configuration includes the DCE Cell Directory Service, the DCE Security Service, and the DCE Distributed Time Service. One system in the cell must provide a DCE Directory Service server to store the cell namespace database. You can choose to install both the Cell Directory Server and the Security Server on the system from which you invoked the procedure, or you can split the two servers and put them on different systems. ________________________ Note ________________________ You must run the installation and configuration procedures on the system where you are creating a cell before you install and configure DCE on the systems that are joining the cell. ______________________________________________________ 4.1.1 Creating a Cell All DCE systems participate in a cell. If you are installing DCE and there is no cell to join, the first system on which you install the software is also the system on which you create the cell. Remember that this system is also the DCE Security Server. You can also make this system your Cell Directory Server. When you create a cell, you must name it. The cell name must be unique across your global network. The name is used by all cell members to indicate the cell in which they participate. The configuration procedure provides a default name that is unique and is easy to remember. If you choose a name other than the default, the name must be unique. If you want to ensure that separate cells can communicate, the cell name must follow BIND or X.500 naming conventions. 4.1.2 Joining a Cell Once the first DCE system is installed and configured and a cell is created, you can install and configure the systems that join that cell. During configuration, you need the name of the cell you are joining. Ask your network administrator for the cell name. 4-2 Configuring a DCE Cell Configuring a DCE Cell 4.1 Overview of the DCE Cell 4.1.3 Defining a Cell Name You need to define a name for your DCE cell that is unique in your global network and is the same on all systems that participate in this cell. The DCE naming environment supports two kinds of names: global names and local names. All entries in the DCE Directory Service have a global name that is universally meaningful and usable from anywhere in the DCE naming environment. All Directory Service entries also have a cell-relative name that is meaningful and usable only from within the cell in which that entry exists. If you plan to connect this cell to other DCE cells in your network either now or in the future, it is important that you choose an appropriate name for this cell. You cannot change the name of the cell once the cell has been created. If you are not sure how to choose an appropriate name for your DCE cell, consult Chapter 9 of the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide, or the section on global names in the OSF DCE Administration Guide - Introduction. Before you can register the cell in X.500, you must ensure that the HP X.500 Directory Service kit is installed on your CDS server. HP recommends that you use the following convention to create DCE cell names: the Internet name of your host system followed by the suffix - cell, followed by the Internet address of your organization. For example, if the Internet name of your system is myhost, and the Internet address of your organization is smallco.bigcompany.com, your cell name, in DCE syntax, would be myhost- cell.smallco.bigcompany.com. This convention has the following benefits: o The Internet name of your host is unique in your network, so if all DCE users in your network follow this convention, your cell name will also be unique. o It clearly identifies the system on which the writable copy of the root directory of the cell namespace is located. o It does not prohibit intercell communication with outside organizations. o It is easy to remember. Configuring a DCE Cell 4-3 Configuring a DCE Cell 4.1 Overview of the DCE Cell If there is already a cell name defined in a previously existing DCE system configuration, do not change it unless you are removing this system from the cell in which it is currently a member and you are joining a different cell. When the configuration procedure prompts you for the name of your DCE cell, type the cell name without the /.../ prefix; the prefix is added automatically. For example, if the full global name selected for the cell, in DCE name syntax, is /.../myhost-cell.smallco.bigcompany.com, enter myhost-cell.smallco.bigcompany.com. 4.1.4 Defining a Host Name You need to define a name for your system that is unique within your DCE cell. You should use the default host name, which is the Internet host name (the name specified before the first dot(.)). The following example shows the default host name derived from the Internet name of myhost.mycompany.com. Please enter your DCE host name [myhost]: 4.1.5 Intercell Naming Using DNS This section provides tips on defining a cell name in the Domain Name System (DNS). Names in DNS are associated with one or more data structures called resource records. The resource records define cells and are stored in a data file. For TCP/IP Services for OpenVMS, this file is called SYS$SPECIFIC:[TCPIP$BIND].DB. If you are using a UNIX DNS Bind server, it is called /etc/namedb/hosts.db. To create a cell entry, you must edit the data file and create two resource records for each CDS server that maintains a replica of the cell namespace root. The following example shows a cell called ruby.axpnio.dec.com. The cell belongs to the BIND domain axpnio.dec.com. Host alo010.axpnio.dec.com is the master CDS server for the ruby.axpnio.dec.com cell. The BIND server must be authoritative for the domains of the cell name. The BIND master server requires the following entries in its data file: 4-4 Configuring a DCE Cell Configuring a DCE Cell 4.1 Overview of the DCE Cell alo010.axpnio.dec.com I A 25.0.0.149 ruby.axpnio.dec.com IN MX 1 alo010.axpnio.dec.com ruby.axpnio.dec.com IN TXT "1 c8f5f807-487c-11cc-b499-08002b32b0ee Master /.../ruby.azpnio.dec.com/alo010_ch c84946a6-487c-11cc-b499-08002b32b0ee alo010.axpnio.dec.com" ________________________ Note ________________________ TXT records must span only one line. The third entry above incorrectly occupies three lines to show the information included in the TXT record. You need to do whatever is required with your text editor of choice to ensure this. Widening your window helps. You should also ensure that the quotes are placed correctly and that the host name is at the end of the record. ______________________________________________________ The information to the right of the TXT column in the Hesiod Text Entry (that is, 1 c8f5f807-48...) comes directly from the cdscp show cell /.: as dns command. For example, to obtain the information that goes in the ruby.axpnio.dec.com text record (TXT), you would go to a host in the ruby cell, and enter the cdscp show cell /.: as dns command. Then, when the system displays the requested information, cut and paste this information into the record. This method ensures that you do not have any typing errors. To ensure that the records that you have entered are valid, restart the DNS Bind server process. 4.1.6 Intercell Naming Using LDAP/X.500 This section provides tips on defining a cell name in LDAP /X500. The cells that will communicate using intercell must be part of the same LDAP/X500 namespace. This is true only if they share a common root in the namespace tree. For example, the cells /c=us/o=hp/ou=laser-cell and /c=us/o=hp /ou=ruby-cell share the root /c=us/o=hp, and would be able to participate in intercell communications. Configuring a DCE Cell 4-5 Configuring a DCE Cell 4.1 Overview of the DCE Cell If your cell is part of an X.500 namespace, answer Yes to the question "Do you want to register the DCE cell in X.500?". If your cell is part of an LDAP namespace, answer Yes to the question "Do you want to register the DCE cell in LDAP?". Additional information about Intercell operations can be found in Chapter 9 of the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide. 4.2 The DCE System Configuration Utility - DCE$SETUP.COM The DCE$SETUP command procedure begins the configuration process. Many of the system configuration utility prompts have default values associated with them. The default responses are based on your existing configuration, if you have one. Otherwise, default values for the most common DCE system configurations are provided. At each prompt, press RETURN to take the default displayed in brackets, type a question mark (?) for help, or supply the requested information. The system configuration utility sets up the DCE environment on your node so that you can use DCE services. The system configuration utility leads you through the process of creating or joining a cell. ________________________ Note ________________________ If you are installing HP DCE for OpenVMS Alpha Version 3.2 over a previous version of DCE - V3.0 or V3.1 for OpenVMS Alpha, you do not have to reconfigure DCE after the installation. Before the installation, stop the DCE daemons with the following command: $ @SYS$MANAGER:DCE$SETUP CLEAN Then, after the installation, enter the following command: $ @SYS$MANAGER:DCE$SETUP START You must configure if you are installing DCE for the first time. ______________________________________________________ 4-6 Configuring a DCE Cell Configuring a DCE Cell 4.2 The DCE System Configuration Utility - DCE$SETUP.COM 4.2.1 Configuring LDAP, NSI, and GDA The Lightweight Directory Access Protocol (LDAP) provides access to the X.500 directory services without the overhead of the full Directory Access Protocol (DAP). The simplicity of LDAP, along with the powerful capabilities it inherits from DAP, makes it the defacto standard for Internet directory services and for TCP/IP. Inside a cell, a directory service is accessed mostly through the name service interface (NSI) implemented as part of the run-time library. Cross-cell directory service is controlled by a global directory agent (GDA), which looks up foreign cell information on behalf of the application in either the Domain Naming Service (DNS) or X.500 database. Once that information is obtained, the application contacts the foreign CDS in the same way as the local CDS. Once LDAP is configured, applications can request directory services from either CDS or LDAP or both. LDAP is provided as an optional directory service that is independent of CDS and duplicates CDS functionality. LDAP is for customers looking for an alternative to CDS that offers TCP/IP and Internet support. With LDAP directory service available, GDA can look up foreign cell information by communicating through LDAP to either an LDAP-aware X.500 directory service or a standalone LDAP directory service, in addition to DNS and DAP. Note that DCE for OpenVMS provides it's own client implementation of LDAP. Prior to installing DCE, a DCE administrator must obtain LDAP server software and install it as an LDAP server in the environment. Next, a DCE administrator must choose LDAP during the DCE installation and configuration procedure and intentionally configure LDAP directory service for a cell. Configuring a DCE Cell 4-7 Configuring a DCE Cell 4.2 The DCE System Configuration Utility - DCE$SETUP.COM 4.2.2 Kerberos 5 Security The DCE authentication service is based on Kerberos 5. The Kerberos Key Distribution Center (KDC) is part of the DCE Security Server secd. The authorization information that is created by the DCE for OpenVMS privilege server is passed in the Kerberos 5 ticket's authorization field. DCE provides a Kerberos configuration program (DCE$KCFG.EXE) to assist in the interoperability between DCE Kerberos and standard Kerberos. To find out more information about the kcfg program, use the following two commands. To display individual command switches and their arguments enter: kcfg -? To display a short description of the command and what it does enter: kcfg -h This provides information on the configuration file management, principal registration, and service configuration. ________________________ Note ________________________ The dcesetup configuration script sets all tickets as forwardable, a default value. If tickets are not set as forwardable, the Kerberos Distribution Center (KDC) server does not provide authentication and authorization information to the telnet process. The command, kinit -f, marks tickets as forwardable. ______________________________________________________ All machines within a cell that plan to use Kerberos- enabled tools need to check and possibly modify the registry and the krb5 configuration with the kcfg executable. To make sure that Kerberos Version 4 interoperates with Kerberos Version 5, an administrator can use the kcfg -k command to change krb.conf entries. This command needs to be entered on each machine in the cell. 4-8 Configuring a DCE Cell Configuring a DCE Cell 4.2 The DCE System Configuration Utility - DCE$SETUP.COM The registry must contain a principal entry that describes the host machine of the KDC server. This principal entry is of the form host/. The principal and the associated keytable entry can be created with kcfg -p. This verifies that the host entry exists; if not, it creates the host entry. 4.2.3 Starting the System Configuration Utility You must be logged in as a privileged user. The SHOW command requires only NETMBX and TMPMBX privileges. All other commands require WORLD, SYSPRV, CMKRNL, and SYSNAM privileges. The CONFIG command requires BYPASS privileges. You can use the same command to perform an initial configuration or to reconfigure DCE. See the Appendix for several sample configurations. To start the system configuration utility, at the DCL prompt enter the following command: $ @SYS$MANAGER:DCE$SETUP The DCE System Management Main Menu appears: DCE System Management Main Menu DCE for OpenVMS Alpha V3.2 1) Configure Configure DCE services on this system 2) Show Show DCE configuration and active daemons 3) Stop Terminate all active DCE daemons 4) Start Start all DCE daemons 5) Restart Terminate and restart all DCE daemons 6) Clean Terminate all active DCE daemons and remove all temporary local DCE databases 7) Clobber Terminate all active DCE daemons and remove all permanent local DCE databases 8) Test Run Configuration Verification Program 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: Enter 1 to view the DCE Configuration Menu. To skip the previous menu and go directly to the DCE Configuration Menu, enter the following command: $ @SYS$MANAGER:DCE$SETUP CONFIG Configuring a DCE Cell 4-9 Configuring a DCE Cell 4.2 The DCE System Configuration Utility - DCE$SETUP.COM For information on how to configure a DCE cell or how to add a client, see Chapter 5. For information on modifying an existing configuration, see Chapter 6. 