DCE for Compaq Tru64 UNIX Version 3.1 Release Notes June 1999 This document describes new and changed features of DCE for Tru64 UNIX Version 3.1 as well as corrections to known problems, known problems and restrictions, and corrections to documentation. Compaq recommends that you read this document before installing and using DCE software. Product and Version: DCE for Compaq Tru64 UNIX Version 3.1 Operating System and Version: Compaq Tru64 UNIX Version 4.0x Compaq Computer Corporation Houston, Texas Compaq Computer Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from DIGITAL or an authorized sublicensor. (c) Compaq Computer Corporation 1998. All rights reserved. The following are trademarks of Compaq Computer Corporation: DIGITAL and the DIGITAL logo. COMPAQ, Compaq Tru64 UNIX, and the Compaq logo Registered in U.S. Patent and Trademark Office. The following are third-party trademarks: Kerberos is a trademark of Massachusetts Institute of Technology. OSF is a trademark of Open Software Foundation, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. All other trademarks and registered trademarks are the property of their respective holders. Table of Contents 1. NEW AND CHANGED FEATURES 2 1.1 New DMS Installation Option 2 1.2 New Distributed File Service Functionality 3 1.3 New SIA Administration Tool 3 1.4 New User-Selectable RPC Timeouts 3 1.5 Kerberized FTP 3 1.6 New randd daemon Startup Options 3 1.7 New CDS Preferencing Feature 3 1.8 New Security Feature 3 1.9 Changes to Documentation 4 2. CORRECTIONS TO KNOWN PROBLEMS 5 2.1 RPC 5 2.2 Security 5 2.3 DCEsetup 5 2.4 CDS 5 2.5 dcecp 5 3. KNOWN PROBLEMS AND RESTRICTIONS 6 3.1 Known Problem with RPC 6 3.2 Known Problem with dcecp 6 3.3 Known Problems and Restrictions in DFS 6 3.4 Known Problem with Split Server Configuration 7 3.5 Known Problems with Configuring a Security Server Replica 7 3.6 Known Problem with the passwd_export Command 7 3.7 Known Problem with Kerberos 5 and Kerberos 5 Compliant Utilities 7 3.8 Known Problem with CDS 8 3.9 Known Problem with the Example Programs 8 3.10 Public Key Storage Server Does Not Support Security Replicas 8 3.11 Thread Stack Overflow Not Reported 8 3.12 Use STDERR Instead of STDOUT with dcesetup 8 3.13 Known Problems in SIA 8 3.14 Known Problems in DECthreads with Tru64 UNIX, Version 4.0b 9 4. CORRECTIONS TO DOCUMENTATION 9 1. NEW AND CHANGED FEATURES This section describes new and changed features for DCE for Tru64 UNIX, Version 3.1. 1.1 New DMS Installation Option DCE for Tru64 UNIX Version 3.1 provides the ability to install DCE for Tru64 UNIX on a Dataless Management System (DMS) client. For detailed information on DMS, see the section on Dataless Management Services in the Tru64 UNIX System & Network Management Guide; the DMS section is in the chapter, "Sharing Software on a Local Area Network." 1.2 New Distributed File Service Functionality DCE for Tru64 UNIX Version 3.1 now includes R1.2.2 DFS functionality from The Open Group. For more information about DFS, refer to the DCE for Tru64 UNIX DFS Configuration Guide. 1.3 New SIA Administration Tool For detailed information on the DCE for Tru64 UNIX SIA administration tool (SIACFG), refer to the DCE for Tru64 UNIX Product Guide. 1.4 New User-Selectable RPC Timeouts Version 3.1 of DCE for Tru64 UNIX allows users to specify timeout parameters for certain RPC activities. For more information about RPC Timeouts, refer to the DCE for Compaq Tru64 UNIX Product Guide. 1.5 Kerberized FTP Version 3.1 of DCE for Tru64 UNIX adds support for the Kerberized ftp network tool. For more information, refer to the DCE for Compaq Tru64 UNIX Installation and Configuration Guide and Product Guide. 1.6 New randd daemon Startup Options Although it is not recommended, the randd daemon may now be toggled off so that it will not start up with the rest of the DCE daemons. To do so, set the environment variable DCE_RANDD_START to 0 in the process that starts the DCE daemons. The default is for randd to start up with DCE. If you start DCE from C shell, the procedure would be as follows: setenv DCE_RANDD_START 0 dcesetup start 1.7 New CDS Preferencing Feature A new enhancement has been added to improve the performance of CDS clients by providing a ranking to the order in which clearinghouses are contacted by the client for CDS information. For more information, refer to the DCE for Compaq Tru64 UNIX Product Guide. 