Well, I've got the solution in a few hours.
This list rules!
Thanks to:
Gerhard Nolte gnolte_at_gwdg.de (I found it out! See below.)
Stuart Davidson stuart.davidson_at_eurocontrol.be (You're right, I didn't check
the whole information.)
Rob Clark siegel_at_zko.dec.com (Thanks! Your mail is very complete.)
who answered my question.
THE PROBLEM:
***********
How to configure security in Polycenter Net View.
My original question was:
> Hi:
>
> Maybe this question is not related with D.U. but, who knows?
> I am running Polycenter Net View 4.1a with D.U 3.2D-1 and I'd like to
> turn security on.
> If I run manualy /usr/OV/bin/nvsec_admin, the option "Security
> Administartion" is grey.
> If I modify manualy the flag in /usr/OV/security/conf/sec.conf
> the Net View cores.
> Does anybody do it?
>
> Thanks in advance.
> Marcelo.
THE SOLUTION:
************
DCE MUST be installed and configured to implement security in Polycenter Net
View.
It is documented on "POLYCENTER Manager on Net View Installation Configuration
Guide - Chapter 5" although the rest of the documentation is ambiguos about it.
I could not test it because of the license, but it is expected to work.
Thanks again.
The answers:
--------------------------------------------------------------------------------
>Marcelo,
>
>I have the same problem. Digital told me, that security is available
>only with DCE, but the documentation tells different. Please let me
>know, if you'll find out something.
>
>Gerhard
>
>--
>Gerhard Nolte
>Email: gnolte_at_gwdg.de Voice: +49-551-709-2716 Fax: +49-551-709-2704
>Max-Planck-Institut fuer Stroemungsforschung, 37073 Goettingen, Germany
--------------------------------------------------------------------------------
>Netview security requires DCE, see release notes.
>
> Stuart Davidson
> Digital Equipment Co.
>
> Tel. (Work, NL) +31 43 3661452
> E-Mail (Work, NL) stuart.davidson_at_eurocontrol.be
> E-Mail (Work, NL) dav_at_mas.eurocontrol.be
> E-Mail (Work, UK) stuart.davidson_at_reo.mts.dec.com
-------------------------------------------------------------------------------
> Marcelo,
>
>In order to use NetView with security you must first install DCE. The
>menu option in NetView, Administer->Security Administration is
>designed to be greyed out until you have security turned on.
>
>This means to turn security on you must run the executable from the
>command line:
>
> # /usr/OV/bin/nvsec_admin
>
>and then select the menu item, Options->Global Settings and turn
>security on.
>
>The file /usr/OV/security/conf/sec.conf should not be edited.
>nvsec_admin reformats this file the first time you successfully turn
>security on.
>
>I have appended some notes that might help you get started.
>
>-- Rob Clark
> NetView on Digital UNIX
>
>
>Notes on installing DCE for PNV
>- -------------------------------
>
> Installation
> ------------
>
> Server
>
> 1. Install DCERTS130 Runtime services
> DCECDS130 Cell Directory Service
> DCESEC130 Security Server
>
> DCEECO132 DCE Runtime Services V1.3.2
> DCE CDS Server V1.3.2
> DCE Security Services V1.3.2
>
> PAKs: DCE-RT-SVC, DCE-SECURITY, DCE-CDS
>
> 2. Use /usr/sbin/dcesetup to create the cell
> The defaults are fine, including enabling SIA which
> is recommended by the DCE team.
>
> Client
>
> Install the DCE client on each machine running PNV base and
> PNV clients.
>
> 1. Install DCERTS130 Runtime services
> DCEECO132 DCE Runtime Services V1.3.2
>
> PAK: DCE-RT-SVC
>
> 2. Use /usr/sbin/dcesetup to configure the client
> The defaults are fine
> When asked to log in to the sec-admin group, use the
> cell_admin account created during the configuration of
> the cell on the DCE server.
>
> Accounts
> --------
> 1. Setup user accounts for the cell
> From either the DCE server or client.
> Log into cell_admin account
>
> dce_login cell_admin
>
> Note: to help keep the /etc/passwd and /etc/group files
> in sync with the DCE you can use passwd_import
> to transfer Unix accounts to the registry.
>
> Hint: Create passwd and group files containing all the
> accounts and groups for DCE environment and put the
> passwd and group file in some directory, then:
>
> passwd_import -d dirname
>
> Root account is a treated specially by DCE I believe,
> so no need to establish the root account. Login to
> a user account and su to become superuser and run PNV.
>
> Create entries for NetView security server daemon
>
> rgy_edit
> do principal
> add nvsecd
> do account
> add nvsecd
> ktadd -p nvsecd (this command must be run on DCE client
> that is running pnv. It creates a password
> in the local keytable for the daemon.)
>
> Repeat the ktadd command to add the key (password) for nvsecd
> on each PNV client so that the PNV client security daemon
> nvsecltd can get it.
>
> Login
> -----
> Valid ways of logging in for DCE/NetView
> Use the login command from the UNIX prompt:
>
> # login
> login: clark
> Password:
>
> # nvauth (Username admin, default password admin, group SrAdmin)
>
> or # pnv (which will invoke nvauth automatically)
>
> Note that exiting the GUI will perform a logout, forcing you
> to invoke nvauth to login again if you want to use PNV
> commands from the UNIX prompt.
>
> You must be root to start the PNV daemons. I do this by logging
> into my DCE user account on the workstation, run the "login"
> command to get the DCE tickets and then su to root.
>
> You can login in to NetView and run the GUI from root in this way also.
> If you want to login to NetView from a DCE user account without
> su'ing to root, then until the next release you need to make one
> alteration for this to work.
>
> DCE user accounts must be members of the group bin.
>
> As root type:
>
> # chmod 775 /usr/OV/security/cache
>
> Troubleshooting:
> ----------------
>
> If NetView login or command hangs, stop and restart the nvsecd
> daemon and invoke nvauth to login again. This is being worked
> for the next release.
>
-------------------------------------------------------------------------------
|
|.===.
{}o o{}
+-------------------------------------------ooO--(_)--Ooo--------------------+
| Marcelo Fabian Beltramo e-mail
.------- | m_beltramo_at_scomp1.sonda.cl
/ ,------ | Sonda Computacion S.A T.E.
" " . . | Alsina 772 (541) 334-1775 334-1793
------' / | Buenos Aires, Argentina FAX
-------' | C.P. : 1087 (541) 343-3561
|
+-----------------------------------------------------------------------------+
Received on Thu May 09 1996 - 18:36:54 NZST