4-10 Configuring a DCE Cell 5 _________________________________________________________________ Configuring DCE This chapter explains how to create a cell and configure the Security server and CDS server on the same system. It also discusses how to configure a client system into an existing DCE cell. 5.1 DCE System Management Command Procedure Starting from DCE Version 3.0 onwards, the DCE system management command procedure SYS$MANAGER:DCE$SETUP.COM has been changed. These changes are described in the following sections. An RPC only configuration can be started with the startup command procedure described in the next section. DCE$SETUP stops RPCD during configuration. In DCE for OpenVMS Version 1.5, DCE$SETUP was modified not to stop RPCD. Changes in the DCE daemons required reverting to the previous behavior. DCE$SETUP.COM has been rewritten to add the new functionality for DCE R1.2.2, and to more closely match the configuration program for DCE for Tru64 UNIX. 5.1.1 Starting and Stopping the RPC Daemon The RPC daemon can be started and stopped with the command files DCE$RPC_STARTUP.COM and DCE$RPC_SHUTDOWN.COM. These files are located in SYS$COMMON:[SYSMGR]. To start the RPC daemon, execute DCE$RPC_STARTUP.COM. You can specify the following option: [NO]CONFIRM Turns user prompting on or off. CONFIRM is the default. To stop the RPC daemon, execute DCE$RPC_SHUTDOWN.COM. You can specify the following options in any order: Configuring DCE 5-1 Configuring DCE 5.1 DCE System Management Command Procedure [NO]CONFIRM Turns user prompting on or off. CONFIRM is the default. CLEAN Deletes all entries from the RPC endpoint database. ________________________ Note ________________________ Do not stop the RPC daemons if any RPC applications are running on the system. ______________________________________________________ 5.1.2 Limiting RPC Transports The RPC daemon can limit the protocols used by RPC applications. To restrict the protocols that can be used, set a logical name RPC_SUPPORTED_PROTSEQS to contain the valid protocols separated by a colon. Valid protocols are ncadg_ip_udp, ncacn_ip_tcp, and ncacn_dnet_nsp. For example: $ DEFINE RPC_SUPPORTED_PROTSEQS "ncadg_ip_udp:ncacn_ip_tcp" This prevents applications and servers from registering endpoints that utilize DECnet. 5.1.3 Logical Names Created During Configuration The configuration process creates the following logical names: ___________________________________________________________ Logical_Name__________Description__________________________ DCE Defines a search list pointing to directories SYS$COMMON:[DCE$LIBRARY] and SYS$LIBRARY. These directories contain the Application Developer's Kit include files and other files for creating DCE applications. DCE$COMMON,DCE_ Points to the directory COMMON SYS$COMMON:[DCELOCAL]. This directory holds DCE-specific files common to all DCE hosts in a cluster. DCE$LOCAL,DCE_LOCAL Points to the directory DCE$SPECIFIC:. This directory defines the top of the DCE directory hierarchy. 5-2 Configuring DCE Configuring DCE 5.1 DCE System Management Command Procedure ___________________________________________________________ Logical_Name__________Description__________________________ DCE$SPECIFIC Points to the directory SYS$SPECIFIC:[DCELOCAL]. This directory is for internal use only. DCE$SYSROOT Points to the directories DCE$SPECIFIC:, DCE$COMMON:. This logical is used to find DCE files that may be in either system-specific or cluster-general trees. TCL_LIBRARY Points to the directory DCE_COMMON /TCL (UNIX file syntax). This directory holds files that allow the TCL interface to the DCE command ______________________line_programs_to_function.___________ The logical names with a dollar sign in them define VMS style directory syntax. The logical names with underscores in them define UNIX style directory syntax (for use by various DCE internal applications). 5.1.4 Configuring on a VMScluster You must configure each node in a VMScluster separately by entering the following command on each node: $ @SYS$MANAGER:DCE$SETUP CONFIG 5.2 Overview of New Cell Configuration To configure a new cell, you must complete the following steps: 1. To begin your initial cell creation and server configuration, invoke the DCE configuration utility. 2. If you are creating a new cell or adding a CDS server, choose option 6 (Terminate all active DCE daemons and remove all temporary local DCE databases) to stop the DCE daemons in a controlled manner. Be sure to back up your security and CDS databases before proceeding if this has not been done. Configuring DCE 5-3 Configuring DCE 5.2 Overview of New Cell Configuration 3. Choose option 1 from the DCE Setup Main Menu to configure DCE services on your system. You must have system privileges to modify the DCE system configuration. The procedure displays the following menu: DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: Table 5-1 provides descriptions of the options available on the DCE Configuration Menu. Table_5-1_Configuration_Menu_Options_______________________ Option______Description____________________________________ Client Provides full DCE RPC services, client services for CDS and Security, and optional time services. A DCE client system must join an existing DCE cell with a security registry and a CDS master server available on other systems in the cell. New Cell Provides full DCE RPC services, a security registry server for the cell, a CDS master server, a DTS server, and the NSI agent for name service independent access to directory services from PC client systems. There can be only one security registry and CDS master server in a cell, although they need not reside on the same host. (continued on next page) 5-4 Configuring DCE Configuring DCE 5.2 Overview of New Cell Configuration Table_5-1_(Cont.)_Configuration_Menu_Options_______________ Option______Description____________________________________ CDS Server Provides a DCE client system with a CDS master server added. This option is used if a split server configuration is desired, and the new cell (on another system) was configured without a CDS master server. Modify Provides a submenu of additional configuration options that are available after the initial configuration has completed. RPC_Only Provides a subset of the DCE RPC services. If DCE is installed on an OpenVMS Alpha system running Version 7.2-1 or higher, NTLM security may be utilized for authenticated RPC requests. With an RPC only configuration, there are no RPC name service interface routines available. This configuration will, however, allow applications to communicate if full string bindings are supplied by the RPC client, or if the client requests the port number to complete the partial string binding from the end point ____________mapper_(DCED_daemon).__________________________ 4. Choose option 2 to create a new DCE cell. 5. At each prompt, you can press RETURN to take the default displayed in brackets or enter a question mark (?) for help. When prompted, select a cell name and a host name; the name is used again when you configure DCE client systems. 6. The configuration utility asks if you want to configure the host as a CDS server. Answer Y to configure the CDS and security servers on the same system. Answer N to perform a split server installation in which you configure the security server on the current host and the CDS server on a different host. 7. If you answered Y to configure the CDS and security servers on the same system, the utility asks: Will there be any DCE pre-R1.1 CDS servers in this cell? (YES/NO/?) [N]: Configuring DCE 5-5 Configuring DCE 5.2 Overview of New Cell Configuration If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or lower (equivalent to HP DCE for OpenVMS Version 1.5 or lower), you should answer Y. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This setting disables the use of OSF DCE Release 1.1 features such as alias cells, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on HP DCE for OpenVMS Version 3.0 (or higher) and based on OSF DCE Release 1.1 (or higher), answer N. The configuration utility sets the directory version number to 4.0 for compatibility with HP DCE for OpenVMS Version 3.0 CDS servers (OSF DCE Releases 1.2.2). This enables the use of OSF DCE Release 1.1 features such as alias cells, CDS delegation ACLs, and so on, and OSF DCE Release 1.2.2 features. Once the directory version is set to 4.0, you cannot set it back to 3.0. 8. You are prompted to confirm the system time; it is important that you check the current time before you respond. 9. The configuration utility will prompt for the Domain Name and DNS server address. 10.If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. 5-6 Configuring DCE Configuring DCE 5.2 Overview of New Cell Configuration Should this node accept time from DECdts servers? (YES/NO/?) [N]: Do you want this system to be a DTS Server (YES/NO/?) [Y]: Do you want this system to be a DTS Global Server (YES/NO/?) [N]: Does this cell use multiple LANs? (YES/NO/?) [N]: Answer the questions appropriately. 11.The configuration utility asks if you want to run the MIT Kerberos 5 services on this machine. A Y answer runs the configuration utility. Do you intend to run MIT Kerberos 5 services on this machine? (YES/NO/?) [N] 12.The configuration utility asks if you want to configure the LDAP name service on this system. A yes answer prompts the question, "Do you want to configure the system as an LDAP client?" and requires that you enter further information regarding LDAP services. Do you want to configure the LDAP name service? (YES/NO/?) [N]: 13.The configuration utility asks if you want to configure gdad to use LDAP. (gdad is the daemon for Global Directory Agent.) Do you want to configure gdad to use LDAP? (YES/NO/?) [N]: 14.Next, the screen displays your selections and asks whether to save them as your DCE system configuration. Answer Y. 15.All previous temporary and permanent DCE databases and configuration files are now removed prior to starting the new configuration. 16.The configuration utility asks you to enter some random keystrokes in order to supply a keyseed for the security server. *********************************************************************** * Starting the security server requires that you supply * * a `keyseed.' When asked for a `keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * *********************************************************************** Enter keyseed for initial database master key: Configuring DCE 5-7 Configuring DCE 5.2 Overview of New Cell Configuration 17.The configuration utility asks you to enter the password for the cell_admin account, and asks for confirmation. Please type new password for cell_admin (or `?' for help): Type again to confirm: 18.The DCE daemons are started and configuration information is set up. After the dts daemon is started, you are prompted to run the DCE Configuration Verification Program (CVP). Press RETURN to start the CVP. 19.To verify that all requested services are configured, choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu. The screen displays all configured DCE services and active DCE daemons. You have completed creating a cell. 5.3 Configuring Your System as a DCE Client with Run-Time Services If you want to add your system to an existing cell, choose option 1 (Configure this system as a DCE Client) from the Configuration Choice Menu. This option configures the run- time services subset on your system. ________________________ Note ________________________ During the initial DCE client configuration, the client software may have problems locating the Cell Directory Service server if the Internet protocol netmask for your client machine is not consistent with the netmask used by other machines operating on the same LAN segment. You might need to consult your network administrator to determine the correct value to use as a netmask on your network. ______________________________________________________ When you choose option 1, the procedure displays the following messages: 5-8 Configuring DCE Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services Starting DCE client configuration . . . At each prompt, enter your response. You may enter RETURN for the default response, displayed in [brackets], or `?' for help. Entering a CONTROL-Z will terminate this configuration request. Press RETURN to continue . . . Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC-ID, identification of created process is 2380A9A6 Starting RPC & Security Client Services daemon (DCE$DCED) . . . % RUN-S-PROC-ID, identification of created process is 238110A8 The configuration utility asks whether to search the LAN for known cells within the broadcast range of your system. Would you like to search the LAN for known cells? (YES/NO/?) [Y]: If you know the name of your DCE cell, answer N. As prompted, supply the name of your DCE cell, your DCE host name, and the host name of your cell's master CDS server. You also need to specify whether your host can broadcast to the host where the master CDS server is installed. Answer Y to see a list of available DCE cells. As prompted, supply your DCE host name. At the next prompt, supply the appropriate DCE cell name from the list. Gathering list of currently accessible cells (please wait) Please enter your DCE hostname [dcehost]: The following cells were discovered within broadcast range of this system: Buster-cell Kauai-cell Myhost-cell Tahoe-cell Please enter the name of your DCE cell [buster-cell]: If you do not know the name of the cell you want to join, consult your network administrator. Do not add the /.../ prefix to the cell name; the procedure automatically adds it. Configuring DCE 5-9 Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services The prompt might contain a cell name that is the last configured cell name for this host or the first cell name from the alphabetical list of available cells. If you enter a cell name that is not on the list of cell names, the procedure assumes you are performing a WAN configuration, and asks you whether the CDS server is located on the same LAN or subnet. Is the CDS Master Server within broadcast range (YES/NO/?) [N]: After you enter your cell name, the procedure continues, displaying information similar to the following, but dependent on your configuration: Terminating RPC Services/Dce Security Client daemon (DCE$DCED) . . . *** RPC (DCED) shutdown successful *** Starting RPC & Security Client Services daemon (DCE$DCED) . . . % RUN-S-PROC-ID, identification of created process is 238110B0 Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . % RUN-S-PROC-ID, identification of created process is 238110B1 Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . % RUN-S-PROC-ID, identification of created process is 238110B2 Could not find security master using dcecp registry show Attempting to locate security server Found security server Creating dce$local:[etc.security]pe_site.; file Checking local system time Looking for DTS servers in the LAN profile Looking for Global DTS servers in this cell Found DTS server The local system time is: Wed October 13 12:01:14 1999 Is this time correct? (y/n): Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, answer N, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, answer Y, and the procedure resumes. 