1.8 New Security Feature The passwd_export utility now creates a backup of the passwd and group files before changing the files. The files created are: /etc/passwd.bak and /etc/group.bak respectively. 1.9 Changes to Documentation DCE for Tru64 UNIX Version 3.1 provides HTML versions of technical documentation from Compaq and The Open Group for viewing with a Web browser. These files are included on the Compaq Tru64 UNIX Alpha Online Documentation Library (ODL) CD-ROM. The DCE documentation can be found in the "Programming Tools and Languages" category of the CD. The following Compaq documentation is provided for online viewing: o DCE for Tru64 UNIX Installation and Configuration Guide -- Describes how to install DCE and configure and manage your DCE cell. o DCE for Compaq Tru64 UNIX Product Guide -- Provides supplemental documentation for DCE for Tru64 UNIX value-added features. o DCE for Tru64 UNIX Reference Guide -- Provides supplemental reference information for DCE for Tru64 UNIX value-added features. o DCE for Tru64 UNIX DFS Configuration Guide -- Describes how to configure the optional DCE Distributed File Service (DFS). The following OSF DCE Release 1.2.2 technical documentation is provided for online viewing: o Introduction to OSF DCE -- Contains a high-level overview of DCE technology including its architecture, components, and potential use. o OSF DCE Administration Guide - Introduction -- Describes the issues and conventions concerning DCE as a whole system and provides guidance for planning and configuring a DCE system. o OSF DCE Administration Guide - Core Components -- Provides specific instructions on how core components should be installed and configured. o OSF DCE Application Development Guide - Introduction and Style Guide -- Serves as a starting point for application developers to learn how to develop DCE applications. o OSF DCE Application Development Guide - Core Components -- Provides information on how to develop DCE applications using core DCE components such as RPC and security. o OSF DCE Application Development Guide - Directory Services -- Contains information for developers building applications that use DCE Directory Services. o OSF DCE Application Development Reference -- Provides reference information for DCE application programming interfaces. o OSF DCE Command Reference -- Describes commands available to system administrators. For information on how to order printed technical documentation, refer to the Read Before Installing DCE for Tru64 UNIX Version 3.1 letter. 2. CORRECTIONS TO KNOWN PROBLEMS 2.1 RPC o A rare race condition was fixed in the rpc_if_inq_id function. o Previously, invocation of the rpc__timer_fork_handler routine would, in very specific circumstances, cause a core. This problem has been corrected. o Previously, running perf test 15 with many threads could cause an illegal state transition error. This problem has been corrected. o Previously, a non-nil UID could cause occasional processing problems for the routine, rpc_mgmt_is_server_listening when using UDP binding. This problem has been corrected. o This release includes a number of small fixes to make locking mechanisms more resilient throughout the code. o This release includes a fix towards process_group to better detect buffer overuns. o This release includes a fix for a rare race condition that was occasionally encountered on multi-processor machines. o This release includes a fix for a cancel problem relating to waiting writers in fairness policy. 2.2 Security o Previously, if a NULL was passed in as a value for the third parameter (scope) of the sec_rgy_pgo_get_by_id function, a core would occur. This problem has been fixed. 2.3 DCEsetup o DCEsetup was modified to allow non-root users to run show and version options. 2.4 CDS o Previously, after flushing the cache, the CDS clerk occasionally would not start. This problem has been fixed. 2.5 dcecp o On occasion, a memory corruption would occur when displaying the cds cache. This problem has been fixed. 3. KNOWN PROBLEMS AND RESTRICTIONS 3.1 Known Problem with RPC The threads library included with versions of Tru64 UNIX V4.0D and earlier has a broadcast call that does not always wake up all blocked threads. A patch for this problem can be attained from the Tru64 UNIX group. 