OSF DCE Administration Guide—Introduction Revision 1.
The information contained within this document is subject to change without notice. OSF MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. OSF shall not be liable for errors contained herein, or for any direct or indirect, incidental, special or consequential damages in connection with the furnishing, performance, or use of this material.
RESTRICTED RIGHTS NOTICE: Use, duplication, or disclosure by the Government is subject to the restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.2277013. RESTRICTED RIGHTS LEGEND: Use, duplication or disclosure by the Government is subject to restrictions as set forth in paragraph (b)(3)(B) of the rights in Technical Data and Computer Software clause in DAR 7-104.9(a). This computer software is submitted with "restricted rights.
Part 1.
Preface The OSF DCE Administration Guide provides concepts and procedures that enable you to manage the OSF Distributed Computing Environment (DCE). Basic OSF DCE terms are introduced throughout the guide. A glossary for all of the DCE documentation is provided in the Introduction to OSF DCE. The Introduction to OSF DCE helps you to gain a high-level understanding of the DCE technologies and describes the documentation set that supports DCE.
Preface Document Usage The OSF DCE Administration Guide consists of two books, each of which is divided into parts, as follows: • The — Part 1. Introduction to DCE Administration — Part 2. Configuring and Starting Up DCE • The — Part 1. The DCE Control Program — Part 2. DCE Administration Tasks — Part 3. DCE Host and Application Administration — Part 4. DCE Cell Directory Service — Part 5. DCE Distributed Time Service — Part 6.
OSF DCE Administration Guide—Introduction Typographic and Keying Conventions This guide uses the following typographic conventions: Bold Bold words or characters represent system elements that you must use literally, such as commands, options, and pathnames. Italic Italic words or characters represent variable values that you must supply. Constant width Examples and information that the system displays appear in constant width typeface.
0− 0 Tandem Computers Incorporated 124244
Contents _____________________________ Preface . . . . . . . . . . . . . . . . . . . . . . . . . . viii Audience . . . . . . . . . . . . . . . . . . . . viii Applicability . . . . . . . . . . . . . . . . . . . viii Purpose . . . . . . . . . . . . . . . . . . viii . . . . . . . . . . . . . . . . . . ix . . Document Usage Related Documents . . . . . . Typographic and Keying Conventions Problem Reporting .
OSF DCE Administration Guide—Introduction 2.4 The Filespace . . . . . . . . . 2.4.1 DFS Administrative Domains . . . 2.4.2 DFS Administrative Lists . . . . 2.4.3 Determining the Roles of DFS Machines 2.4.4 Setting Up the DFS File Tree . . . 2.4.5 Setting Up Filesets . . . . . . 2.4.6 Using @sys and @host Variables . Chapter 3. Client and Server Considerations 3.1 3.2 3.3 3.4 . . . Requirements for DCE Client Machines . . 3.1.1 Files Installed on DCE Client Machines 3.1.2 RPC Client Programs . . . .
Contents 5.3.3 CDS Security and Access Control . . . 5-5 5.4 GDS Maintenance Tasks . . . . . . . . . . . . . 5.4.1 Monitoring GDS . . . . . . . . . . . . . 5.4.2 Managing GDS . . . . . . . . . . . . . . 5.4.3 Backing Up GDS Data Files . . . . . . . . . . 5.4.4 Changing Global Directory Configurations . . . . . . . . . . . . . . . . 5-5 5-5 5-6 5-7 5-7 5.5 DTS Maintenance Tasks . . . . . . . 5.5.1 Managing the Distributed Time 5.5.2 Modifying System Time . . . . . . . . . Service . . . . . . . .
OSF DCE Administration Guide—Introduction 7.2.9 Installing The Application Development Environment . . . . 7.2.10 Installing the Optional Utilities . . . . 7.2.11 Installing a Security Server Replica . . . 7.2.12 Installing DFS Clients . . . . . . . Chapter 8. Configuring DCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 7-12 7-13 7-13 . . . . . . . . . . . . . . . . . . . 8-1 8.1 Prerequisites . . . . . . . . . . . . . . . . . . . 8-1 8.
Contents 10.1.2 Sample Environment File . 10.1.3 Sample Command File . . . . . . . . . . . . . . 10-2 10-5 10.2 Setting Environment Variables . . . . . . . . 10.2.1 The dce_config Environment Variables . . . . 10.2.2 The dfs_config Environment Variables . . . . . . . . . . . . . . . . . . . 10-9 10-9 10-16 10.3 Controlling Message Logging . . . . . . . . . . . . . 10-18 . . . . . . . . 10-19 . . . . . A-1 A.1 The CDS Space . . . . . . . . . . . . . . A.1.
OSF DCE Administration Guide—Introduction LIST OF FIGURES Figure 1-1. Interaction of Clients and Servers . . . . . . . . . . . . . . . 1-2 Figure 2-1. Top Level of the Cell Namespace . . . . . . . . . . . . . . . 2-9 Figure 3-1. An Example DFS Configuration . . . . . . . . . . . . . . . . Figure 6-1. Sample Log File . . . . . . . . . . 3-12 . . . . . . . . . . 6-7 Figure 10-1. Sample Environment File . . . . . . . . . . . . . . . . . .
Contents LIST OF TABLES TABLE 10-1. dce_config Environment Variables .............. 1 0 - 1 0 TABLE 10-2. dfs_config Environment Variables .............. 1 0 - 1 7 TABLE 10-3. Environment Variables and Message Logging 124244 ...........
Chapter 1. Introduction to DCE for Administrators The Introduction to OSF DCE introduced you to the OSF Distributed Computing Environment (DCE), describing the major components of its services. This chapter provides an overview of DCE from the perspective of the system or network administrator. As the Introduction to OSF DCE explains, DCE is a set of services that together make up a high-level coherent environment for developing and running distributed applications.
OSF DCE Administration Guide—Introduction • Replication, which is the process by which copies of information are created and kept consistent 1.1 Clients and Servers DCE is based on the client/server model. A server is a machine or process that provides a specialized service to other machines or processes. A client is a machine or process that uses a server’s specialized service during the course of its own work.
Introduction to DCE for Administrators cell are usually located in a common geographic area, but they can also be located in different buildings, different cities, or even different countries, provided they are adequately connected. A cell’s size can range from only one machine to several thousand, depending on the size of the organization. All machines in an organization can be included in one cell, or you can choose to have numerous cells within one organization.
OSF DCE Administration Guide—Introduction global namespace. Administrative tools use the namespace to store information and to locate DCE services. DCE services advertise their locations to the namespace. The namespace provides a means of organizing DCE services into manageable groups. 1.5 The Filespace Part of the cell namespace is the filespace, which consists of files and directories.
Introduction to DCE for Administrators • GDS entries managed by GDS’s own ACL mechanism, as described in the An ACL consists of multiple ACL entries that define the following: • Who can use an object • What operations can be performed on the object In the filespace, ACLs are an extension of the UNIX system’s file protection model.