5-10 Configuring DCE Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system. You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (YES/NO/?) [N]: Answer Y to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you answer N, this system accepts time only from DCE time servers. If DECnet/OSI is not installed on your system, the configuration utility omits the previous DECdts questions and instead, asks: Do you need the Distributed Time Service (YES/NO/?) [Y]: Answer Y to configure the host as a DTS client. The configuration utility asks if you want to run the MIT Kerberos 5 services on this machine. An answer of Y runs the configuration utility. Do you intend to run MIT Kerberos 5 services on this machine? (YES/NO/?) [N]: After you respond to the prompt, the procedure stops the CDS advertiser and clerk and asks you to perform a dce_ login operation, as follows: Terminating CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . Terminating CDS Name Service Client daemon (DCE$CDSCLERK) . . . Please enter the principal name to be used [cell_admin]: Please enter the password for principal "cell_admin" (or ? for help): Configuring DCE 5-11 Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services Obtain the password from your system administrator. After you perform the dce_login operation, the procedure begins configuring the security client software. If this system was previously configured as a DCE client or your cell has another host with the same name, the configuration utility also displays a list of client principals that already exist for this system and asks whether to delete the principals. You must delete these principals to continue with the configuration. Configuring security client Creating Dce$Specific:[krb5]krb.conf The following principal(s) already exist under /hosts/dcehost/: /./buster-cell/hosts/dcehost/self Do you wish to delete these principals? (YES/NO/?) [Y]: Deleting client principals Creating ktab entry for client Terminating RPC & Security Client Services daemon (DCE$DCED) . . . Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC-ID, identification of created process is 238110B3 Starting sec_client service (please wait). This machine is now a security client. Press to continue . . . Configuring CDS client Creating the cds.conf file Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . %RUN-S-PROC-ID, identification of created process is 238110B4 Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC-ID, identification of created process is 238110B5 Testing access to CDS server (please wait). Logging in to DCE using principal "cell_admin" . . . Checking TCP/IP local host database address of "dcehost". Please wait . . . Configuring client host objects in cell namespace . . . Creating /.:/hosts/dcehost objects in name space 5-12 Configuring DCE Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services Checking TCP/IP local host database for address of "dcehost". Please wait . . . If your cell uses multiple LANs, you are prompted as follows: Please enter the name of your LAN [1.2.3]: If your LAN has not been defined in the namespace, you are asked whether you want to define it. The configuration procedure then continues: This machine is now a CDS client. Stopping sec_client service... Starting sec_client service (please wait). Modifying acls on /.:/hosts/dcehost/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata/dce_cf.db hostdata/cell_name hostdata/pe_site hostdata/cds_attributes hostdata/cds_globalnames hostdata/host_name hostdata/cell_aliases hostdata/post_processors hostdata/svc_routing hostdata/cds.conf hostdata/passwd_override hostdata/group_override hostdata/krb.conf srvrconf Logging in to DCE using principal "cell_admin" . . . Configuring DTS daemon as client (DCE$DTSD) Starting Distributed Time Service daemon (DCE$DTSD) . . . %RUN-S-PROC-ID, identification of created process is 238110B5 This machine is now a DTS clerk. Configuring DCE 5-13 Configuring DCE 5.3 Configuring Your System as a DCE Client with Run-Time Services Do you want to run the DCE Configuration Verification Program? (YES/NO/?) [Y]: The DCE Configuration Verification Program (CVP) exercises the components of DCE that are running in this cell. It requires approximately 1 to 2 minutes to run. If you type y to run the CVP at this time, you see the following display: Executing DCE for OpenVMS Alpha V3.2 CVP (please wait) Copyright (c) Hewlett-Packard Development Company 2005. All Rights Reserved. . . . . . . . . . . . DCE for OpenVMS Alpha V3.2 CVP completed successfully When the procedure is completed, the DCE Setup Main Menu is displayed again. 5.4 Split Server Configuration (Adding a Master CDS Server) This section discusses a split server installation in which a new cell and the master Security Server are created on one system and the master CDS Server is configured on another system. The master CDS Server maintains the master replica of the cell root directory. A split server configuration has four phases: o Begin creating the new cell and master Security Server on one system. o Begin creating the master CDS Server on another system. o Complete creating the new cell and master Security on the first system. 5-14 Configuring DCE Configuring DCE 5.4 Split Server Configuration (Adding a Master CDS Server) o Complete creating the master CDS Server on the second system. 5.4.1 Creating a New Cell and Master Security Server This is the first phase of a split server configuration. Begin this phase by creating the new cell on the machine where the master security server will reside. Choose option 2 (Create a new DCE cell) from the Configuration Choice Menu. Answer the prompts appropriately for the cell name and host name. Then answer N at the following prompt: Do you wish to configure myhost as a CDS server? (YES/NO/?) [Y]: N Proceed through the rest of the configuration answering the remaining questions as shown in section 5.1, until you get to the following: ******************************************************************************* * This system has now been configured as a security server. * * Since you chose not to configure this system as a CDS server, * * you must now configure another system as the Master CDS Server * * for this cell (Option 1 on the dcesetup Main Menu, Option 3 on * * the Configuration Choice Menu.) * * * * When the Master CDS server has been installed and configured, * * press the key to continue configuring this system. * ******************************************************************************* Go to the machine where you will configure the master CDS Server. 5.4.2 Creating a Master CDS Server on Another System This is the second phase of a split server configuration. You must have created a new cell and begun configuring the security server on another machine. Log on to the system on which you want to install the CDS master server, and choose option 3 (Add Master CDS Server) from the Configuration Choice Menu. Answer the following prompts: Please enter the name of your DCE cell []: Please enter your DCE hostname [myhost2]: The procedure asks: Will there be any DCE pre-R1.1 CDS servers in this cell? (YES/NO/?) [N]: Configuring DCE 5-15 Configuring DCE 5.4 Split Server Configuration (Adding a Master CDS Server) If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or lower, you should answer Y. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as alias cells, CDS delegation ACLs, and so on. If all CDS servers in your cell will be based on DCE for OpenVMS Version 3.0 or higher (or an equivalent DCE version based on OSF DCE Release 1.1 or higher) answer N. The configuration utility sets the directory version number to 4.0 for compatibility with DCE for OpenVMS (Version 3.0 or OSF DCE Release 1.1 or higher) CDS servers. This enables the use of OSF DCE Release 1.1 features such as alias cells, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0. The procedure configures accordingly and prompts you to enter the host name of the security server that you just configured. What is the hostname of the Security Server for this cell? []: The configuration procedure continues, and requests additional client information as described in section 5.2. The procedure configures the requested services, and then prompts you to complete the configuration of the security server on the other machine before continuing: ****************************************************************************** * This system has now been configured as the Master CDS Server. * * * * Before continuing, complete the configuration of the Security * * Server... * ****************************************************************************** Press to continue: Return to the system on which you configured the security server. 5-16 Configuring DCE Configuring DCE 5.4 Split Server Configuration (Adding a Master CDS Server) 5.4.3 Completing the Security Server Configuration This is the third phase of a split server configuration. You must have created a new cell and begun configuring the Security Server on one machine. Then you created a master CDS Server on another machine. Now you will complete the Security Server configuration on the first machine. Return to the system on which you configured the Security Server and press the RETURN key. The following prompt is displayed: What is the hostname of the Master CDS Server for this cell [ ]: The configuration procedure proceeds as described in the section Overview of New Cell Configuration. Once the Security Server configuration is complete, return to the host on which you are configuring the master CDS Server and complete the installation. 5.4.4 Completing the CDS Master Server Configuration This is the fourth and final phase of a split server configuration. You must have created a new cell and begun configuring the security server on one machine. Then you created a master CDS server on another machine. You completed the security server configuration on the first machine. Now you will complete the CDS master server configuration. Completion of this phase consists of running the configuration verification program: Do you want to run the DCE Configuration Verification Program? (YES/NO/?) [Y]: You can run the CVP now by answering Y, or you can run the CVP at a later time by answering N. The procedure completes the configuration and returns to the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices. Configuring DCE 5-17 Configuring DCE 5.5 Migrating Your Cell 5.5 Migrating Your Cell Some DCE cells may be running security or CDS servers on hosts with different versions of DCE. This might happen because a cell has DCE software from multiple vendors, each supplying upgrades at different times. Or perhaps upgrading all the hosts simultaneously is not feasible. DCE for OpenVMS Version 3.2 security servers and CDS servers can interoperate with older servers (based on OSF DCE Release 1.0.3a, 1.0.2, and so on). However, new DCE security features associated with OSF DCE Release 1.1 and DCE Release 1.2.2 will generally not be available until all security server replicas in your cell are based on OSF DCE Release 1.1 and 1.2.2. Additionally, new CDS capabilities will not be available until all security servers and some or all CDS servers are based on OSF DCE Release 1.1 and 1.2.2. If your cell contains older versions of Security or CDS Servers, you will need to migrate (gradually upgrade) older servers until all of them are running DCE server software based on OSF DCE Release 1.1 and 1.2.2. Once all Security or CDS Servers have been upgraded, you must perform some additional steps so that your servers can provide the new security and CDS capabilities. Security Servers and CDS Servers use separate procedures to complete migration. Security Migration provides the instructions for completing Security server migration. CDS migration provides the instructions for completing CDS Server migration. 5.5.1 Security Migration After you install the new security server version on a host where an older version security replica (master or slave) exists, that replica will operate with the new Security Server, but with the behavior of the older version server. Note that a server based on OSF DCE 1.1 or higher cannot create a new replica and operate it as an older version replica. Once OSF DCE Release 1.1 has been installed on all hosts that have security replicas, you must issue a single cell-wide command that simultaneously migrates all the replicas to operate at the level of DCE 1.1. At this 5-18 Configuring DCE Configuring DCE 5.5 Migrating Your Cell point the cell will support new security features such as extended registry attributes. ________________________ Note ________________________ Once you have migrated the security servers to DCE 1.1 or higher, it is not possible to create a replica on a host running an earlier version. ______________________________________________________ If all of the Security Server replicas in your cell are based on OSF DCE Release 1.1, you can perform the final migration steps in this section. If your cell is still running any Security Servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database attributes. Older servers cannot operate on newer version databases. Once you have installed and configured DCE for OpenVMS Version 3.2 Security Servers in your cell, perform the following actions as cell administrator: 1. Ensure that at lease one security replica can write to the cell profile. Use the following operation to check the cell-profile ACL for: user:dce-rgy:rw-t---. $ dcecp -c acl show -io /.:/cell_profile 2. On all Security Servers, set the server version to: secd.dce.1.1. $ dcecp -c registry modify -version secd.dce.1.1 3. Verify that the version has been set to secd.dce.1.1. $ dcecp -c registry show ________________________ Note ________________________ If you have not updated all 1.0.3 security replicas to DCE 1.1, any original 1.0.3 replicas will be stopped when you move the registry version forward to DCE 1.1. You may want to verify that any original 1.0.3 replicas are no longer running. ______________________________________________________ Configuring DCE 5-19 Configuring DCE 5.5 Migrating Your Cell 5.5.2 CDS Migration If you have installed and configured DCE for OpenVMS Version 3.2 CDS servers in your cell, you might need to perform additional steps to complete the upgrade process. If you created a new DCE cell and, during the dcesetup process, you set the default directory version information for each CDS server to Version 4.0, you do not need to perform the migration steps in this section. If your cell is still running any security or CDS servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database and CDS directory attributes. Older servers cannot operate on newer version databases or directories. DCE for OpenVMS Version 3.0 (or equivalent) features, such as hierarchical cells and alias cells, will be available only when all of your cell's security and CDS servers are running DCE for OpenVMS Version 3.0 or higher and the upgrade steps have been completed. Refer to the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide and to the OSF DCE documentation for descriptions of available features. Once the necessary DCE servers have been upgraded to DCE software based on OSF DCE Release 1.1 or 1.2.2, you can perform the migration steps in this section. The migration steps will enable the use of hierarchical cells, alias cells, and delegation. ________________________ Note ________________________ Directory version information can only be set forward. If you migrate a CDS server to OSF DCE 1.1 or 1.2.2 behavior, you cannot revert that server to 1.0.3 behavior. ______________________________________________________ Once you have installed and configured DCE for OpenVMS Version 3.2 (or equivalent) security servers and CDS servers, perform the following actions as cell administrator: 1. If you have not done so, perform the security migration steps in Security Migration. 