3.2 Known Problem with dcecp The following dcecp commands do not work for this release: o host configure o host unconfigure o cellalias set (disabled) o cdsalias set (disabled) 3.3 Known Problems and Restrictions in DFS 3.3.1 Unsupported DFS Commands The dfs_login and dfs_logout commands do not work for this release. 3.3.2 DCE DFS Does Not Properly Return ENOSPC DCE DFS does not properly return ENOSPC. The DCE DFS client code allows an application writing to a UNIX File System (UFS) exported by DCE DFS to pass data at 100 percent capacity. The application can write up to 111 percent capacity without generating an error. However, the file write will be incomplete. 3.3.3 Possible System Hang or Panic on shutdown or reboot Entering the shutdown or reboot commands after either of the DCE DFS daemons dfsd or fxd is running can cause the system to hang or panic. To work around a hang: Press the hard RESET button to return to console mode. Reboot the system. 3.3.4 Possible System Crash on a Machine on which DFS Has Been Configured into the Kernel On a machine on which DFS has been configured into the kernel but DFS has not been initialized (that is, dfssetup has not been run), the system could crash. Here are two suggested workarounds: o Rebuild a kernel without the DCE Distributed File Services option. o As root, patch the on-disk copy of the existing kernel file as follows (the example assumes your kernel file is named vmunix): # dbx /vmunix (dbx) px dcedfs 0x1 (dbx) patch dcedfs = 0 0 (dbx) px dcedfs 0x0 (dbx) quit 3.3.5 Certain Commands May Not Restore DCE DFS Mount Points The cp -[rR], tar, cpio, pax, restore, and vrestore commands may not correctly restore DCE DFS mount points if the local file system is used for recovery. To avoid this problem, restore the mount points in the DCE DFS namespace (for example, /:/path). 3.4 Known Problem with Split Server Configuration Split server configuration using a node running DCE for Tru64 UNIX Version 3.1 as the Security Server and a node running Transarc or HP DCE V1.3b ECO #2 as the CDS Server is not supported in this release. A DCE Release 1.2.2 system running IBM AIX R1.2.2 cannot be configured in a split cell environment as the Security server if DCE for Tru64 UNIX Version 3.1 is configured to run the CDS server. This problem will be corrected in a future product release. 3.5 Known Problems with Configuring a Security Server Replica In a mixed version Security server/replica environment, the Security server must be configured at the earliest DCE software revision in use. For example, you cannot configure a Security replica on a DCE for DIGITAL UNIX Version 2.x system, if the Security server is running on a DCE for Tru64 UNIX Version 3.1 system. The Security server must be running the same or lower version of DCE as that running on the Security replica system. Compaq cannot guarantee that you can configure a security replica on a DCE for Tru64 UNIX Version 3.1 system when the Security server runs on another vendor's R1.2.2 system. Conversely, it may not be possible to configure a security replica on another vendor's DCE R1.2.2 system when the Security server runs on a DCE for Tru64 UNIX Version 3.1 machine. This problem will be corrected in a future product release. 3.6 Known Problem with the passwd_export Command When the execution of the passwd_export command is interrupted, this process leaves the /etc/passwd and the /etc/group in an unusable state. 3.7 Known Problem with Kerberos 5 and Kerberos 5 Compliant Utilities The DCE for TRU64 UNIX Version 3.1 implementation of Kerberos 5 does not interoperate with generic Kerberos. Therefore, if a generic version of Kerberos is installed on your system, it should be removed before installing DCE Version 3.1. This problem will be corrected in a future product release. 3.8 Known Problem with CDS The command dcecp -c clearinghouse disable /.:/xxxxx renders the CDS server "Unable to Communicate". As a workaround you can recreate the clearinghouse and then issue a dcecp -c clearinghouse delete command. 3.9 Known Problem with the Example Programs There is no README file associated with the DTS examples. 