Chapter 2. Global and Cell Considerations The purpose of Chapters 2 through 5 is to assist you in planning for the installation, configuration, and maintenance of DCE. For detailed information about installing the DCE source tape and building DCE, refer to the OSF DCE Release Notes and the OSF DCE Porting and Testing Guide. Part 2 of this guide describes the configuration process, including installing executable files, setting up a DCE cell, and configuring servers and clients.
OSF DCE Administration Guide—Introduction If information changes frequently and users in your network depend on the accuracy of that information, you need to consider how much you rely on replication. It is better to go to a central source of information for data that changes frequently. If users look up information but do not need to change the information that is shared with other users, you can rely more on replicated data.
Global and Cell Considerations Regardless of which method you choose, in order for your cell to to communicate with other cells, you must — Establish a unique name for your cell and define it in the appropriate namespace (GDS, DNS, or CDS) — Have at least one GDA running in the cell — Establish a Security Service trust relationship with the other cells with which you wish to communicate 2.
OSF DCE Administration Guide—Introduction called a Relative Distinguished Name (RDN). The Directory Information Tree (DIT) determines the hierarchy of a GDS name; that is, how the RDNs are ordered to create a global name. An example of a GDS-style global name, called a Distinguished Name (DN), is /.../C=US/O=ABC/OU=DCE/CN=gunther. Each RDN is separated by slashes (/). See the for a complete description of the GDS naming structure.
Global and Cell Considerations 2.1.2 Establishing a DNS Cell Name DCE also supports global directory operations through the use of DNS. If you plan to use DNS to communicate with other cells, you need to obtain a globally unique name for your cell from the DNS global naming authorities before you configure your cell, then define it in the DNS namespace. The name you obtain for your cell will be in DNS syntax. An example of a DNS-style cell name is: /.../seattle.abc.
OSF DCE Administration Guide—Introduction FAX (703) 802-8376 Government Systems, Inc. Attention: Network Information Center (NIC) 14200 Park Meadow Drive Suite 200 Chantilly, VA 22021 After you have configured your cell, you need to define it in the DNS global namespace by a creating cell entry for it in DNS. To create a cell entry in DNS, an administrator must edit a data file that contains resource records.
Global and Cell Considerations 2.2 The Cell Namespace An integral part of planning for a DCE cell is understanding the organization of your cell namespace.
OSF DCE Administration Guide—Introduction • Reconfigure the host in the new cell. • Delete any namespace or registry entries for the host in the old cell. 2.2.3 Types of Cell Namespace Entries The following subsections describe the different types of entries that comprise the cell namespace. These entries are created when you follow the default configuration path described in Part 2. The , the , and the provide details about the names that the DCE components use.
Global and Cell Considerations Figure 2-1. Top Level of the Cell Namespace /.: cell-profile lan-profile lclhostname_ch hosts sec fs subsys dce dfs sec bak master You can use the CDS browser (cdsbrowser) or the DCE control program (dcecp) to view the CDS part of the namespace, including the sec and fs junctions. You can use commands such as ls to see the contents of the DFS part of the namespace and the dcecp program to see the contents of the Security portion. 2.2.3.
OSF DCE Administration Guide—Introduction 2.2.3.2 Security Namespace Entries The types of Security entries are as follows: • principal This type of entry contains an individual principal. • principal directory This type of entry contains individual principals or one or more principal directories, or both. • group This type of entry contains an individual group. • group directory This type of entry contains individual groups or one or more group directories, or both.
Global and Cell Considerations object’s fully qualified pathname, as shown in the following example: /.:/sec/principal/smith and not simply the following: smith The following parts of the namespace comprise the Security namespace: • /.:/sec/principal • /.:/sec/group • /.:/sec/org • /.:/sec/policy 2.2.4 CDSNamespace Replication Considerations Directory replication is the most reliable way to back up the information in your CDS namespace.
OSF DCE Administration Guide—Introduction manages the Security server but does not control the DFS filespace. Following are some of the groups created when you configure DCE using the DCE configuration script: • sec-admin This group administers Security servers, registry replication, and other Security functions. • cds-admin This group administers CDS servers, CDS replication, and other CDS functions. • dts-admin This group administers DTS servers and related DTS functions.
Global and Cell Considerations 2.4.2 DFSAdministrative Lists DFS administrative lists are files that define the principals and groups that can perform actions affecting specific server processes on a server machine. There is one DFS administrative list for each DFS server process running on a machine. For example, a server’s admin.bos file defines who has administrative rights to the BOS server (bosserver), and thus determines who can manipulate and maintain server processes on that one server.
OSF DCE Administration Guide—Introduction • The common directory This directory contains programs and files needed by users working on machines of all system types, such as text editors or online documentation files. The common/etc directory is a logical place to keep the central update sources for files used on all DFS client machines. • The public directory This directory contains files that users want to make available to everyone, including foreign and unauthenticated users.
Global and Cell Considerations • Consider the disk space a fileset requires before setting up filesets. 2.4.6 Using@sys and @host Variables Follow the suggested conventions in the when using the @sys and @host variables in certain pathnames. When the DFS Cache Manager encounters one of these variables, it substitutes a string that consists of the local machine’s architecture and operating system type for @sys or the hostname for @host, causing a certain directory to be used.
Chapter 3. Client and Server Considerations This chapter describes configurations for DCE client machines, the different types of DCE server machines, DCE remote administration machines, and DCE Application Development Environment machines. A DCE client machine can run client code of every DCE service. DCE server machines are configured to run a certain set of the DCE software.
OSF DCE Administration Guide—Introduction 3.1.1 Files Installed on DCE Client Machines This section gives an overview of the software that is installed on DCE clients. Additional details are provided in Sections 3.1.2 through 3.1.7. 3.1.1.1 Minimum DCE Client A minimum DCE client configuration contains client services for DCE RPC, CDS, Security, and DTS. 3.1.1.
Client and Server Considerations The following files are needed on the AIX platform only; they are kernel extensions. On the OSF/1 platform, they are already linked into the kernel. config_kern_ext, dtskernext, unload_kern_ext • dtsloadobj, load_kern_ext, query_kern_ext, DFS Clients Only The following files are needed only if the DCE client machine is also a DFS client machine: dfsbind, dfsd The following are optional on a DFS client: bos, cm, fts • AIX DFS Clients Only cfgdfs, cfgexport, dfscmfx.
OSF DCE Administration Guide—Introduction interactive users, but the machine principal is not. The Security Validation Service performs the processing necessary so that other daemon processes on the machine appear to be running with the machine’s identity. The Security Validation Service periodically refreshes the ticket-granting ticket for the machine’s principal. A DCE client machine must have a valid ticket-granting ticket in order for a principal to use DCE services.
Client and Server Considerations these programs. 3.1.7 GDS Client Programs This section describes the programs that make up the client side of GDS. The DCE configuration script installs the GDS client software but does not configure it. To configure and activate a GDS client, run the gdssysadm program, then initialize the Directory User Agent (DUA) cache by running gdsditadm. For details on these programs and on setting up and activating GDS, see the .