5-20 Configuring DCE Configuring DCE 5.5 Migrating Your Cell 2. For all CDS clearinghouses, manually update the CDS_UpgradeTo attribute to 4.0. The following two operations ensure that new directories created in this clearinghouse will receive the correct directory version number: $ dcecp -c clearinghouse modify/.:/dummy_ch -add "{CDS_UpgradeTo 4.0}" $ dcecp -c clearinghouse verify chname 3. Manually upgrade all older directory version information to 4.0 as follows: $ dcecp -c directory modify /.: -upgrade -tree The -tree option operates recursively on all subdirectories (in this example, it operates on the entire cell). This command does not work unless all CDS servers housing the affected directories are running DCE for OpenVMS Version 3.0 or higher. This command can take a long time to execute depending on the size of the namespace. 5.6 Running the DCE Configuration Verification Program Once the DCE daemons are started, you can run the DCE Configuration Verification Program (CVP) to ensure that the DCE services are properly installed. The procedure prompts you with the following message: Do you want to run the DCE Configuration Verification Program? (YES/NO/?)[Y]: If you enter Y or press RETURN, the procedure indicates that the CVP is running. Executing DCE for OpenVMS Alpha V3.2 CVP (please wait) Copyright (c) Hewlett-Packard Development Company 2005. All Rights Reserved. Configuring DCE 5-21 Configuring DCE 5.6 Running the DCE Configuration Verification Program Verifying . . . . . . . . . . . The CVP invokes tests of the 10 DCE RPC interfaces, printing a dot (.) as each test is successful. A completely successful test execution results in 10 dots printed in succession. When the CVP tests are completed successfully, you receive the following message: DCE for OpenVMS V3.2 CVP completed successfully ________________________ Note ________________________ You can repeat the CVP whenever you want by choosing option 8 (Run Configuration Verification Program) from the DCE Setup Main Menu. ______________________________________________________ After you run the CVP, the configuration procedure updates your system startup procedure so that the daemons restart automatically whenever the system is rebooted. 5.7 Error Recovery During Configuration If the procedure encounters any errors during DCE system configuration, it displays error messages. Some errors are not fatal, and the procedure attempts to continue. Other errors are fatal, and the procedure terminates. If a fatal error is encountered while the procedure is starting the DCE daemons, the procedure attempts to stop any daemons that have already been started. This returns the system to its original state before you began the configuration. 5-22 Configuring DCE Configuring DCE 5.7 Error Recovery During Configuration If you receive an error message at any time while running the DCE System Configuration utility, you can get more detailed information about the cause of the error by examining the associated log file in SYS$MANAGER:DCE$SETUP.LOG. This log file contains a record of the operations invoked by the System Configuration utility the last time it was executed, and may help you diagnose the cause of the problem. Sometimes the cause of an error is transitory and may not recur if you repeat the operation. Configuring DCE 5-23 6 _________________________________________________________________ Modifying Cell Configuration This chapter describes the steps you need to complete to modify a cell configuration. 6.1 Modify Configuration Menu The Modify Configuration Menu varies slightly depending on which components are currently enabled. If a component is enabled, the menu displays the option to disable it. If the component is disabled, the menu displays the option to enable it. In the following view, all options are disabled. *** Modify Configuration Menu *** DCE for OpenVMS Alpha V3.2 1) Add Replica CDS Server 2) Add Replica Security Server 3) Change from DTS Global Server to DTS Local Server 4) Change from DTS Global Server to DTS clerk 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE Integrated Login 9) Enable Kerberos 5 10) Configure LDAP Name Service 11) Add LDAP Client Service 12) Enable LDAP GDA 13) Register in X.500 0) Exit Return to previous menu ?) Help Display helpful information Please enter your selection: Modifying Cell Configuration 6-1 Modifying Cell Configuration 6.1 Modify Configuration Menu Table 6-1 provides descriptions of the options available on the DCE Modify Configuration Menu. Table_6-1_Modify_Configuration_Menu_Options________________ Option________________Description__________________________ Add Replica CDS Adds a CDS Replica clearinghouse to Server the configuration on this host. The host must be an existing client or split cell configuration. Add Replica Security Adds a Security Replica to the Server configuration on this host. The host must be an existing client or split cell. Change from DTS Downgrades an existing DTS Global Global Server to DTS Server to a DTS Local Server on this Local Server host. Change from DTS Downgrades an existing DTS Global Global Server to DTS Server to a DTS clerk on this host. clerk Add Null Time Adds a DTS Null Time Provider to the Provider existing configuration on this host. Add NTP Time Adds a DTS NTP Time Provider to the Provider existing configuration on this host. Enable Auditing Enables the DCE auditing daemon to allow the capture and display of DCE audit trails. Enable DCE Provides support for Integrated Integrated Login Login, which combines the DCE and OpenVMS login procedures. See the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide for information about Integrated Login. Enable Kerberos 5 Enable DCE on this host to coexist with other Kerberos 5 implementations. (continued on next page) 6-2 Modifying Cell Configuration Modifying Cell Configuration 6.1 Modify Configuration Menu Table_6-1_(Cont.)_Modify_Configuration_Menu_Options________ Option________________Description__________________________ Configure LDAP Name Configure the LDAP Name Service on Service this host to allow DCE to utilize LDAP as a transport for Intercell communications and NSID. Add LDAP Client Adds host-specific information in Service the LDAP namespace; that is, creates server, group, and profile entries for LDAP like those entries that are used for CDS during the DCE client configuration. Enable LDAP GDA Enables DCE's Global Directory Agent (GDA) to use LDAP to perform cross- cell directory service operations. Register in X.500 Registers the host DCE information in the X.500 namespace, allowing the cell to use X.500 to perform cross- ______________________cell_directory_service_operations.___ 6.2 Adding a Replica CDS Server If you want to create a replica of the master CDS server on your machine, you can do so on a system that has already been configured as a client, or on a system that has not yet been configured for DCE. The following example assumes no prior configuration. Choose option 1 (Add Replica CDS Server) from the Modify Configuration Menu. The configuration utility asks whether to search the LAN for known cells within broadcast range of your system. Would you like to search the LAN for known cells? (YES/NO/?) [Y] : If you know the name of your DCE cell, answer N. As prompted, supply the name of your DCE cell, your DCE host name, and the host name of your cell's master CDS server. You also need to specify whether your host can broadcast to the host where the master CDS server is installed. Modifying Cell Configuration 6-3 Modifying Cell Configuration 6.2 Adding a Replica CDS Server Answer Y to see a list of available DCE cells. As prompted, supply your DCE host name. At the next prompt, supply the appropriate DCE cell name from the list. You are asked to enter your DCE host name: Please enter your DCE host name [myhost]: The procedure then displays a list of the cells within broadcast range of your system and asks you to enter the name of your DCE cell. After you enter the cell name, the procedure displays the following messages and asks whether the local system time is correct: Gathering list of currently accessible cells The following cells were discovered within broadcast range of this system: buster_cell kauai_cell myhost_cell tahoe_cell Please enter the name of your DCE cell: myhost_cell. Please enter your DCE hostname [myhost] Terminating RPC Services/DCE Security Client daemon (DCE$DCED) . . . *** RPC (DCED) shutdown successful *** Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC-ID, identification of created process is 238110C0 Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . %RUN-S-PROC-ID, identification of created process is 238110C1 Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC-ID, identification of created process is 238110C2 Testing access to CDS server (please wait)... Attempting to locate security server Found security server Creating dce$local:[etc.security]pe_site.; file Checking local system time Looking for DTS servers in this LAN Found DTS server The local system time is: Wed Jul 12 11:31:52 1998 6-4 Modifying Cell Configuration Modifying Cell Configuration 6.2 Adding a Replica CDS Server Is this time correct? (y/n): Please check the time before you respond to this prompt. Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, answer N, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, answer Y, and the procedure continues with the following message (if you have DECnet/OSI installed and configured): You seem to have DECnet/OSI installed on this system. DECnet/OSI includes a distributed time synchronization service (DECdts), which does not currently support the DCE Distributed Time Service (DCE DTS) functionality. The DCE DTS in this release provides full DECdts functionality. This installation will stop DECdts and use DCE DTS instead. For further clarification, please consult the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide. Even though DCE DTS will be used, it is possible to accept time from DECdts servers. Should this node accept time from DECdts servers? (YES/NO/?) [N]: Answer Y to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you answer N, this system accepts time only from DCE DTS servers. Do you want this system to be a DTS Local Server (YES/NO/?) [N]: If DECnet/OSI is not installed, this system must be configured as either a DTS clerk or a DTS server. For a complete description on the differences between DTS clerks and servers, please consult the section on how DTS works in the OSF DCE Administration Guide. HP recommends that you configure three DTS servers per cell. After you respond, the procedure stops the CDS advertiser and asks you to perform a dce_login operation. After you log in, the procedure configures the system as a client system and asks for a clearinghouse name: Starting CDS Name Service Server daemon (DCE$CDSD) . . . %RUN-S-PROC-ID, identification of created process is 238110C3 When configuring the CDS server, the procedure asks: What is the name for this clearinghouse? [myhost_ch]: Modifying Cell Configuration 6-5 Modifying Cell Configuration 6.2 Adding a Replica CDS Server Specify a name for this clearinghouse that is unique in this cell. The procedure displays the following messages and asks whether you want to replicate more directories. Initializing the name space for additional CDS server... Modifying acls on /.:/myhost_ch Modifying acls on /.:/hosts/myhost/cds-server Modifying acls on /.:/hosts/myhost/cds-gda Do you wish to replicate more directories? (YES/NO/?): The root directory from the CDS master server has just been replicated. You can replicate more directories if you want by answering Y. Next, you are prompted for the name of a CDS directory to be replicated. Enter the name of a CDS directory to be replicated: Enter the name of a CDS directory existing in the master CDS namespace that you want to replicate on this system. Type the directory name without the /.:/ prefix; it is added automatically. When you are finished, press only the RETURN key. The procedure displays the following messages and asks whether you want to run the CVP. If your system is already configured as a CDS Replica Server, this option will show "Remove Replica CDS Server" on the Modify Configuration Menu. Choose this option if you want to remove a CDS Replica Server from your DCE configuration. You will not affect the rest of your system's DCE configuration. 