3.10 Public Key Storage Server Does Not Support Security Replicas The Public Key Storage Server (PKSS) was not designed to support Security Replicas as stated in the non-goals section of the PKSS RFC (RFC 94.0) from The Open Group. The dcesetup program does not allow you to configure a PKSS in a client and/or security replica environment. 3.11 Thread Stack Overflow Not Reported Calling the sec_login_valid_from_keytable routine from a thread (as is commonly done in a server's refresh identity thread) may result in a silent thread stack overflow, a SEGV, and a memory fault (core dump). This problem can be avoided by using the pthread_attr_setstacksize routine to increase the thread's stack size. This problem was seen on Tru64 UNIX Version 4.0a (Rev. 464) where the default thread stack size (as returned by pthread_attr_getstacksize) was 21102 bytes. Increasing the stack size to 24000 bytes still resulted in stack overflow, but the increased stack size made it possible for the threads package to output an appropriate error message. Increasing the stack size to 65536 bytes corrected the stack overflow problem in our test case. NOTE: This problem could not be reproduced on Version 4.0b (Rev. 564) and later versions of Tru64 UNIX where the default thread stack size also is 21102 bytes. 3.12 Use STDERR Instead of STDOUT with dcesetup The dcesetup utility uses output from dcecp commands to verify that certain interfaces are running. When Serviceability via the routing file is turned on, dcesetup can successfully bring up all the daemons only if STDERR is specified instead of STDOUT. 3.13 Known Problems in SIA DCE SIA on Tru64 UNIX does not properly charge usage against the product license. With DCE SIA enabled, the available license count is decremented when a non-root user logs in, but is not incremented when the user logs out. On a machine without an unlimited user license, the available license count will eventually be consumed. This problem will be fixed in a future release of the Tru64 UNIX operating system. Currently, the following workarounds are available: o Disable DCE SIA before the problem occurs. o Reboot the machine whenever the license count is exceeded. o Perform all logins as root, with a subsequent su to the desired user. o Obtain an unlimited user license. When DCE SIA is enabled on Tru64 UNIX Version 4.0b, the kdbx sum command hangs: $ echo sum | kdbx -k /vmunix A similar problem has been seen on Tru64 UNIX Version 4.0a (464) where this command results in a threads exception in kdbx. This problem is caused by a mishandling of synchronous signals by the DECthreads package. Patch kit 6 for Tru64 UNIX 4.0b (or equivalent) repairs this and related problems, and is a prerequisite for running DCE on Tru64 UNIX 4.0b. Later versions of Tru64 UNIX (4.0c and higher) have corrected this problem. When DCE SIA is used to obtain a local user's group membership list, the list of group uids obtained from the DCE Registry is not processed against the group override file. 3.14 Known Problems in DECthreads with Tru64 UNIX, Version 4.0b Tru64 UNIX 4.0b has a known problem with the handling of synchronous signals by the DECthreads package. For the signals traditionally representing synchronous errors in a program (such as SIGPIPE, SIGSYS, SIGSEGV, SIGBUS, SIGFPE, SIGEMT, SIGIOT, SIGILL), DECthreads catches the signal and converts it into an equivalent exception. Tru64 UNIX 4.0b attempts to print an abort message for an unhanded exception. If an unhandled exception occurs in a libc library I/O routine, the thread causing the exception may hang in abort() because of a deadlock over an I/O mutex. Because running DCE in a Tru64 UNIX 4.0b environment may cause errors related to the synchronous signal mishandling in DECthreads, you must install Patch kit 6 or equivalent on Tru64 UNIX 4.0b if you plan to run DCE. If you also plan to run DCE DFS, you must also install the DFS slowfix patch. To determine what patches have been installed on a Tru64 UNIX system look in the file called "/var/adm/patch/log/event.log". 4. CORRECTIONS TO DOCUMENTATION The DCE for Tru64 UNIX DFS Configuration Guide has been updated and corrected for the Version 3.1 release. The following documentation problems have been noted in the DCE man pages: o Some manpages incorrectly state that the startup scripts are located in /etc/rc.d. The correct location for the startup scripts is /sbin/rc3.d o The manpage for rpc_mgmt_ep_elt_inq_begin is not displayed correctly.