OSF DCE Administration Guide—Introduction client. A new copy is retrieved from the DFS File Server machine only when another process changes the cached portion of the file. The dfsd process also caches directory and fileset location information. • The dfsbind process does the following: — Obtains cell location information from CDS — Responds to Security Service requests on behalf of the DFS kernel processes by making calls to the Security server 3.
Client and Server Considerations • The DCE control program (dcecp) for the management and maintenance of the Security software. Optionally, also the sec_admin program. See Section 3.3 for descriptions of these programs. Keep the following considerations in mind when you are planning for Security servers: • The node that runs the master Security server must be highly available and physically secure.
OSF DCE Administration Guide—Introduction When preparing for CDS, you need to select server nodes that store and maintain the clearinghouses (CDS databases) in the cell. Keep the following guidelines in mind in order to achieve reliability, optimum performance, and data availability: • Choose dependable nodes. A CDS server wants to avoid downtime as much as possible and needs to be restarted quickly when downtime occurs.
Client and Server Considerations server process. Consider the following guidelines when planning your DTS implementation: • Each cell needs to have at least three DTS servers. At least three DTS servers are needed in order to detect if one of them is faulty when they are queried for the time. It is preferable to have four or more DTS servers to provide redundancy. The additional servers increase the accuracy of time synchronization.
OSF DCE Administration Guide—Introduction • Per-machine utilities — These utilities are the gdsipcchk and gdssysadm programs, which are described in Section 3.1.6. You can have more than one GDS server (DSA) running in your cell. If you have more than one DSA, the data in the Directory Information Base (DIB), which is the GDS database, can be partitioned by storing a different part of the DIB on each server. Alternatively, the data can be replicated by storing copies of the DIB on several machines.
Client and Server Considerations epidaemon For the System Control machine, the following program is added: upserver For the File Server machine, the following programs are added: newaggr, upclient For the Fileset Location Database machine, the following programs are added: flserver, newaggr, upclient The following programs are optional for DFS servers: bak, bakserver, butc, cm, fms, repserver, scout, upclient, upserver DFS File Servers can assume different roles.
OSF DCE Administration Guide—Introduction A File Server machine is used to export DCE LFS and non-LFS data for use in the global namespace. This machine must run the fxd, ftserver, bosserver, and repserver processes. File Server machines also run the upclient process to receive configuration file updates. The client process, dfsbind, must also run on this machine. The full range of fileset operations, including replication, is available on this machine.
Client and Server Considerations File Server fxd ftserver bosserver repserver upclient dfsbind File Server machine Fileset Location Database machine System Control machine Binary Distribution machine FLDB fxd ftserver bosserver repserver upserver flserver dfsbind Network client Private File Server fxd ftserver bosserver upclient dfsd dfsbind client dfsd dfsbind client dfsd dfsbind dfsd dfsbind For information about other DFS configuration options, see the .
OSF DCE Administration Guide—Introduction The dcecp program, which is the overall administration tool for DCE, has functions for administering the DCE services except that it does not perform certain operations on CDS clerks and severs and does not maintain local registries. Also, you cannot use the program to administer GDS and DFS. The dcecp program is included in all of the DCE server software packages, except GDS and DFS. 3.3.
Client and Server Considerations 3.3.4 CDSAdministration Programs CDS provides the following administration utilities: • The CDS control program (cdscp), which is a CDS-specific administrative tool, allows you to control CDS servers and clerks and to manage the namespace and its contents. • The CDS Browser (cdsbrowser) is a Motif-based program that lets you view the contents and structure of the CDS namespace. 3.3.
OSF DCE Administration Guide—Introduction • The newaggr command can format a raw disk partition for use as a DCE LFS aggregate. • The dfsexport command makes DCE LFS aggregates and non-LFS partitions available to remote users through use of the File Exporter. 3.3.8 Programs for DCE Remote Administration Machines You may decide to configure a machine for the remote administration of the DCE servers.
Chapter 4. Location of Installed DCE Files This chapter describes the location of DCE files that are created during the installation and configuration processes. The files used by DCE are grouped in the following locations: • The dceshared subdirectories • The dcelocal subdirectories • Conventional UNIX subdirectories Some information needs to be kept locally on a machine for reliability and to ensure that security is maintained.
OSF DCE Administration Guide—Introduction The files in the dceshared subtree can be kept on local machines or, preferably, they can be exported to other machines in the DCE cell by using DFS. Therefore, shareable files, including binaries that are addressed by @sys, are stored under dceshared. The dceshared subtree is read-only.
Location of Installed DCE Files maintenance. The contents of the dcelocal subtree can vary from machine to machine inside a DCE cell to accommodate and serve specific configurations. In addition, every machine must have local access to certain files so that each machine can run as a standalone system if the machine is disconnected or partitioned from the cell. The appropriate files on DCE servers that have to be local to the server machine must be stored under dcelocal.
OSF DCE Administration Guide—Introduction 4− 4 • DCE service administrators who are responsible for a particular DCE service such as Security and have read and write permissions for the data files for the respective service. You can assign a separate DCE Security Service administrator, while a single cell administrator can have responsibility for the remaining DCE services.
Chapter 5. Overview of DCE Maintenance Once you have performed the tasks required for planning, installing, and configuring your DCE system, you can go on to perform the tasks required for maintaining the system. The initial tasks of planning, installing, and configuring are performed infrequently, some only once. Maintenance tasks, however, are performed on a regular basis throughout the lifetime of your system.
OSF DCE Administration Guide—Introduction 1. Shutdown DCE (by selecting option 4 in the dce_config Main Menu). 2. Change the machine’s network address and reboot the operating system, as needed. 3. Remove the machine’s CDS cache: rm /opt/dcelocal/var/adm/directory/cds/cds_cache* 4. Update the network address in the /opt/dcelocal/etc/security/pe_site file. 5. Update the network address in the /opt/dcelocal/etc/cds_config file. 6. Restart DCE (by selecting option 3 in the dce_config Main Menu). 7.
Overview of DCE Maintenance 8. If DFS is used in a DCE cell, you must also issue the following command for every DFS server (flserver) that has undergone a network address change: > fts edserver -server old.ip.addr -changeaddr new.ip.addr You can then restart all of the DFS servers in the cell so that they recognize the new address. You may also have to stop and restart DCE (using dce_config), as well, and remove the CDS cache before restarting the servers.
OSF DCE Administration Guide—Introduction affect other CDS servers or clerks. — Monitor the success of skulks that originate at the server. A skulk is a method of updating all replicas through repeated operations. — Monitor the size and usage of the server’s clearinghouse and, if necessary, discuss with the namespace administrator the need to relocate some replicas or create a new clearinghouse. — Monitor and tune system parameters that affect or are affected by CDS server operation.
Overview of DCE Maintenance — Create new objects in directories or oversee their creation. (Beyond a certain level in the directory hierarchy, you also can delegate the responsibility of maintaining directories and the objects in them.) — Add new administrators to the cds-admin security group. Chapters 16, 17, 18, and 20 of the provide detailed information about how to perform these tasks. 5.3.
OSF DCE Administration Guide—Introduction GDS maintains log files for each of the following processes: • The DUA process • The Cache process • The Client-stub process • The Server-stub processes • The DSA processes • The GDS system administration process • The Monitoring process For more information on the location, contents, and creation of log files, see the . 5.4.