6.3 Adding a Security Replica If you want to add a replica security server to your system, choose option 2 (Add Replica Security Server) from the Modify Configuration Menu. When you choose this option, the procedure will configure the system as a DCE client system if it is not already so configured. Once the client configuration has neared completion, or if the system is currently a DCE client, the following messages will be displayed: Configuring security replica server (DCE$SECD) 6-6 Modifying Cell Configuration Modifying Cell Configuration 6.3 Adding a Security Replica The procedure will prompt you to enter the security replica name. Enter the security replica name (without subsys/dce/sec) [dcehost]: After you enter your security replica name, you are prompted to enter a keyseed. Enter several random characters. ******************************************************************** * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ******************************************************************** Enter keyseed for initial database master key: The procedure continues, displaying information similar to the following, but dependent on your configuration: Modifying acls on /.:/sec/replist... Modifying acls on /.:/subsys/dce/sec... Modifying acls on /.:/sec... Modifying acls on /.:... Modifying acls on /.:/cell-profile... Starting Security Service Server daemon (DCE$SECD) . . . Waiting for registry propagation... Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]: If your system is already configured as a Security Replica Server, option in the Modify Configuration Menu shows "Remove Replica Security Server". Choose option 2 if you want to remove a Security Replica from your DCE configuration. Its removal does not affect the rest of your system's DCE configuration. When the procedure is completed, the Modify Configuration Menu is displayed again. Modifying Cell Configuration 6-7 Modifying Cell Configuration 6.4 Adding/Removing a DTS Local Server 6.4 Adding/Removing a DTS Local Server If you want to add a DTS server to your machine, you can do so on a system that has already been configured as a client, or on a system that has not yet been configured for DCE. Choose option 3 (Add DTS Local Server) from the Modify Configuration Menu. If the system has not yet been configured for DCE, it will be configured as a DCE client. Also choose option 3 if you want to modify your configuration from a DTS Local Server to a DTS clerk. This operation does not affect the rest of your system's DCE configuration. 6.5 Adding a DTS Global Server If you want to add a DTS Global Server to your system, choose option 4 (Add DTS Global Server) from the Modify Configuration Menu. If your system is already configured as a DTS Global Server, option 4 shows Change from DTS Global Server to DTS Clerk. Choose this option if you want to modify your configuration from a DTS Global Server to a DTS Clerk. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.6 Adding a Null Time Provider The null time provider allows DTS to set the inaccuracy without setting the time or in any way modifying the host system time. Refer to the OSF DCE Administration Guide - Core Components volume for further information about getting time from Network Time Protocol (NTP) time sources. If you want to add a null time provider to your system, choose option 5 (Add Null Time Provider) from the Modify Configuration Menu. The configuration adds and starts the null time provider, displaying the following messages: Starting Null Time Provider (dts_null_provider)... Press to continue: 6-8 Modifying Cell Configuration Modifying Cell Configuration 6.6 Adding a Null Time Provider Press RETURN. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.7 Adding an NTP Time Provider If your site uses Network Time Protocol (NTP) to set system time, you can use those time signals to synchronize DTS. Briefly, one DTS server uses the NTP time provider software to synchronize with NTP. That DTS server synchronizes with other DTS servers using DTS time signals. Refer to the OSF DCE Administration Guide - Core Components volume for further information about getting time from NTP time sources. If you want to add an NTP time provider to your system, choose option 6 (Add NTP Time Provider) from the Modify Configuration Menu. The configuration adds and starts the NTP time provider, displaying the following messages: Starting NTP Time Provider (dts_ntp_provider)... Enter the hostname where the NTP server is running: dcedts.lkg.dec.com Press RETURN to continue: Press RETURN. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.8 Enabling Auditing DCE auditing facilities detect and record critical events in distributed applications. To enable DCE auditing facilities on your machine, choose option 7 (Enable Auditing) from the Modify Configuration Menu. The procedure begins configuring the Audit daemon and prompts you to log in to the cell. Starting Audit daemon (auditd). Please enter the principal name to be used [cell_admin]: Please enter the password for "cell_admin" (or ? for help): Modifying Cell Configuration 6-9 Modifying Cell Configuration 6.8 Enabling Auditing After you log in, the procedure creates default filters and completes configuring the Audit daemon. Creating default filters for security, dts, and audit Successfully configured Audit daemon Press to continue: If auditing was previously enabled on your system, option 7 displays as "Disable Auditing". Choose this option if you want to disable auditing on your system. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.9 Enabling DCE Integrated Login If you want users to have the ability to obtain DCE credentials when they interactively log in to OpenVMS, and to automatically synchronize DCE and OpenVMS passwords, then choose option 8 from the Modify Configuration Menu. For more information on DCE Integrated Login, see the HP DCE for OpenVMS Alpha and OpenVMS I64 Product Guide. If DCE Integrated Login was previously enabled on your system, option 8 displays as "Disable DCE Integrated Login". Choose this option if you want to disable DCE Integrated Login on your system. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.10 Enabling Kerberos 5 If you expect the need to interoperate with non-DCE Kerberos, choose option 9 from the Modify Configuration Menu. This option sets up the DCE Kerberos files so that they can be shared with non-DCE Kerberos implementations in order to facilitate better interoperability. The following messages are displayed: Do you intend to run MIT Kerberos 5 services on this machine? (YES/NO/?) [N]: Configuring Kerberos. When the procedure is completed, the Modify Configuration Menu is displayed again. 6-10 Modifying Cell Configuration Modifying Cell Configuration 6.11 Configuring the LDAP Name Service 6.11 Configuring the LDAP Name Service ________________________ Note ________________________ You will need a working LDAP server somewhere on your network to configure DCE to use LDAP. Consult your LDAP documentation for information on terminology and setting up an LDAP server. ______________________________________________________ Configuring the LDAP name service involves three steps on the Modify Configuration Menu. Here, the first step defines to the system the extent of potential additional capabilities. If fully configured, LDAP provides a second path to access the X.500 directory service, requires less overhead than DAP, and provides support for the TCP/IP protocol. Choose option 10 to add the LDAP name service to the configuration. Next, to configure the LDAP name service, specify the location of the LDAP server and the distinguished name (DN) of your DCE cell as it appears in the LDAP name space. You are prompted for necessary information in the following script. You can press '?' at the prompt for help. Modify LDAP name service configuration Please enter the hostname of the LDAP server [localhost]: The LDAP server must be known to the network by a name. Please enter the port number of the LDAP server [389]: If no other port number is specified, press to specify the default value, port 389. Please enter the authentication dn to the LDAP server []: Enter the distinguished name associated with the LDAP server to authenticate the LDAP server to DCE. Please enter the password of the authentication dn: Type again to confirm: Please enter the cell dn in LDAP syntax []: Modifying Cell Configuration 6-11 Modifying Cell Configuration 6.11 Configuring the LDAP Name Service Enter the distinguished name of the cell. Checking existing LDAP name service configuration Testing LDAP server access... If you provide the wrong information, you see this message: *** Error contacting the LDAP server Please verify the LDAP configuration you provided is correct. Press to continue: When the procedure is completed, the Modify Configuration Menu is displayed again. 6.12 Adding LDAP Client Service The LDAP Client Service option adds or removes host- specific information in the LDAP namespace; that is, to create server, group, and profile entries for LDAP like those entries that are used in CDS during the DCE client configuration. Examples of such entries include everything under /.:/hosts/HOST_NAME. Choose option 11 to configure LDAP Client Service. When the procedure is completed, the Modify Configuration Menu is displayed again. 6.13 Configuring LDAP Support for the Global Directory Assistant After enabling LDAP and adding LDAP Client Service, it is necessary to connect LDAP to the global directory agent (GDA). Cross-cell directory service is controlled by a GDA, which looks up foreign cell information on behalf of the application in either the Domain Naming Service (DNS) or X.500 database. Applications can request directory services from either CDS or LDAP or both. LDAP is provided as an optional directory service that is independent of CDS and duplicates CDS functionality. Choose option 12 to configure communication between LDAP and the GDA. To complete the configuration of the LDAP name service, you need to specify the location of the LDAP server, and the distinguished name of your DCE cell as it appears in the LDAP name space. You are prompted for necessary information 6-12 Modifying Cell Configuration Modifying Cell Configuration 6.13 Configuring LDAP Support for the Global Directory Assistant in the following dialog. You can always press '?' at the prompt for help. Modify GDA LDAP configuration Please enter the hostname of the LDAP server [localhost]: cell Please enter the port number of the LDAP server [389]: Please enter the authentication dn to the LDAP server []: Please enter the authentication dn to the LDAP server []: Please enter the password of the authentication dn: Type again to confirm: Please enter the cell dn in LDAP syntax []: Re-starting Global Directory Agent daemon Starting Global Directory Agent daemon (gdad)... %RUN-S-PROC-ID, identification of created process is 238110C8 LDAP is successfully enabled for gdad When the procedure is completed, the DCE Setup Main Menu is displayed again. 6.14 Registering a Cell in X.500 To search for destinations in other cells requires connection with a directory service database. All cross- cell directory name searches are controlled by the global directory agent (GDA), which looks up foreign cell information on behalf of an application in either the Domain Naming Service (DNS) or X.500 database. Choose option 13 to set up communications between your configured cell and the X.500 directory service. If you select the Register in X.500 option, you next see the X.500 menu. It requires you to specify an object class for your cell. Enter the X.500 object class corresponding to your cell name. For example, if your cell name is /... /c=mycountry /o=mycompany/ou=mylocation, the object class is Organizational Unit. Modifying Cell Configuration 6-13 Modifying Cell Configuration 6.14 Registering a Cell in X.500 1) Organizational Unit 2) Organization 3) Organization Role 4) Country 5) Locality 6) Application Entity 7) Application Process 8) Group of Names 9) Device 10) Person 11) Return to Main Menu Please enter the object class for cell : Every entry in X.500 is classified according to the characteristics of the real world object that it represents. Before the cell entry can be created in the X.500 directory, you must specify the class of the entry. For example, if you choose option 1, the organizational unit class is specified. The superior entries must exist before the cell entry can be created. In the above example, c=mycountry/o=mycompany must exist prior to choosing the cell registration option. If the cell entry exists, you are asked to confirm if the cell attribute information needs to be replaced. HP cell registration, which is compatible with OSF DCE GDS, saves the cell information in special CDS-Cell and CDS-Replicas attributes. If the cell registration fails, the following error is displayed: *** Error: Unable to register cell information in X.500 Please refer to the dcesetup log file SYS$MANAGER:DCE$SETUP.LOG for more information. If the procedure is completed successfully, the Modify Configuration Menu is displayed again. 