Overview of DCE Maintenance This function controls objects stored in the local DUA cache database and changes their attributes. — Cache Update This function displays, activates, or deactivates the Cache Update job, or changes its update frequency. • Activation of a directory system installation This directory management function activates the directory installation by starting the background processes of GDS.
OSF DCE Administration Guide—Introduction • Adjust the system clocks. • Change DTS attributes for varying WAN conditions. • Modify the system configuration when the network environment changes. For more detailed information on DTS maintenance tasks, see the . 5.5.1 Managing the Distributed Time Service You can use the dcecp program to create and enable DTS. Once this is done, you can perform routine management tasks, such as enhancing performance, reconfiguring the network, and changing local time.
Overview of DCE Maintenance time providers and the network systems have been running for some time. The clock set command accomplishes this task by gradually modifying the time. The clock set command used with the -abruptly option and the dts synchronize command provide additional methods for adjusting the system clock and synchronizing systems. 5.6 Security Service Maintenance Tasks The following subsections summarize the maintenance tasks you perform while administering the Security Service.
OSF DCE Administration Guide—Introduction Registry policies include certain password and account information. Policies also include overrides, which are exceptions tied to a specific machine. Use the dcecp program’s registry commands to set and maintain registry policies. Details on how to these commands are in Chapter 35 of the . Ticket expiration date, password life span, password format, and password expiration date are examples of registry policies that you can set.
Overview of DCE Maintenance • Removing a server host from the network when you plan to remove a machine that runs a slave registry server from the network or shut that machine down for an extended period 5.7 DFS Maintenance Tasks The following subsections summarize the five major DFS maintenance tasks: monitoring DFS servers and clients, managing filesets in a cell, backing up filesets, reconfiguring the Cache Manager, and managing DFS security.
OSF DCE Administration Guide—Introduction • Salvaging filesets • Synchronizing fileset information • Setting and listing fileset quota and current size • Removing filesets and their mount points • Dumping and restoring filesets • Renaming filesets • Unlocking and locking FLDB entries 5.7.3 Backing Up Filesets The system administrator uses the Backup System provided by DFS to make backup tape copies of filesets.
Overview of DCE Maintenance • Forcing the Cache Manager to discard or fetch a new version of a file or directory from the File server machine 5.7.5 DFSSecurity and Access Control In DFS, you can set up administrator groups with special privileges that permit members of a group to do the following: • Issue administrator commands. • Create or remove filesets. • Perform system backups. In DFS, administrative lists define the principals that can perform actions affecting specific server machines.
Part 2.
Chapter 6. Overview of the dce_config Script The dce_config script (and the component scripts it invokes) are a tool for installing and configuring DCE machines.
OSF DCE Administration Guide—Introduction 6.1 Starting the dce_config Script To start the dce_config script, perform the following steps: 1. Login as root to the machine on which you are installing or configuring DCE. You cannot install or configure machines remotely. 2. If necessary, copy the /etc directory from the distribution media by performing the following steps: a. Use the cd command to move to the /opt/dce directory. cd /opt/dce b. Use the tar command to copy the dce1.
Overview of the dce_config Script . All dce_config menus display the name of the node on which you are running dce_config. In the sample menus shown in this guide, the actual node name is represented by host_name. 6.2 Defaults The dce_config script prompts you for information it needs. You supply that information by typing it in after the prompt and pressing . When dce_config prompts you for information, it shows the default value in parentheses just after the prompt.
OSF DCE Administration Guide—Introduction A sample error message follows: ERROR: Can’t create file /opt/dcelocal/ext/dfs_episode.ext Press to continue, CTRL-C to exit: 6.3.2 Warning Messages Warning messages inform you of non-fatal events that you should be aware of before you continue. When you receive a warning message, you may be required to either: 1) press to continue processing or 2) CTRL-C to exit dce_config.
Overview of the dce_config Script 6.3.4 Detail Messages Detail messages show all actual commands that affect the configuration or the state of the machine being configured. The messages also show which dce_config component script executed the command. Detail messages that contain the word "Executing" provide a record of the exact commands used to configure a machine. Detail messages have the form: D: message text A sample detail message follows: D: dfs.
OSF DCE Administration Guide—Introduction Debug messages have the form: DEBUG: message text Some sample debug messages follow: DEBUG: DEBUG: Executing: daemon_slayer(dtsd) dtsd can’t be killed, not running 6.3.7 The dce_config log File In addition to being displayed on the screen, messages are also written to the dce_config log file, /tmp/dce_config.log. As with the screen displays, you can control the type of messages logged in the file using the environment variables described in Chapter 10.
Overview of the dce_config Script V: NTP_HOST: V: MULTIPLE_LAN: V: LAN_NAME: V: CONFIG_DFS_CLIENT: V: CELL_ADMIN: NULL V: CELL_ADMIN_PW: V: TOLERANCE_SEC: 120 V: check_time: y V: DEFAULT_MAX_ID: 32767 V: UID_GAP: 100 V: LOW_UID: V: GID_GAP: 100 V: LOW_GID: V: SYNC_CLOCKS: V: DEFAULT_PW: V: FILESYSTEM: V: MEDIA: V: DTS_CONFIG: V: CP_OR_SYMLINK: V: USE_DEF_MSG_PATH: V: Us
OSF DCE Administration Guide—Introduction You can exit from dce_config at any time and from any location by pressing CTRL-C.
Chapter 7. Installing DCE This section is an overview of how to use the DCE installation and configuration script, dce_config, to install the DCE binaries built for your platform. Once the binaries are installed, you can configure the system as described in Chapter 8. The dce_config script is supplied by OSF as part of the the DCE offering. Your system vendor may provide an alternative method of installing the DCE binaries. If so, refer to the vendor’s documentation for instructions. 7.
OSF DCE Administration Guide—Introduction If you are installing from an install tree stored on the file system, ensure you have access to the tree either on the local machine or through a remote mount. During the installation, you will be prompted to specify the location of the install tree. If it is on the file system, you supply its pathname. If it is on a media device, you supply the device name. 7.1.2 Machine Requirements You must install the DCE binaries on each machine on which they will run.
Installing DCE • DCELOCAL as /opt/dcelocal • DCESHARED as /opt/dce • SUBSYSDIR as /subsys/dce • SECURITYDIR as /subsys/dce/sec • DFSDIR as /subsys/dce/dfs When you install a component, dce_config installs only those binaries required for the selected component. 7.2.1 Beginning the Installation To begin the installation, perform the following steps: 1. Select 1. INSTALL from the DCE Main Menu.
OSF DCE Administration Guide—Introduction Type the name of the media device that contains the install tree and press . After you have specified the location of the install tree, dce_config displays: By default, the DCE binaries will be COPIED from the install tree into /opt/dcelocal/bin. In order to save save space, you can choose to simply symlink them instead. 1. Copy 2. Symlink 2.
Installing DCE especially useful if you have set the environment variables described in Chapter 10. The remainder of this subsection first describes the prompts that you may receive during the installation of all DCE components and how to answer those prompts. After these descriptions, the steps to perform each type of installation available from the DCE Installation Menu are described. 7.2.2 Installation Prompts The dce_config script prompts for information common to all component installations.
OSF DCE Administration Guide—Introduction 2. Type y and press if you are reinstalling all components. Entering y is equivalent to choosing REMOVE from the DCE Main Menu. After you answer the prompt, dce_config continues the installation. 7.2.2.
Installing DCE 7.2.2.
OSF DCE Administration Guide—Introduction 7.2.3 Performing the Installations The following subsections describe each type of installation that can be performed from the DCE Installation Menu. For all installations, except DFS servers, optional utilities, and DFS clients, the installation steps consist mainly of selecting the installation from the DCE Installation Menu and answering any of the common prompts described in the previous subsection.
Installing DCE The dce_config script then prompts for the location of the message catlaogs: Enter the directory into which message catalogs should be stored on the local machine (/usr/lib/nls/C): 4. Type the full pathname name of the directory in which the DCE message catalogs should be stored and press . Alternatively you can simply press to accept the default. Note that the actual default directory depends on the operating system on your machine.
OSF DCE Administration Guide—Introduction 7.2.4 Installing the CDS Servers You must install and configure at least one CDS server in each cell. For performance reasons, you may install and configure more than one. To install a CDS server, type 2 at the DCE Installation Menu and press . 7.2.5 Installing DTS Servers It is recommended that you run at least three DTS servers in each cell and that you configure at least one of those servers with a DTS Time Provider as described in Chapter 8.
Installing DCE File Server Machine. After you select a server installation from the DFS Server Installation menu, the dce_config script proceeds to install the server. Then, dce_config prompts for whether to install the optional DFS servers: Optional DFS servers are: cm fms udebug scout upclient upserver Would you like to install the optional DFS servers? (y): 3. Type y to install the optional servers or n to not install them and press .
OSF DCE Administration Guide—Introduction 7.2.9 Installing The Application Development Environment The Application Development Environment installation sets up the .idl and .h files used for DCE application development. To install the Application Development Environment .idl and .h files, type 7 at the DCE Installation Menu. The dce_config script displays the files it installs them. Note that all the files except the pthread files are installed in usr/include/dce.
Installing DCE 7.2.11 Installing a Security Server Replica You can install replicas of Security servers within your cell to help ensure the availability of the registry database. To install a replica Security server, type 9 at the DCE Installation Menu and press . The dce_config script installs the replica, displaying a message describing what it is doing as it does it, and returns the DCE Installation Menu. 7.2.
Chapter 8. Configuring DCE This chapter describes how to use the dce_config script to configure DCE software once that software has been installed. Note: Because of differences in DCE R1.1 platforms, the output in the sample procedures in this chapter may differ slightly from the output you see when you run the dce_config script. This chapter also describes how to use the Code Set Registry Compiler (csrc) to build a code set registry once DCE software has been configured.
OSF DCE Administration Guide—Introduction 6. DFS servers, Security and CDS replicas, GDA servers, Password Management servers, and additional time servers Note also that you must configure a CDS client on all Security server (master or replica) machines that are not running a CDS server. You must also configure a Time client on all machines that are not running a Time server. Be sure to configure the clients only after you have configured all servers. 8.
Configuring DCE 8.4 Clock Synchronization All servers and clients being configured should have clocks that are at least loosely synchronized. Using the SYNCH_CLOCKS environment variable described in Chapter 10, you can specify that the clocks will be synchronized automatically or that the user should be prompted to synchronize the clocks if they are out of synch by a specified amount. For DFS configurations, the clocks should be synchronized automatically.
OSF DCE Administration Guide—Introduction 98. Return to previous menu 99. Exit selection: From the DCE Configuration Menu, you can choose to configure any of the following items by typing the number associated with your selection at the selection prompt: • Selection 1, Initial Cell Configuration, lets you configure the master Security server, the initial CDS server, and DTS servers.
Configuring DCE 8.6.2 Specifying the Removal of Previous Configurations When you configure your cell initially, by selecting items from the Initial Cell Configuration menu, or when you configure DCE clients or DFS clients, you may receive the following prompt: Do you wish to first remove all remnants of previous DCE configurations for all components (y/n)? You should do so if you plan on re-configuring all existing DCE components now. This prompt appears once in each dce_config session.
OSF DCE Administration Guide—Introduction The dce_config script displays the following message: S:****** Configuring initial cell... and then the Initial Cell Configuration menu. Initial Cell Configuration ( on host_name ) 1. Initial Security Server 2. Initial CDS Server 3. Initial DTS Server 98. Return to previous menu 99. Exit selection: Note: You can enter more than one selection at a time from the DCE Configuration Menu. Just be sure to separate the selections by spaces.
Configuring DCE The dce_config script displays the following prompt: Enter keyseed for initial database master key: 3. Type in the text string for the "keyseed," which is a temporary DES key that is used to generate the registry’s master key (the key that the registry will use for account key creation). Press . The text you enter should not be easily guessed. Note that it is not displayed as you type it.
OSF DCE Administration Guide—Introduction are automatically generated by the Security Service when a group is added using "rgy_edit": (126) 7. Type a UNIX ID number that will be used as the group UNIX ID at which the Security server will start assigning automatically generated group UNIX IDs and press . The default is the value of the highest group UNIX ID on the machine incremented by the value of the UID_GAP environment variable.
Configuring DCE The dce_config script prompts for the name of the LAN: What is the name of the LAN? Type the name and press . You can enter any arbitrary name. The name is used by dce_config to store cell profile information. b. Type n to not configure the machine with multiple LAN capabilities and press . The dce_config script completes the installation, starts the cdsadv and cdsd servers, creates the LAN profile (if necessary), and sets the appropriate ACLs.
OSF DCE Administration Guide—Introduction The dce_config script displays the following messages: S:****** Configuring initial DTS services S:****** Please wait for user authentication and authorization... and then the DTS Configuration Menu. DTS Configuration Menu 1. 2. 3. 4. DTS DTS DTS DTS Local Server Global Server (needed only in multi-LAN cells) Clerk Time Provider 98. Return to previous menu 99. Exit selection: 8.7.4.
Configuring DCE 8.7.4.3 Configuring a Time Provider on a DTS Server You should configure one of the DTS servers in the cell with a provider of the accurate time. You can configure two types of time providers: a null time provider and a NTP time provider. To configure a DTS server as a time provider, perform the following steps: 1. Type 4 on the DTS Configuration Menu and press . The dce_config script displays The DTS Time Provider Menu. DTS Time Provider Menu 1. Configure a NULL time provider 2.
OSF DCE Administration Guide—Introduction • GDA servers • Security server replicas • CDS server replicas • Password Management server Before you configure additional servers ensure that: • The cell’s master Security server and initial CDS server have been configured and started. • The machine on which you are configuring additional servers has been configured as a DCE client. • You are able to login as the initial privileged user of the Security database. 8.8.