6-14 Modifying Cell Configuration A _________________________________________________________________ Files Created or Used on Your System This appendix lists the directories and files that are created or used on your system by HP DCE for OpenVMS Alpha and OpenVMS I64. A.1 Installation Files The following files are created when you install HP DCE for OpenVMS Alpha or HP DCE for OpenVMS I64: 1[SYSEXE]DCE$ADD_ID.EXE [SYSHLP]DCE032.RELEASE_NOTES [SYSUPD]DCE$COMPARE_VERSIONS.COM [SYSUPD]DCE$GET_IMAGE_VERSION.COM A.2 Run-Time Services Kit Files The following files are created when you install the HP DCE Run-Time Services Kit: Startup/Configuration files [SYS$STARTUP]DCE$STARTUP.COM [SYS$STARTUP]DCE$SHUTDOWN.COM [SYSHLP]DCEDCL.HLP ____________________ 1 These files are installed by OpenVMS or by DCE if the OpenVMS version is prior to version 7.3. The DCE$SOCKSHR_TPS image does not ship with the I64 Kit. Files Created or Used on Your System A-1 Files Created or Used on Your System A.2 Run-Time Services Kit Files [SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM 1[SYSMGR]DCE$RPC_SHUTDOWN.COM 1[SYSMGR]DCE$RPC_STARTUP.COM [SYSMGR]DCE$SETUP.COM [SYSMGR]DCE$SETUP_MULTINET.COM [SYSMGR]DCE$SETUP_NONE.COM [SYSMGR]DCE$SETUP_PATHWAY.COM [SYSMGR]DCE$SETUP_TCPWARE.COM [SYSMGR]DCE$SETUP_UCX.COM [SYSEXE]DCE$SEC_SETUP.EXE [SYSEXE]DCE$GETCELLS.EXE [SYSEXE]DCE$GETCELLINFO.EXE [SYSEXE]DCE$KCFG.EXE Data files [DCELOCAL.VAR.SVC]ROUTING.; [DCELOCAL.ETC]CODE_SET_REGISTRY.TXT [DCELOCAL.ETC]CDS_ATTRIBUTES.DAT [DCELOCAL.ETC]CDS_GLOBALNAMES.; [DCELOCAL.ETC]CDSCP.BPT [DCELOCAL.ETC]DTSCP.BPT [DECW$DEFAULTS.USER]DC$CDSBROWSER.UID [SYSUPD]DTSS$INSTALL_TIMEZONE_RULE.COM Tools A-2 Files Created or Used on Your System Files Created or Used on Your System A.2 Run-Time Services Kit Files [DCELOCAL.DCECP]ATTRLIST.DCP [DCELOCAL.DCECP]ATTR_EVAL.TCL [DCELOCAL.DCECP]BCKP_CDS.DCP [DCELOCAL.DCECP]BCKP_SEC.DCP [DCELOCAL.DCECP]CELL.DCP [DCELOCAL.DCECP]CELLALIAS.DCP [DCELOCAL.DCECP]CP.COM [DCELOCAL.DCECP]DIR_OPS.DCECP [DCELOCAL.DCECP]DTS.DCP [DCELOCAL.DCECP]GETIP.COM [DCELOCAL.DCECP]GETSYI.COM [DCELOCAL.DCECP]GREP.COM [DCELOCAL.DCECP]HELP.DCP [DCELOCAL.DCECP]HOST.DCP [DCELOCAL.DCECP]HOSTVAR.DCP [DCELOCAL.DCECP]INIT.DCECP [DCELOCAL.DCECP]LS.COM [DCELOCAL.DCECP]PARSEARGS.DCP [DCELOCAL.DCECP]REGISTRY.DCP [DCELOCAL.DCECP]RM.COM [DCELOCAL.DCECP]TAR.COM [DCELOCAL.DCECP]TCLINDEX.; [DCELOCAL.DCECP]USER.DCP [DCELOCAL.DCECP]UNAME.COM [DCELOCAL.DCECP]UTILITY.DCP [DCELOCAL.DCECP]VERB-OBJECT.DCP [DCELOCAL.TCL]INIT.TCL [DCELOCAL.TCL]PARRAY.TCL [DCELOCAL.TCL]TCLINDEX.; [SYSHLP.EXAMPLES.DCE.TOOLS]JPI.COM Executable/Library files Files Created or Used on Your System A-3 Files Created or Used on Your System A.2 Run-Time Services Kit Files 1[SYSLIB]DCE$LIB_SHR.EXE 1[SYSLIB]DCE$KERNEL.EXE 1[SYSLIB]DCE$SOCKSHR_IP.EXE 1[SYSLIB]DCE$SHCKSHR_DNET_IV.EXE 1[SYSLIB]DCE$SOCKSHR_DNET_OSI.EXE 1[SYSLIB]DCE$SOCKSHR_TPS.EXE 1[SYSLIB]DTSS$SHR.EXE [SYSLIB]DCE$NSEDIT_SHR.EXE [SYSLIB]DXD$CDS_SHR.EXE [SYSLIB]DCE$UAF_SHR.EXE [SYSLIB]DCE$LGI_CALLOUTS.EXE 1[SYSLIB]DTSS$RUNDOWN.EXE [SYSLHP.EXAMPLES.DCE.X500]DXD$XDS_SHR.EXE [SYSUPD]DCE$UAF_CONVERT.EXE [SYSEXE]DCE$UUIDGEN.EXE [SYSEXE]DCE$TCL.EXE 2[SYSEXE]ZIC.EXE 1[SYSEXE]RPCCP.EXE 1[SYSEXE]DCE$DCED.EXE 1[SYSEXE]DCE$RPCPERF_CLIENT.EXE 1[SYSEXE]DCE$RPCPERF_SERVER.EXE [SYSEXE]DCE$NSID.EXE [SYSEXE]DCE$DCESX.EXE [SYSEXE]DCE$NSEDIT.EXE [SYSEXE]DCE$CADUMP.EXE [SYSEXE]DCE$CDSADVER.EXE [SYSEXE]DCE$CDSCLERK.EXE [SYSEXE]DCE$CDSCP.EXE [SYSEXE]DCE$CDSBROWSER.EXE 3[SYSEXE]DCE$CDSD.EXE 3[SYSEXE]DCE$CDSD_DBDUMP.EXE 3[SYSEXE]DCE$CDSD_DIAG.EXE 3[SYSEXE]DCE$GDAD.EXE ____________________ 2 These files are installed by DCE with OpenVMS Version 6.2 3 These files are installed with the Runtime, but controlled by separate license PAKs (DCE-CDS or DCE-SECURITY). A-4 Files Created or Used on Your System Files Created or Used on Your System A.2 Run-Time Services Kit Files [SYSEXE]DCE$X500_ADDCELL.EXE [SYSEXE]DCE$LDAPSEARCH.EXE [SYSEXE]DCE$LDAPMODIFY.EXE [SYSEXE]DCE$LDAPDELETE.EXE [SYSEXE]DCE$LDAPMODRDN.EXE [SYSEXE]DCE$RGY_EDIT.EXE [SYSEXE]DCE$ACL_EDIT.EXE [SYSEXE]DCE$DCE_LOGIN.EXE 3[SYSEXE]DCE$SEC_ADMIN.EXE 3[SYSEXE]DCE$SECD.EXE 3[SYSEXE]DCE$SEC_CREATE_DB.EXE [SYSEXE]DCE$KDESTROY.EXE [SYSEXE]DCE$KINIT.EXE [SYSEXE]DCE$KLIST.EXE [SYSEXE]DCE$CHPASS.EXE [SYSEXE]DCE$UAF.EXE [SYSEXE]DCE$IMPORT.EXE [SYSEXE]DCE$EXPORT.EXE 1[SYSEXE]DTSS$SET_TIMEZONE.EXE [SYSEXE]DCE$DTSCP.EXE [SYSEXE]DCE$DTSD.EXE [SYSEXE]DTSS$GRAPH.EXE [SYSEXE]DCE$AUDITD.EXE Message/Help files [SYSMSG]DCE$UUIDGEN_MSG.EXE [SYSMSG]DCE$IL_MSG.EXE [SYSEXE]DCE$SAMS.EXE [SYSHLP]DCE$CDSBROWSER.HLB [SYSHLP]DCE$UAF_HELP.HLB [SYSHLP]DCE$IMPORT_HELP.HLB [SYSHLP]DCE$EXPORT_HELP.HLB A.3 Application Developer's Kit Files When you install the Application Developer's Kit, all the files in the Runtime Services Kit are created. In addition, the following files are created: Files Created or Used on Your System A-5 Files Created or Used on Your System A.3 Application Developer's Kit Files [SYSEXE]DCE$IDL.EXE [SYSEXE]DCE$RPCLM.EXE [SYSMSG]DCE$IDL_MSG.EXE [SYSLIB]DCE$MSRPC_MAPPING_SHR.EXE [SYSLIB]DCE$IL_DEF.H [SYSLIB]DCE$IL_MSG.H [SYSLIB]DCE$IDL_CXX_SHR.EXE [SYSLIB]LSEUPDATE_ENV.TPU [SYSLIB]IDL.ENV [SYSLIB]IDL.CLD [SYSLIB]UUID.CLD [SYSLIB]RPCLM.CLD [SYSLIB]XDS.H [SYSLIB]XDSBDCP.H [SYSLIB]XDSCDS.H [SYSLIB]XDSGDS.H [SYSLIB]XDSMDUP.H [SYSLIB]XDSSAP.H [SYSLIB]XMHP.H [SYSLIB]XOM.H [SYSLIB]XOMI.H A-6 Files Created or Used on Your System Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM [DCE$LIBRARY]MSRPC_MAPPING.H [DCE$LIBRARY]DCE.OPT [DCE$LIBRARY]DCE_CXX.OPT [DCE$LIBRARY]ACCT.H [DCE$LIBRARY]ACCT.IDL [DCE$LIBRARY]ACLBASE.H [DCE$LIBRARY]ACLBASE.IDL [DCE$LIBRARY]ACLIF.H [DCE$LIBRARY]ASSERT.H [DCE$LIBRARY]AUDIT.H [DCE$LIBRARY]AUDIT_CONTROL.H [DCE$LIBRARY]AUDIT_CONTROL.IDL [DCE$LIBRARY]AUDIT_LOG.H [DCE$LIBRARY]BINDING.H [DCE$LIBRARY]BINDING.IDL [DCE$LIBRARY]CDSCLERK.H [DCE$LIBRARY]CODESETS.H [DCE$LIBRARY]CODESETS.IDL [DCE$LIBRARY]CODESETS_STUB.H [DCE$LIBRARY]CONV.H [DCE$LIBRARY]CONV.IDL [DCE$LIBRARY]CONVC.H [DCE$LIBRARY]CONVC.IDL [DCE$LIBRARY]DACLIF.H [DCE$LIBRARY]DACLIF.IDL [DCE$LIBRARY]DACLMGR.H [DCE$LIBRARY]DACLMGR.IDL [DCE$LIBRARY]DACLMGRV0.H [DCE$LIBRARY]DACLMGRV0.IDL [DCE$LIBRARY]DATABASE.H [DCE$LIBRARY]DATABASE.IDL [DCE$LIBRARY]DBIF.H [DCE$LIBRARY]DCE.H [DCE$LIBRARY]DCE64.H [DCE$LIBRARY]DCE_ATTR_BASE.H [DCE$LIBRARY]DCE_ATTR_BASE.IDL [DCE$LIBRARY]DCE_ATTR_SCH.H [DCE$LIBRARY]DCE_ATTR_SCH.IDL [DCE$LIBRARY]DCE_CF.H [DCE$LIBRARY]DCE_CF_CONST.H [DCE$LIBRARY]DCE_CF_CONST.IDL [DCE$LIBRARY]DCE_ERROR.H Files Created or Used on Your System A-7 Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]DCE_MSG.H [DCE$LIBRARY]DCE_SVC.H [DCE$LIBRARY]DCE_UTILS.H [DCE$LIBRARY]DCEACL.H [DCE$LIBRARY]DCEACL.IDL [DCE$LIBRARY]DCEAUDMSG.H [DCE$LIBRARY]DCECDSMAC.H [DCE$LIBRARY]DCECDSMSG.H [DCE$LIBRARY]DCECDSSVC.H [DCE$LIBRARY]DCECFGMSG.H [DCE$LIBRARY]DCED.H [DCE$LIBRARY]DCED_ACLBITS.H [DCE$LIBRARY]DCED_ACLBITS.IDL [DCE$LIBRARY]DCED_BASE.H [DCE$LIBRARY]DCED_BASE.IDL [DCE$LIBRARY]DCED_DATA.H [DCE$LIBRARY]DCEDHDMSG.H [DCE$LIBRARY]DCEDTSMSG.H [DCE$LIBRARY]DCEGSSMSG.H [DCE$LIBRARY]DCELIBMSG.H [DCE$LIBRARY]DCESVCMSG.H [DCE$LIBRARY]DNSCLERK.H [DCE$LIBRARY]DNSMESSAGE.H [DCE$LIBRARY]DNSMESSAGE.IDL [DCE$LIBRARY]DTSPROVIDER.ACF [DCE$LIBRARY]DTSPROVIDER.H [DCE$LIBRARY]DTSPROVIDER.IDL [DCE$LIBRARY]EP.H [DCE$LIBRARY]EP.IDL [DCE$LIBRARY]GSSAPI.H [DCE$LIBRARY]HASHTAB.HXX [DCE$LIBRARY]ID_BASE.H [DCE$LIBRARY]ID_BASE.IDL [DCE$LIBRARY]ID_ENCODE.H [DCE$LIBRARY]ID_ENCODE.IDL [DCE$LIBRARY]ID_EPAC.H [DCE$LIBRARY]ID_EPAC.IDL [DCE$LIBRARY]IDL_ES.H [DCE$LIBRARY]IDLBASE.H [DCE$LIBRARY]IDLDDEFS.H [DCE$LIBRARY]IOVECTOR.H [DCE$LIBRARY]IFACEMGR.HXX [DCE$LIBRARY]KDB5_ERR.H A-8 Files Created or Used on Your System Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]KDC5_ERR.H [DCE$LIBRARY]KRB5_ERR.H [DCE$LIBRARY]KEYMGMT.H [DCE$LIBRARY]KEYMGMT.IDL [DCE$LIBRARY]LBASE.H [DCE$LIBRARY]LBASE.IDL [DCE$LIBRARY]MARSHALL.H [DCE$LIBRARY]MGMT.H [DCE$LIBRARY]MGMT.IDL [DCE$LIBRARY]MISC.H [DCE$LIBRARY]MISC.IDL [DCE$LIBRARY]NBASE.FOR [DCE$LIBRARY]NBASE.FOR_H [DCE$LIBRARY]NBASE.H [DCE$LIBRARY]NBASE.ACF [DCE$LIBRARY]NBASE.IDL [DCE$LIBRARY]NCASTAT.H [DCE$LIBRARY]NCASTAT.IDL [DCE$LIBRARY]NDR_REP.H [DCE$LIBRARY]NDROLD.H [DCE$LIBRARY]NDROLD.IDL [DCE$LIBRARY]NDRTYPES.H [DCE$LIBRARY]OBJREF.HXX [DCE$LIBRARY]OBJTABLE.HXX [DCE$LIBRARY]ORIDE_BASE.H [DCE$LIBRARY]ORIDE_BASE.IDL [DCE$LIBRARY]OVERRIDE.H [DCE$LIBRARY]OVERRIDE.IDL [DCE$LIBRARY]PASSWD.H [DCE$LIBRARY]PASSWD.IDL [DCE$LIBRARY]PASSWD_ENCODE.H [DCE$LIBRARY]PASSWD_ENCODE.IDL [DCE$LIBRARY]PGO.H [DCE$LIBRARY]PGO.IDL [DCE$LIBRARY]PKL.H [DCE$LIBRARY]PKL.IDL [DCE$LIBRARY]PKLBASE.H [DCE$LIBRARY]PKLBASE.IDL [DCE$LIBRARY]POLICY.H [DCE$LIBRARY]POLICY.IDL [DCE$LIBRARY]PRIV_ATTR_TRIG.H [DCE$LIBRARY]PRIV_ATTR_TRIG.IDL [DCE$LIBRARY]PROXYMGR.HXX Files Created or Used on Your System A-9 Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]PVTUTL.H [DCE$LIBRARY]PVTUTL.IDL [DCE$LIBRARY]RDACLBASE.H [DCE$LIBRARY]RDACLBASE.IDL [DCE$LIBRARY]RDACLIF.H [DCE$LIBRARY]RDACLIF.IDL [DCE$LIBRARY]RDACLIFV0.H [DCE$LIBRARY]RDACLIFV0.IDL [DCE$LIBRARY]RECLAIM.H [DCE$LIBRARY]REPADM.H [DCE$LIBRARY[REPADM.IDL [DCE$LIBRARY]REPLIST.H [DCE$LIBRARY]REPLIST.IDL [DCE$LIBRARY]RGYBASE.H [DCE$LIBRARY]RGYBASE.IDL [DCE$LIBRARY]RGYNBASE.H [DCE$LIBRARY]RGYNBASE.IDL [DCE$LIBRARY]RPC.H [DCE$LIBRARY]RPC.IDL [DCE$LIBRARY]RPCBASE.H [DCE$LIBRARY]RPCBASE.IDL [DCE$LIBRARY]RPCEXC.H [DCE$LIBRARY]RPCPVT.H [DCE$LIBRARY]RPVPVT.IDL [DCE$LIBRARY]RPCSTS.H [DCE$LIBRARY]RPCSTS.IDL [DCE$LIBRARY]RPCTYPES.H [DCE$LIBRARY]RPCTYPES.IDL [DCE$LIBRARY]RPLADMN.H [DCE$LIBRARY[RPLADMN.IDL [DCE$LIBRARY]RPLBASE.H [DCE$LIBRARY]RPLBASE.IDL [DCE$LIBRARY]RPRIV_1_0.H [DCE$LIBRARY[RPRIV_1_0.IDL [DCE$LIBRARY]RRPC.H [DCE$LIBRARY]RRPC.IDL [DCE$LIBRARY]RS_BIND.H [DCE$LIBRARY]RS_BIND.IDL [DCE$LIBRARY]RS_LOGIN_ACTIVITY.H [DCE$LIBRARY]RS_LOGIN_ACTIVITY.IDL [DCE$LIBRARY]RS_LOGIN_BASE.H [DCE$LIBRARY]RS_LOGIN_BASE.IDL [DCE$LIBRARY]RS_PWD_MGMT.H A-10 Files Created or Used on Your System Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]RS_PWD_MGMT.IDL [DCE$LIBRARY]RSEC_LOGIN.H [DCE$LIBRARY]RSEC_LOGIN.IDL [DCE$LIBRARY]RSEC_PK_CACHE.H [DCE$LIBRARY]RSEC_PK_CACHE.IDL [DCE$LIBRARY]RSEC_PWD_MGMT.H [DCE$LIBRARY]RSEC_PWD_MGMT.IDL [DCE$LIBRARY]RUTC.ACF [DCE$LIBRARY]RUTC.H [DCE$LIBRARY]RUTC.IDL [DCE$LIBRARY]SEC_ACL_ENCODE.H [DCE$LIBRARY]SEC_ACL_ENCODE.IDL [DCE$LIBRARY]SEC_ATTR_BASE.H [DCE$LIBRARY]SEC_ATTR_BASE.IDL [DCE$LIBRARY]SEC_ATTR_TOOLS.H [DCE$LIBRARY]SEC_ATTR_TRIG.H [DCE$LIBRARY]SEC_ATTR_TRIG.IDL [DCE$LIBRARY]SEC_ATTR_UTIL.H [DCE$LIBRARY]SEC_ATTR_UTIL.IDL [DCE$LIBRARY]SEC_AUTHN.H [DCE$LIBRARY]SEC_AUTHN.IDL [DCE$LIBRARY]SEC_BASE.H [DCE$LIBRARY]SEC_BASE.IDL [DCE$LIBRARY]SEC_CERT.H [DCE$LIBRARY]SEC_CERT.IDL [DCE$LIBRARY]SEC_CRED.H [DCE$LIBRARY]SEC_CRED.IDL [DCE$LIBRARY]SEC_LOGIN.H [DCE$LIBRARY]SEC_LOGIN.IDL [DCE$LIBRARY]SEC_LOGIN_BASE.H [DCE$LIBRARY]SEC_LOGIN_BASE.IDL [DCE$LIBRARY]SEC_PK_BASE.H [DCE$LIBRARY]SEC_PK_BASE.IDL [DCE$LIBRARY]SEC_PSM.H [DCE$LIBRARY]SEC_PSM.IDL [DCE$LIBRARY]SEC_PUBKEY.H [DCE$LIBRARY]SEC_PUBKEY.IDL [DCE$LIBRARY]SEC_PVTKEY.H [DCE$LIBRARY]SEC_PVTKEY.IDL [DCE$LIBRARY]SEC_PWD_MGMT.H [DCE$LIBRARY]SEC_PWD_MGMT.IDL [DCE$LIBRARY]SEC_RGY_ATTR.H [DCE$LIBRARY]SEC_RGY_ATTR.IDL Files Created or Used on Your System A-11 Files Created or Used on Your System A.3 Application Developer's Kit Files [DCE$LIBRARY]SEC_RGY_ATTR_SCH.H [DCE$LIBRARY]SEC_RGY_ATTR_SCH.IDL [DCE$LIBRARY]SEC_RGY_ATTR_SRCH.H [DCE$LIBRARY]SEC_RGY_ATTR_SRCH.IDL [DCE$LIBRARY]SEC_RGY_LOGIN_ACTIVITY.H [DCE$LIBRARY]SEC_RGY_LOGIN_ACTIVITY.IDL [DCE$LIBRARY]SECIDMAP.H [DCE$LIBRARY]SECIDMAP.IDL [DCE$LIBRARY]SECSTS.H [DCE$LIBRARY]SECSTS.IDL [DCE$LIBRARY]SERVICE.H [DCE$LIBRARY]SERVICE.IDL [DCE$LIBRARY]STUBBASE.H [DCE$LIBRARY]SVCBIN.H [DCE$LIBRARY]SVCBIN.IDL [DCE$LIBRARY]SVCFILTER.H [DCE$LIBRARY]SVCLOG.H [DCE$LIBRARY]SVCREMOTE.H [DCE$LIBRARY]TRACE.HXX [DCE$LIBRARY]TWR.H [DCE$LIBRARY]TWR.IDL [DCE$LIBRARY]UNIX.H [DCE$LIBRARY]UNIX.IDL [DCE$LIBRARY]UTC.H [DCE$LIBRARY]UTCTYPES.H [DCE$LIBRARY]UTCTYPES.IDL [DCE$LIBRARY]UUID.H [DCE$LIBRARY]UUID.IDL A.4 Example Application Files The following example application files are created when you install the Application Developer's Kit: [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO.COM [SYSHLP.EXAMPLES.DCE.GSSAPI]DCE.OPT [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO.README [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO_CLIENT.C [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO_INET.H [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO_SERVER.C [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO_UTILS.C [SYSHLP.EXAMPLES.DCE.GSSAPI]ECHO_UTILS.H A-12 Files Created or Used on Your System Files Created or Used on Your System A.4 Example Application Files [SYSHLP.EXAMPLES.DCE.PWD_MGMT]PWD_MGMT.COM [SYSHLP.EXAMPLES.DCE.PWD_MGMT]DCE.OPT [SYSHLP.EXAMPLES.DCE.PWD_MGMT]PWD_MGMT.README [SYSHLP.EXAMPLES.DCE.PWD_MGMT]GEN.C [SYSHLP.EXAMPLES.DCE.PWD_MGMT]GEN.H [SYSHLP.EXAMPLES.DCE.PWD_MGMT]PWD_CACHE.C [SYSHLP.EXAMPLES.DCE.PWD_MGMT]PWD_CACHE.H [SYSHLP.EXAMPLES.DCE.PWD_MGMT]PWD_STRENGTHD.C [SYSHLP.EXAMPLES.DCE.PWD_MGMT]RSEC_PWD_MGMT.IDL [SYSHLP.EXAMPLES.DCE.PWD_MGMT]SECVMS.H [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK.COM [SYSHLP.EXAMPLES.DCE.RPC.BOOK]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK.README [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK.ACF [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK.C [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK.IDL [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK_MAIN.C [SYSHLP.EXAMPLES.DCE.RPC.BOOK]BOOK_MGR.C [SYSHLP.EXAMPLES.DCE.RPC.BOOK]RPCSERVER.C [SYSHLP.EXAMPLES.DCE.RPC.BOOK]RPCSERVER.H [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT_APP.COM [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT_APP.README [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT.ACF [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT.IDL [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT_CLIENT.C [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT_MANAGER.C [SYSHLP.EXAMPLES.DCE.RPC.CONTEXT_APP]CONTEXT_SERVER.C [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_APP.COM [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_APP.README [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]TEST_FILE.; [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST.ACF [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST.IDL [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_CLIENT.C [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_MANAGER.C [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_SERVER.C [SYSHLP.EXAMPLES.DCE.RPC.DATA_TEST_APP]DATA_TEST_XMIT.C Files Created or Used on Your System A-13 Files Created or Used on Your System A.4 Example Application Files [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX]IDLCXX.README [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]ACCOUNT.COM [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]IDLCXX.OPT [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]ACCOUNT.README [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]ACCOUNT.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]ACCOUNT.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]CHECKING.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]CLIENT.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]COMMON.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]NOWACCOUNT.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]SAVINGS.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]SERVER.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNT]SVRLIB.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]ACCOUNTC.COM [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]IDLCXX.OPT [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]ACCOUNTC.README [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]ACCOUNT.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]ACCOUNT.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]CHECKING.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]CLIENT.C [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]COMMON.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]NOWACCOUNT.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]SAVINGS.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]SERVER.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.ACCOUNTC]SVRLIB.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CARD.COM [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]IDLCXX.OPT [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CARD.README [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CARD.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CARD.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CARDIMPL.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]CLIENT.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]COMMON.