Configuring DCE selection: Note that if you have not been authenticated as the initial privileged user of the registry database in the current dce_config session, dce_config prompts you for the privileged user’s name and password before it displays the Additional Server Configuration menu. The following subsections describe the steps to configure each type of additional server in order as they appear on the Additional Server Configuration menu. 8.8.
OSF DCE Administration Guide—Introduction a. Type y to replicate other directories on the machine and press . The dce_config script prompts for a list of the directories to replicated: Enter a list of directories to be replicated, separated by spaces, and terminated by : Type in the list of directories separated by spaces. Press when the list is complete. The dce_config script automatically replicates the root directory.
Configuring DCE 8.8.2.2 Handling Configuration Errors If you receive either of these messages, the clearinghouse is in an intermediate state and cannot be used or deleted, although the rest of the cell namespace and other servers are unaffected. To recover: 1. Skulk the root directory 2. Use the create clearinghouse /.:/clearinghouse_name command while you are logged in as the initial privileged user on the newly configured CDS server machine.
OSF DCE Administration Guide—Introduction File Server does not support replicated filesets. Note: System Control machines can also be used as Binary Distribution machine. Although you must configure at least one Fileset Location Database machine, all other DFS server machines are optional. Note that if your are configuring a System Control machine, you should configure it first because you are prompted to enter its name during the Fileset Location Database machine configuration.
Configuring DCE 8.8.4.2 Configuring a System Control Machine To configure a System Control machine, perform the following steps: 1. Type 3 on the DCE Configuration Menu and press . The dce_config script displays the following message: S:****** Configuring DFS System Control Machine... and then prompts: Enter Cell Administrator’s principal name: (cell_admin) 2.
OSF DCE Administration Guide—Introduction 8.8.4.3 Configuring a File Server and a Private File Server The steps to configure a File Server and a Private File Server Server are the same. In the steps that follow, a Private File Server is configured to illustrate the sequence of prompts and actions. However, you can use the same instructions to configure a File Server. To configure a File Server or Private File Server, perform the following steps: 1.
Configuring DCE Then dce_config script prompts: Enter the name of the system control machine: 6. Type the name of the machine configured as the system control machine and press . If you cell does not use a system control machine enter the name of the local machine. The dce_config script prompts: Enter the filesystem type for the aggregate to be exported: 1. Native File System (e.g. UFS, JFS) 2.
OSF DCE Administration Guide—Introduction d. Type a name for the aggregate and press . The aggregate name must be unique on the machine being configured. The dce_config script prompts: Enter a unique numerical aggregate ID: e. Type a number for the aggregate ID and press . The aggregate ID must be unique on the machine being configured. Exporting the Episode File System To export the Episode File System, replica the following steps: a. Type 2 and press .
Configuring DCE f. Type a number for the aggregate ID and press . The aggregate ID must be unique on the machine being configured. After you complete the steps listed in "Exporting the Native File System" or "Exporting the Episode File System," the dce_config script exports the chosen file system and displays instructions on where to find information about exporting additional file systems by displaying: S:****** Exporting device_name through DFS...
OSF DCE Administration Guide—Introduction The dce_config script loads the DFS kernel extensions and displays the following messages: S:****** Loading kernel extensions... rpc_config: installed krpc device at major number 71 Then the dce_config script prompts for whether LFS (Episode) should be loaded Should the LFS Kernel Extension be loaded (n)? 4. Type y to configure the machine to use LFS or n to not and press . The dce_config script displays: Should LFS be initialized (n)? 5.
Configuring DCE 1. Native File System (e.g. UFS, JFS) 2. Episode File System (LFS) selection: Your next steps depend on whether you want to export the native file system or the Episode file system. If you are exporting the native file system, go to the subsection titled "Exporting the Native File System." If you are exporting the Episode file system, go to the subsection titled "Exporting the Episode File System.
OSF DCE Administration Guide—Introduction c. Type the name of the LFS fileset and press . The dce_config script prompts: Do you want to format partition d. device_name as an Episode aggregate [n]?. Type y to initialize the device named in a previous prompt as the aggregate to be exported as the Episode aggregate and press . The dce_config script displays the following message: S:****** device_name successfully initialized.
Configuring DCE You can configure GDA in a cell that uses either GDS or DNS as the global directory service. Although dce_config can configure GDA in a cell that uses GDS, you must use manual procedures to configure GDA in a cell that uses DNS. Both types of configuration are described in the subsections that follow. 8.8.5.
OSF DCE Administration Guide—Introduction 8.8.6 Configuring Security Replicas Security replicas help provide improved cell performance and reliability. To configure a security replica, perform the following steps: 1. At the Additional Server Configuration menu, type 8 and press . The dce_config script displays: Enter the security replica name (without subsys/dce/sec) : (hostname) 2. Type the name to be assigned to the Security replica and press .
Configuring DCE The dce_config script creates and starts the security replica and displays: start slave security server (secd) ... The dce_config returns the Additional Server Configuration menu. 8.8.7 Configuring and Unconfiguring a Password Management Server Password Management servers enable administrators to exert greater control over users’ selection of passwords than that provided by DCE standard policy.
OSF DCE Administration Guide—Introduction 8.9 Configuring DCE Clients After you configure your cell’s master Security server and initial CDS server, you should configure each machine in the cell as a DCE client. Then you can configure additional servers and replicas as described in "Configuring Additional Servers." When you configure a DCE client you set up the machine as a client of the core DCE Services: Security, CDS, and DTS. To configure a DCE client machine, perform the following steps: 1.
Configuring DCE Type the name and press . You can enter any arbitrary name. The name is used by dce_config to store cell profile information. b. Type n to not configure the machine with multiple LAN capabilities and press . The dce_config script displays the following message: S:****** This node is now a CDS client and then the following prompt: Should this machine be configured as a DTS Clerk, DTS Local Server, or DTS Global Server? (Default is DTS Clerk) (clerk, local, global, none) 5.
OSF DCE Administration Guide—Introduction S:****** Loading kernel extensions... rpc_config: installed krpc device at major number 71 Then the dce_config script prompts for whether LFS (Episode) should be initialized: Should LFS be initialized (n)? 4. Type y to initialize LFS or n to not and press . The dce_config script displays: Is the cache : 1. in memory 2. on the local disk selection: 5. Type 1 if the cache is in memory or 2 if is is stored on the local disk and press .
Configuring DCE 8.12 Building a Code Set Registry A "character set" is a group of characters, such as the English alphabet, Japanese Kanji, and the European character set. A "code set" is a mapping of the members of a character set to specific numeric code values. Examples of code sets include ASCII, JIS X0208 (Japenese Kanji), and ISO 8859-1 (Latin 1). Different code set encodings exist for different character sets, but in addition, the same character set can be encoded in different ways.
OSF DCE Administration Guide—Introduction They modify this file to contain, for each code set that their platform supports, the local code set names for those supported code sets. They can also add to this file any vendor-specific, non-OSF registered code set names and values that their platform supports. In the second stage, DCE cell administrators create code set registry source files when they are configuring machines that are part of an internationalized DCE cell.
Configuring DCE loc_name rgy_value char_values max_bytes end iso88592 0x00010002 0x0012 1 start description loc_name rgy_value char_values max_bytes end ISO 8859-3:1988; Latin Alphabet No. 3 iso88593 0x00010003 0x0013 1 start description loc_name rgy_value char_values max_bytes end ISO 8859-4:1988; Latin Alphabet No.
OSF DCE Administration Guide—Introduction do not collide with OSF-registered values. Use the colon character (:) to separate multiple character set values. For additional source file usage information, see the csrc(8dce) reference page in the OSF DCE Administration Reference. 8.12.2 Generating the Code Set Registry File Cell administrators of internationalized DCE cells use the csrc utility to create sitespecific code set registry files for each host in the cell.
Configuring DCE 8.12.4 Example Here is a sample csrc command line: csrc -i /test/i18n_app/code_set_registry.txt -o code_set_registry.db -m euc -m sjis In the previous example, the log file CSRC_LOG is created in the current directory, which is /test/i18n_app.
Chapter 9. Managing DCE Configurations This chapter describes how to use those dce_config functions that help you manage the installation and configuration process. These functions are as follows: • START—To re-start DCE daemons • STOP—To stop DCE daemons • UNCONFIGURE—To remove entries for a configured client machine from the CDS namespace and from the Security database, essentially removing the client machine from the cell.
OSF DCE Administration Guide—Introduction 9.1 Starting DCE Daemons As part of configuring a machine, the dce_config script starts all configured daemons. The START function provides a convenient way of restarting all DCE daemons that have been successfully configured. The START function invokes the /etc/rc.dce component script and, if DFS is installed on the machine, the /etc/rc.dfs component script. You can invoke these scripts directly. (The component scripts are described in Chapter 10.
Managing DCE Configurations S:****** Attempting to stop all running DCE daemons... After dce_config stops the daemons, it displays the following message and returns the DCE Main Menu. S:****** Successfully stopped all running DCE daemons. 9.3 Unconfiguring Client and Server Machines The UNCONFIGURE function is used to reverse the effects of configuring a client or server machine. This function unconfigures machines by removing their entries from the cell namespace and Security registry.
OSF DCE Administration Guide—Introduction 3. Type y to continue and press . If you continue, dce_config prompts: Enter the Cell Administrator’s principal name: (cell_admin) Type the name of the principal who was defined to be the initial privileged user of the registry database during the configuration of the master Security server and press . The dce_config script prompts: Enter password: 4. Type the password for the initial privileged user’s account and press .
Managing DCE Configurations REMOVE will remove the node’s ability to operate in the cell. A reconfiguration of the node will be required. If this is not a server node, then this node should be unconfigured before a REMOVE is done. Do you wish to continue (y/n)? (n) 2. Press to continue. The dce_config script proceeds to remove all effects of the configuration of all DCE components on the machine. As it does, it displays the following messages.
Chapter 10. Customizing the dce_config Processing This chapter contains information useful for customizing dce_config processing. Specifically, it describes: • Automating dce_config processing • Setting the dce_config environment variables • Controlling the logging of messages • Using the the dce_config component scripts 10.1 Automating dce_config Processing Using an environment file and a command file, you can automate dce_config processing.
OSF DCE Administration Guide—Introduction 10.1.1 Usingthe Environment and Command Files To use the files, invoke dce_config as follows: dce_config -e environment_file -c command_file The -e option sources the named environment file at dce_config startup. The -c option sources the named command file at dce_config startup. 10.1.2 Sample Environment File A sample environment file, config.env, is provided by OSF with the DCE source.
Customizing the dce_config Processing # usually the security server ($SEC_SERVER) # # Install # REMOVE_PREV_INSTALL=y # y/n Remove previous install before # installing anything. mach=‘uname‘ case $mach in OSF1) machine=at386;; AIX) machine=rios;; HP-UX) machine=hp800;; esac # path to install area #FILESYSTEM="install/${machine}/opt/dce1.
OSF DCE Administration Guide—Introduction KEYSEED="garBageMan" # Keeyseed for initial database master # # Default values are provided, for PWD_MGMT_SVR and PWD_MGMT_SVR_OPTIONS.
Customizing the dce_config Processing # GDA # # # DTS Config # NTP_HOST="" # Name of ntp server # # DFS Config # AGG_FS_TYPE=native # native/episode aggregate fs type to export AGG_DEV_NAME="" # device name for the aggregate to be exported AGG_MOUNT_PATH="" # mount path for aggregate AGG_NAME="" # Name of aggregate AGG_ID="" # numerical id of aggregate CACHE_SIZE_RAM=10000 # number of bytes for memory cache CACHE_SIZE_DISK=10000 # number of bytes for dis
OSF DCE Administration Guide—Introduction • Whether to configure the component as a local server, global server, clerk, or time provider (for DTS) • Whether to configure the component as a System Control Machine, Private File Server, File Server, or File Location Database Server (for DFS) The file is thoroughly annotated and can be used simply by uncommenting the lines that install and configure the components you want. The # character indicates a comment line. Remove the # to uncomment the line.
Customizing the dce_config Processing # install gds # := client|server # # install dfs # := client|scm|privatefs|fs|fldb # #install sec # Security Server #install cds # CDS Server #install dts # DTS Server #install client # DCE Client #install appdev # Application Development Environment #install sec-replica # Replica Security Server #install cdsbrowser # Install cdsbrowser #install nidl_to_idl # Install nidl_to_idl # # GDS install # #install gds clie
OSF DCE Administration Guide—Introduction # # dfs := client|scm|privatefs|fs|fldb # #config client # Same as: # config sec client # config cds client # config dts $DTS_CONFIG # # Security # # Can only pick one, server implies client. #config sec client # Security Client #config sec server # Security Server #config sec replica # Security Replica # # CDS # # Can only pick one, server implies client.
Customizing the dce_config Processing # # You may pick one of these three server types #config dfs fldb # file Location Database server #config dfs fs # File Server #config dfs privatefs # Private File Server # Any of the above can be a SCM. #config dfs scm # System Control Machine # # Client must be configured after server #config dfs client # DFS Client 10.
OSF DCE Administration Guide—Introduction TABLE 10-1. dce_config Environment Variables ____________________________________________________________ Variable Value ____________________________________________________________ CACHE_CDS_SERVER The name of the CDS server to cache. It is not required that the cached server be the initial CDS Server. Used during CDS client configuration. ____________________________________________________________ CACHE_CDS_SERVER_IP The IP address of the CDS server to cache.
Customizing the dce_config Processing ____________________________________________________________ Variable Value ____________________________________________________________ command that causes input from the "here" file to be lost. Note that dce_config do not recognize time zones. If you are configuring a cell across time zones, set CHECK_TIME to n. ____________________________________________________________ DC_DISPLAY_THRESHOLD Specifies the messages to write to stdout.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Variable Value ____________________________________________________________ cell administrator account is not assigned a commonly known password. ____________________________________________________________ DIR_REPLICATE Controls the replication of CDS directories when an additional CDS server is being created at DCE configuration time.