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]IPLAYER.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]IPLAYER.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]PLAYER.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]PLAYER.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]SERVER.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.CARD]UTIL.CXX A-14 Files Created or Used on Your System Files Created or Used on Your System A.4 Example Application Files [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]STACK.COM [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]IDLCXX.OPT [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]STACK.README [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]CALCULATOR.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]CLIENT.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]COMMON.H [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]ICALCULATE.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]ICALCULATE.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]ISTACK.ACF [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]ISTACK.IDL [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]SERVER.CXX [SYSHLP.EXAMPLES.DCE.RPC.IDLCXX.STACK]STACK.H [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]PAYROLL.COM [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]PAYROLL.README [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]MANAGER.FOR [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]PAYROLL.DAT [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]PAYROLL.IDL [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]PRINT_PAY.FOR [SYSHLP.EXAMPLES.DCE.RPC.PAYROLL]SERVER.C [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.COM [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.README [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]CLIENT.C [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]DOSPORT.H [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]MANAGER.C [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.ACF [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.DOS [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.IDL [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.NT [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]PHNBK.TXT [SYSHLP.EXAMPLES.DCE.RPC.PHONEBOOK]SERVER.C [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1.COM [SYSHLP.EXAMPLES.DCE.RPC.TEST1]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1.README [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1.C [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1.IDL [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1_MAIN.C [SYSHLP.EXAMPLES.DCE.RPC.TEST1]TEST1_MGR.C Files Created or Used on Your System A-15 Files Created or Used on Your System A.4 Example Application Files [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2.COM [SYSHLP.EXAMPLES.DCE.RPC.TEST2]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2.README [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2.C [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2.IDL [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2_MAIN.C [SYSHLP.EXAMPLES.DCE.RPC.TEST2]TEST2_MGR.C [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3.COM [SYSHLP.EXAMPLES.DCE.RPC.TEST3]DCE.OPT [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3.README [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3.C [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3.IDL [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3_MAIN.C [SYSHLP.EXAMPLES.DCE.RPC.TEST3]TEST3_MGR.C [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]HELLO_SVC.COM [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]DCE.OPT [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]HELLO_SVC.README [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]HEL.SAMS [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]HEL_SVC.H [SYSHLP.EXAMPLES.DCE.SVC.HELLO_SVC]HELLO_SVC.C A-16 Files Created or Used on Your System B _________________________________________________________________ Sample Installation Logs This appendix provides a listing for the installation of HP DCE for OpenVMS Version 3.2 on OpenVMS Alpha. B.1 Installing HP DCE on OpenVMS Alpha This installation has the following assumptions: o OpenVMS Alpha Version 7.3-2 or higher was installed. o Both the Runtime Services Kit (RTK) and the Application Developer's Kit (ADK) are being installed. o The ADK license PAK was loaded already. o TCP/IP Services for OpenVMS Version 5.0 (or higher), and DECnet Phase IV or DECnet Phase V were installed. o The DCE$SERVER account exists already. o The NET$DECLAREOBJECT right has not yet been granted to DCE$SERVER; it will be granted by the installation procedure. $ @dka500:[dceaxp032]dce$install help Performing DCE pre-installation tasks...please wait. This installation procedure has detected an existing DCE$SERVER account. Correct operation of DCE on this system requires that the DCE$SERVER account have TMPMBX, NETMBX, DETACH and SYSPRV privileges. The installation procedure will modify the DCE$SERVER account to ensure that the prerequisite privileges are present. %UAF-I-MDFYMSG, user record(s) updated The following product has been selected: DEC AXPVMS DCE V3.2 Layered Product Do you want to continue? [YES] Sample Installation Logs B-1 Sample Installation Logs B.1 Installing HP DCE on OpenVMS Alpha Configuration phase starting ... You will be asked to choose options, if any, for each selected product and for any products that may be installed to satisfy software dependency requirements. DEC AXPVMS DCE V3.2: DCE V3.2 for OpenVMS Alpha Greetings! This is DCE V3.2 for OpenVMS Alpha. There are four components: the DCE Runtime Services, the DCE Application Development Kit, the DCE Security Server, and the DCE CDS Server. 1. The Runtime Services provides the core services necessary to execute and manage DCE applications. 2. The Application Development Kit provides the services and tools required to develop, execute, and manage DCE applications. The Runtime Services capability is automatically provided with the Application Development Kit. 3. The security server supplies support for a cell wide security database. A cell must have at least one system running a security server. 4. The CDS server supplies support for a cell wide naming database. A cell must have at least one system running a CDS server. (C) Copyright 2005 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation and Technical Data for Commercial use. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing here in should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. This product uses the following PAKS: DCE-SECURITY, DCE-CDS, DCE-APP-DEV Do you want the defaults for all options? [YES] n B-2 Sample Installation Logs Sample Installation Logs B.1 Installing HP DCE on OpenVMS Alpha <> This kit will make functional changes to your system. Before installing this kit you should make a backup copy of your system disk. If you do not make a copy of your system disk you will not be able to restore your system to a pre-kit installation state. Do you want to continue? [YES] << Pre Installation Tasks >> Before installing this kit, one of the following steps must be executed for the existing DCE or RPC configuration. - For fully configured DCE V3.0 system:" @SYS$MANAGER:DCE$SETUP CLEAN" - For fully configured DCE V3.1 system: @SYS$MANAGER:DCE$SETUP CLEAN" - For RPC only configured system:" @SYS$MANAGER:DCE$RPC_SHUTDOWN CLEAN" Do you want to continue? [YES] The Application Development Kit is optional and enabled with a PAK. It provides the services and tools required to develop, execute, and manage DCE applications. The Application Development Kit installs: + Required DCE application development header files + Interface Definition Language Compiler (IDL) + Language-Sensitive Editor (LSE) Templates for the Interface Definition Language + Unique User Identifier (UUID) Generator + Sample DCE Applications The Application Development Kit [NO] y Do you want to review the options? [NO] y DEC AXPVMS DCE V3.2: DCE V3.2 for OpenVMS Alpha The Application Development Kit: YES Are you satisfied with these options? [YES] Execution phase starting ... Sample Installation Logs B-3 Sample Installation Logs B.1 Installing HP DCE on OpenVMS Alpha The following product will be installed to destination: DEC AXPVMS DCE V3.2 DISK$APHE82:[VMS$COMMON.] %PCSI-I-RETAIN, file [SYSUPD]DTSS$INSTALL_TIMEZONE_RULE.COM was not replaced because file from kit has lower generation number %PCSI-I-RETAIN, file [SYSUPD]DTSS$TIMEZONE_RULES.DAT was not replaced because file from kit has lower generation number Portion done: 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% The following product has been installed: DEC AXPVMS DCE V3.2 Layered Product DEC AXPVMS DCE V3.2: DCE V3.2 for OpenVMS Alpha Release_notes_name.RELEASE_NOTES Release notes available Release notes for Alpha OpenVMS DCE V3.2 are available at SYS$COMMON:[SYSHLP]DCE032.RELEASE_NOTES *** DCE Product installation successful...beginning post-installation. The rights identifier NET$DECLAREOBJECT will now be granted to the DCE$SERVER account. You may IGNORE the message: "%UAF-E-GRANTERR, unable to grant identifier NET$DECLAREOBJECT to DCE$SERVER -SYSTEM-F-DUPIDENT, duplicate identifier" if it should occur. Press return to Continue %UAF-E-GRANTERR, unable to grant identifier NET$DECLAREOBJECT to DCE$SERVER -SYSTEM-F-DUPIDENT, duplicate identifier Load the Language-Sensitive Editor (LSE) templates for IDL? [Y]: n NOTE: Please add the following to your system's SYS$MANAGER:SYLOGIN.COM. These files define foreign commands for using DCE on OpenVMS. $ @SYS$MANAGER:DCE$DEFINE_REQUIRED_COMMANDS.COM $ @SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM Please add the following command to SYS$STARTUP:SYSTARTUP_*.COM on your system. This ensures that DCE$STARTUP.COM is executed at system boot. The parameters supplied to DCE$STARTUP.COM depend on the specific TCP/IP product you intend to use. You will now be asked to select the name of this TCP/IP product, and the installation will supply you with the correct command for SYS$STARTUP:SYSTARTUP_*.COM. TCP/IP product Keyword B-4 Sample Installation Logs Sample Installation Logs B.1 Installing HP DCE on OpenVMS Alpha HP's TCP/IP Services for OpenVMS TCPIP Multinet from TGV MULTINET TCPware from Process Software TCPWARE No TCP/IP Available at this time NONE Enter one of the keywords from the table above [TCPIP]: Enter $ @SYS$STARTUP:DCE$STARTUP in your SYS$STARTUP:SYSTARTUP_*.COM %DCE-S-INSTALL, Installation of OpenVMS DCE V3.2 completed ****************** End of Install Log ********************************* ________________________ Note ________________________ You can safely ignore the PCSI Informational messages. The files are already installed by the Operating System and have a higher generation number than those supplied with the Kit. ______________________________________________________ Sample Installation Logs B-5 C _________________________________________________________________ Sample Configuration Logs The following sections contain sample logs of DCE configurations. C.1 Initial Client Configuration @SYS$MANAGER:DCE$SETUP CONFIG *** System Management Procedure, DCE for OpenVMS Alpha V3.2 *** **************************** INFO ***************************** *** DCE is configured to support 70 DCE Processes %REGISTER-I- SUMMARY images examined: 1, dependent images: 0 DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_ Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: 1 Starting DCE client configuration . . . At each prompt, enter your response. You may enter for the default response, displayed in [brackets], or '?' for help. Entering a CONTROL- Z will terminate this configuration request. Press to continue . . . Sample Configuration Logs C-1 Sample Configuration Logs C.1 Initial Client Configuration Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files Starting client configuration Initializing RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 2380A9A6 Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 238110A8 Would you like to search the LAN for known DCE cells (YES/NO/?) [Y]? n Please enter your DCE hostname [mysore]: Please enter the name for your DCE cell []: mr6axp-cell Is the CDS Master Server within broadcast range (YES/NO/?) [N]? Please enter the hostname for the CDS Master Server []: mysore Checking TCP/IP local host database for address of "mysore". Please wait . . . Checking BIND servers for address of "mysore". Please wait . . . Terminating RPC Services/DCE Security Client daemon (DCE$DCED) . . . *** RPC (DCED) shutdown successful *** Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 2381282C Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . %RUN-S-PROC_ ID, identification of created process is 2380B22D Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC_ ID, identification of created process is 23811BAE Could not find security master using dcecp registry show Attempting to locate security server Found security server Creating dce$local:[etc.security]pe_site.; file Checking local system time Looking for DTS servers in the LAN profile Looking for Global DTS servers in this cell Found DTS server C-2 Sample Configuration Logs Sample Configuration Logs C.1 Initial Client Configuration The local system time is: Sun Oct 24 17:16:18 2004 Is this time correct? (y/n): y Do you need the Distributed Time Service? (YES/NO/?) [Y]? Do you intend to run MIT Kerberos 5 services on this machine? (YES/NO/?) [N]? Do you want to configure this host as an LDAP client? (YES/NO/?) [N]? Terminating CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . Terminating CDS Name Service Client daemon (DCE$CDSCLERK) . . . Please enter the principal name to be used [cell_admin]: Please enter the password for principal "cell_ admin" (or ? for help): Logging in to DCE using principal "cell_admin" . . . Logging in to DCE using principal "cell_admin" . . . Configuring security client Creating Dce$Specific:[Krb5]Krb.conf The following principal(s) already exist under /hosts/mysore/: /.../mr6axp-cell/hosts/mysore/self Do you wish to delete these principals? (YES/NO/?) [Y]? Deleting client principals Creating ktab entry for client Terminating RPC & Security Client Services daemon (DCE$DCED) . . . Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 238185B0 Starting sec_client service (please wait). This machine is now a security client. Press to continue . . . Configuring CDS client Creating the cds.conf file Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . %RUN-S-PROC_ ID, identification of created process is 238160B1 Sample Configuration Logs C-3 Sample Configuration Logs C.1 Initial Client Configuration Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC_ ID, identification of created process is 2381C334 Testing access to CDS server (please wait) . Logging in to DCE using principal "cell_admin" . . . Checking TCP/IP local host database for address of "mysore". Please wait . . . Configuring client host objects in the cell namespace . . . Creating /.:/hosts/mysore objects in name space Checking TCP/IP local host database for address of "mysore". Please wait . . . Please enter the name of your LAN [16.138.247]: This machine is now a CDS client. Stopping sec_client service... Starting sec_client service (please wait). Modifying acls on /.:/hosts/mysore/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata dce_cf.db hostdata cell_name hostdata pe_site hostdata cds_attributes hostdata cds_globalnames hostdata host_name hostdata cell_aliases hostdata post_processors hostdata svc_routing hostdata krb.conf hostdata dfs-cache-info hostdata cds.conf hostdata passwd_override hostdata group_override srvrconf Logging in to DCE using principal "cell_admin" . . . Configuring DTS daemon as client (DCE$DTSD) C-4 Sample Configuration Logs Sample Configuration Logs C.1 Initial Client Configuration Starting DTS daemon (DCE$DTSD)... Starting Distributed Time Service daemon (DCE$DTSD) . . . %RUN-S-PROC_ ID, identification of created process is 2380F6BA This machine is now a DTS clerk. Do you want to run the DCE Configuration Verification Program? (YES/NO/?) [Y]? Y Test requires that a DCE_LOGIN be performed Logging in to DCE using principal "cell_admin" . . . Executing DCE for OpenVMS Alpha V3.2 CVP (please wait) Copyright (c) Hewlett-Packard Development Company 2005. All Rights Reserved. . . . . . . . . . . DCE for OpenVMS Alpha V3.2 CVP was successful. Press to continue . . . DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_ Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Sample Configuration Logs C-5 Sample Configuration Logs C.1 Initial Client Configuration Please enter your selection: 0 *** DCE System Management Procedure Complete *** C.2 Initial Server Configuration @SYS$MANAGER:DCE$SETUP CONFIG *** System Management Procedure, DCE for OpenVMS Alpha V3.2 *** **************************** INFO ***************************** *** DCE is configured to support 70 DCE Processes DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_ Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: 2 At each prompt, enter your response. You may enter for the default response, displayed in [brackets], or '?' for help. Entering a CONTROL- Z will terminate this configuration request. Press to continue . . . Starting DCE server configuration . . . Please enter your DCE hostname [maple]: Please enter the name for your DCE cell []: maple-cell Do you wish to configure maple as a CDS server? (YES/NO/?) [Y]? C-6 Sample Configuration Logs Sample Configuration Logs C.2 Initial Server Configuration Will there be any DCE pre- R1.1 CDS servers in this cell? (YES/NO/?) [N]? ************************************************************************** * If the system clocks on the machines running the security * * and CDS servers differ more than one or two minutes from * * other systems in the cell, configuration anomalies can occur. * * Since this system's time will be used as a reference, please * * make sure that the system time is correct. * ************************************************************************** System time for maple: 25-OCT-2004 17:30:30.09 Is this correct? (YES/NO/?) [Y]? Do you need the Distributed Time Service? (YES/NO/?) [Y]? Do you want this system to be a DTS Server? (YES/NO/?) [Y]? Do you want this system to be a DTS Global Server? (YES/NO/?) [N]? y Does this cell use multiple LANs? (YES/NO/?) [N]? Do you intend to run MIT Kerberos 5 services on this machine? (YES/NO/?) [N]? Do you want to configure the LDAP name service? (YES/NO/?) [N]? Since you have chosen not to create the LDAP name space, you can not configure this machine as an LDAP client. You can create the LDAP name space and add this machine as a client after the cell is configured. Do you want to configure gdad to use LDAP? (YES/NO/?) [N]? You have made the following selections: DCE Cellname: maple-cell DCE Hostname: maple Multi-LAN Cell? No Use maple as a CDS Server? Yes Sample Configuration Logs C-7 Sample Configuration Logs C.2 Initial Server Configuration Use maple as the Security Server? Yes Use maple as a DTS Global Server? Yes Enable Kerberos 5 services? No Enable LDAP GDA? No Configure maple as an LDAP Client? No Do you want to save this as your DCE system configuration? (YES/NO/?) [Y]? Removing temporary local DCE databases and configuration files Removing permanent local DCE databases and configuration files ************************************************************************ * Starting the security server requires that you supply * * a 'keyseed.' When asked for a 'keyseed,' type some * * random, alphanumeric keystrokes, followed by RETURN. * * (You won't be required to remember what you type.) * ************************************************************************ Enter keyseed for initial database master key: Configuring security server (DCE$SECD) Please type new password for cell_admin (or '?' for help): Type again to confirm: Creating Dce$Specific:[Krb5]Krb.conf Initializing RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 2B60164E Starting RPC & Security Client Services daemon (DCE$DCED) . . . %RUN-S-PROC_ ID, identification of created process is 2B601950 Creating security master Starting Security Service Server daemon (DCE$SECD) . . . %RUN-S-PROC_ ID, identification of created process is 2B601951 Starting sec_client service (please wait). C-8 Sample Configuration Logs Sample Configuration Logs C.2 Initial Server Configuration Logging in to DCE using principal "cell_admin" . . . Adding principals to the registry database Creating group /.:/subsys/dce/dced-admin... Configuring CDS server (DCE$CDSD) Adding CDS registry entries Creating the cds.conf file Starting CDS Name Service Advertiser daemon (DCE$CDSADVER) . . . %RUN-S-PROC_ ID, identification of created process is 2B601952 Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC_ ID, identification of created process is 2B601953 Starting CDS Name Service Server daemon (DCE$CDSD) . . . %RUN-S-PROC_ ID, identification of created process is 2B601954 Please enter Domain and Bind Server address. (e.g. org.company.com, w.x.y.z) Domain name []: xko.dec.com Domain Name Server address []: 16.138.244.51 Starting Global Directory Agent daemon (DCE$GDAD) . . . %RUN-S-PROC_ ID, identification of created process is 2B601955 Starting PC Name Service Interface daemon (DCE$NSID) . . . %RUN-S-PROC_ ID, identification of created process is 2B601956 Testing access to CDS server (please wait) . Logging in to DCE using principal "cell_admin" . . . Initializing the namespace Modifying acls on /.: ... Checking TCP/IP local host database for address of "maple". Please wait . . . Sample Configuration Logs C-9 Sample Configuration Logs C.2 Initial Server Configuration Modifying acls on /.:/subsys/dce/sec ... Modifying acls on /.:/cell-profile Modifying acls on /.:/lan-profile Modifying acls on /.:/maple_ch Modifying acls on /.:/subsys/dce/dfs Modifying acls on /.:/subsys/dce/dfs/bak Modifying acls on /.:/hosts Modifying acls on /.:/hosts/maple Modifying acls on /.:/sec Modifying acls on /.:/sec-v1 Modifying acls on /.:/hosts/maple/self Modifying acls on /.:/hosts/maple/cds-clerk Modifying acls on /.:/hosts/maple/cds-server Modifying acls on /.:/hosts/maple/cds-gda Modifying acls on /.:/hosts/maple/profile Modifying acls on /.:/fs Modifying acls on: principal principal/krbtgt principal/krbtgt/maple-cell principal/hosts principal/hosts/maple principal/hosts/maple/self principal/hosts/maple/cds-server principal/hosts/maple/gda group group/acct-admin group/subsys group/subsys/dce group/subsys/dce/sec-admin group/subsys/dce/dts-admin group/subsys/dce/dts-servers group/subsys/dce/dfs-admin group/subsys/dce/dfs-fs-servers group/subsys/dce/dfs-bak-servers group/subsys/dce/cds-admin group/subsys/dce/cds-server org policy principal/nobody principal/root principal/daemon principal/sys C-10 Sample Configuration Logs Sample Configuration Logs C.2 Initial Server Configuration principal/bin principal/uucp principal/who principal/mail principal/tcb principal/dce-ptgt principal/dce-rgy group/none group/system group/daemon group/uucp group/bin group/kmem group/mail group/tty group/tcb org/none replist subsys/dce/sec sec Modifying acls on /.:/subsys/DEC/pc Stopping sec_client service... Starting sec_client service (please wait). Sample Configuration Logs C-11 Sample Configuration Logs C.2 Initial Server Configuration Modifying acls on /.:/hosts/maple/config secval xattrschema srvrexec keytab keytab/self hostdata hostdata dce_cf.db hostdata cell_name hostdata pe_site hostdata cds_attributes hostdata cds_globalnames hostdata host_name hostdata cell_aliases hostdata post_processors hostdata svc_routing hostdata krb.conf hostdata dfs-cache-info hostdata cds.conf hostdata passwd_override hostdata group_override srvrconf Logging in to DCE using principal "cell_admin" . . . Configuring DTS daemon as server (DCE$DTSD) Stopping sec_client service... Starting sec_client service (please wait). Logging in to DCE using principal "cell_admin" . . . Starting DTS daemon (DCE$DTSD)... Starting Distributed Time Service daemon (DCE$DTSD) . . . %RUN-S-PROC_ ID, identification of created process is 2B601958 Do you want to run the DCE Configuration Verification Program? (YES/NO/?) [Y]? Test requires that a DCE_LOGIN be performed Logging in to DCE using principal "cell_admin" . . . C-12 Sample Configuration Logs Sample Configuration Logs C.2 Initial Server Configuration Executing DCE for OpenVMS Alpha V3.2 CVP (please wait) Copyright (c) Hewlett-Packard Development Company 2005. All Rights Reserved. . . . . . . . . . . DCE for OpenVMS Alpha V3.2 CVP was successful. Press to continue . . . DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_ Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: 0 *** DCE System Management Procedure Complete *** Sample Configuration Logs C-13 Sample Configuration Logs C.3 Showing the DCE System Configuration and the DCE Daemons C.3 Showing the DCE System Configuration and the DCE Daemons $ @SYS$MANAGER:DCE$SETUP SHOW *** System Management Procedure, DCE for OpenVMS Alpha V3.2 *** **************************** INFO ***************************** *** DCE is configured to support 70 DCE Processes This system has the following DCE configuration: Cellname: maple-cell Hostname: maple Service Status ---------- --------- RPC & Security Client Services Enabled CDS Name Service Master Server Enabled Global Directory Agent without LDAP Enabled LDAP client Disabled Distributed Time Service Global Server Enabled Accept DECnet time (DTSS) sources Disabled Distributed Time Service Null Time Provider Disabled Distributed Time Service NTP Time Provider Disabled KRB5 Services Disabled Security Services Master Enabled Secval activated Auditing Subsystem daemon Disabled PC Name Service Interface Enabled Integrated login Disabled This system supports the following network transport protocols: TCP/IP: [ncacn_ip_tcp] UDP/IP: [ncadg_ip_udp] DECnet: [ncacn_dnet_nsp] TCP/IP services on this system are provided by: TCPIP TCP/IP Services for OpenVMS The current cell is: maple-cell Based on this configuration, the following DCE daemons should be active: Daemon Process Name Process ID C-14 Sample Configuration Logs Sample Configuration Logs C.3 Showing the DCE System Configuration and the DCE Daemons RPC & Security Client Services DCE$DCED 20C119C0 Security Service Server DCE$SECD 20C119C1 CDS Name Service Advertiser DCE$CDSADVER 20C109C2 CDS Name Service Client DCE$CDSCLERK 20C119C3 CDS Name Service Server DCE$CDSD 20C119C4 Global Directory Agent DCE$GDAD 20C119C5 PC Name Service Interface DCE$NSID 20C112D1 Distributed Time Service DCE$DTSD 20C119D3 *** DCE System Management Procedure Complete *** C.4 Modifying Configuration $ @SYS$MANAGER:DCE$SETUP CONFIG *** System Management Procedure, DCE for OpenVMS Alpha V3.2 *** **************************** INFO ***************************** *** DCE is configured to support 70 DCE Processes This system has the following DCE configuration: Cellname: mr6axp-cell Hostname: mysore Service Status ---------- -- ------- RPC & Security Client Services Enabled CDS Name Service Clerk Enabled CDS Cached Server Host mr6axp (16.138.247.157) LDAP client Disabled Distributed Time Service Clerk Enabled Accept DECnet time (DTSS) sources Disabled Distributed Time Service Null Time Provider Disabled Distributed Time Service NTP Time Provider Disabled KRB5 Services Disabled Security Services Client Enabled Secval activated Auditing Subsystem daemon Disabled PC Name Service Interface Disabled Integrated login Disabled This system supports the following network transport protocols: Sample Configuration Logs C-15 Sample Configuration Logs C.4 Modifying Configuration TCP/IP: [ncacn_ip_tcp] UDP/IP: [ncadg_ip_udp] DECnet: [ncacn_dnet_nsp] DECnet/OSI: [ncacn_osi_dna] TCP/IP services on this system are provided by: TCPIP TCP/IP Services for OpenVMS The current cell is: mr6axp-cell Based on this configuration, the following DCE daemons should be active: Daemon Process Name Process ID RPC & Security Client Services DCE$DCED 238185B0 CDS Name Service Advertiser DCE$CDSADVER 238160B1 CDS Name Service Client DCE$CDSCLERK 2381C334 Distributed Time Service DCE$DTSD 2380F6BA **************************** WARNING **************************** Executing this procedure will potentially modify this configuration. Do you want to proceed with this reconfiguration? (YES/NO/?) [Y]? DCE Configuration Menu DCE for OpenVMS Alpha V3.2 1) Client Configure this system as a DCE client 2) New Cell Create a new DCE cell 3) CDS Server Add Master CDS Server 4) Modify Modify DCE cell configuration 5) RPC_ Only Configure this system for RPC only 0) Exit Exit this procedure ?) Help Display helpful information Please enter your selection: 4 *** Modify Configuration Menu *** DCE for OpenVMS Alpha V3.2 C-16 Sample Configuration Logs Sample Configuration Logs C.4 Modifying Configuration 1) Add Replica CDS Server 2) Add Replica Security Server 3) Add DTS Local Server 4) Add DTS Global Server 5) Add Null Time Provider 6) Add NTP Time Provider 7) Enable Auditing 8) Enable DCE Integrated Login 9) Enable Kerberos 5 10) Configure LDAP Name Service 11) Add LDAP Client Service 12) Enable LDAP GDA 13) Register in X.500 0) Exit Return to previous menu ?) Help Display helpful information Please enter your selection: Sample Configuration Logs C-17