Customizing the dce_config Processing ____________________________________________________________ Variable Value ____________________________________________________________ The value of this variable is used with the LOW_GID variable to set the starting point for UIDs automatically assigned by the Security server. Default is 100. Used in Security server configuration. ____________________________________________________________ HOST_NAME_IP The IP address of node on which dce_config is running.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Variable Value ____________________________________________________________ highest UNIX ID currently used on the machine being configured, incremented by the value of UID_GAP.
Customizing the dce_config Processing ____________________________________________________________ Variable Value ____________________________________________________________ reinstall them all. Used in all component installations. ____________________________________________________________ REMOVE_PREV_CONFIG An indication of whether or not to remove all remnants of previous configurations before performing the new configuration: y indicates remove all remnants; n indicates do not.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Variable Value ____________________________________________________________ Security server (the name specified in the SEC_SERVER variable). ____________________________________________________________ TOLERANCE_SEC The number of seconds a client system clock can differ from the Security server system clock before either the user prompted to synchronize clocks or clocks are synchronized automatically.
Customizing the dce_config Processing TABLE 10-2. dfs_config Environment Variables _________________________________________________________ Variable Value _________________________________________________________ AGG_FS_TYPE The type of filesystem for the aggregate to be exported. Possible values are native meaning the native file system (e.g. UFS, JFS) or episode meaning the Episode (LFS) file system.
OSF DCE Administration Guide—Introduction _________________________________________________________ Variable Value _________________________________________________________ not. _________________________________________________________ EPI_FORCE_INIT An indication of whether or not to force the initialization of a partition as an Episode aggregate, possibly losing data. Possible values are y or the initialization or n to not.
Customizing the dce_config Processing TABLE 10-3.
OSF DCE Administration Guide—Introduction 10−20 • dce.rm [install]—Removes all data and configuration files created by DCE servers after initial configuration except for data and files created by DFS servers. This script must be run on the machine running the processes. It should be run before reconfiguring DCE. If you invoke the script with the install parameter, the script removes the binary files added during installation. • dfs.
Appendix A. The DCE Cell Namespace This appendix describes the names that CDS and the DCE Security Service use within the DCE cell namespace. These namespace entries are created during initial DCE configuration. In the tables that follow, the ‘‘CDS Class’’ field is either used internally by the CDS_Clearinghouse entry and the RPC NSI. The ‘‘Well Known’’ field specifies whether the last component of a name is an architecturally required name.
OSF DCE Administration Guide—Introduction A.1 The CDS Space Figures A-1 through A-3 illustrate the CDS namespace of a DCE cell namespace. The subsections that follow provide a description of each entry. Figure A-1. The Top-Level CDS Directory /.: cell-profile fs hosts lan-profile lclhostname_ch sec subsys Figure A-2. The CDS hosts Directory /.: hosts hostname cds-clerk cds-server profile self config Figure A-3. The CDS subsys Directory /.
The DCE Cell Namespace A.1.1 The Top-Level CDS Directory The following tables describe the namespace entries for /.:, the top-level CDS directory. ____________________________________________________________________ Name /.: ____________________________________________________________________ CDS Type Well Known Description Directory Yes This is the cell root directory. The special character string /.: is a shorthand form of /.../cellname. This directory is replicated in every clearinghouse.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/cell-profile ____________________________________________________________ {group subsys/dce/dts-servers rw-t-} {any_other r--t-} ____________________________________________________________ ____________________________________________________________ Name /.
The DCE Cell Namespace ____________________________________________________________ Name /.:/lan-profile ____________________________________________________________ CDS Type CDS Class Well Known Description Object RPC_Profile No This is the default LAN profile used by DTS, and potentially by other services. In single LAN cells, this is the profile in which entries for the DTS local set entries are entered.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec ____________________________________________________________ {group subsys/dce/cds-server rwdtc} {group subsys/dce/sec-admin rwdtc} {any_other r--t-} ____________________________________________________________ ____________________________________________________________________ Name /.
The DCE Cell Namespace A.1.2 The CDS hosts Directory The following tables describe the namespace entries for /.:/hosts, the CDS hosts directory. ____________________________________________________________________ Name /.:/hosts/hostname ____________________________________________________________________ CDS Type Well Known Description Directory No Each host has a directory in which RPC server entries, groups, and profiles associated with this host are stored. This is simply a CDS directory.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/hosts/hostname/cds-server ____________________________________________________________ CDS Type CDS Class Well Known Description Default ACLs Object ACL Object RPC_Entry No This entry contains the binding for a CDS Server.
The DCE Cell Namespace ____________________________________________________________ Name /.:/hosts/hostname/self ____________________________________________________________ CDS Type CDS Class Well Known Description Object RPC_Entry Yes This entry contains a binding to the dced daemon on host hostname. The dce_cf_binding_entry_from_host( ) call returns either the name of this entry when handed a hostname or the current host when a hostname is not provided.
OSF DCE Administration Guide—Introduction _________________________________________________________________ Name /.:/hosts/hostname/config/keytab _________________________________________________________________ dced Type dced container Well Known Yes Description The container for keytab objects on the given host.
The DCE Cell Namespace A.1.3 The CDS subsys Directory The following tables describe the namespace entries for /.:/subsys, the CDS subsys directory. ____________________________________________________________________ Name /.:/subsys/dce ____________________________________________________________________ CDS Type Well Known Description Default ACLs Object ACL Directory No This directory contains DCE-specific names.
OSF DCE Administration Guide—Introduction ____________________________________________________________________ Name /.
The DCE Cell Namespace ____________________________________________________________________ Name /.
OSF DCE Administration Guide—Introduction A.2 The Security Space Figures A-4 through A-6 illustrate the Security namespace within the DCE cell namespace. The subsections that follow provide a description of each entry. The subdirectories that comprise the Security namespace are principal, group, org, policy, replist, and xattrschema. To operate on the ACLs on any of these namespace entries, you need to include the name of the Security junction.
The DCE Cell Namespace Figure A-5. The sec/group Directory /.: sec group acct-admin bin none daemon subsys kmem system mail tcb nogroup tty uucp dce audit-admin dfs-admin cds-admin dfs-bak-servers cds-server dfs-fs-servers sec-admin dts-admin dts-servers Figure A-6. The sec/principal Directory /.
OSF DCE Administration Guide—Introduction A.2.1 The Top-Level Security Directory The following tables describe the namespace entries for /.:/sec, the top-level Security directory. ____________________________________________________________________ Name /.:/sec/group ____________________________________________________________________ Well Known Description Yes. This name is not architecturally defined, but is defined by the implementation. This is the Security directory that holds all of the groups.
The DCE Cell Namespace ____________________________________________________________________ Name /.:/sec/org ____________________________________________________________________ Initial Container ACL {unauthenticated r-----} {user creator rcidDn} {group acct-admin rcidDn} {other_obj r-----} {any_other r-----} ____________________________________________________________________ ____________________________________________________________ Name /.
OSF DCE Administration Guide—Introduction ____________________________________________________________________ Name /.:/sec/principal ____________________________________________________________________ {any_other r--------} {unauthenticated r-----} {user creator rcidDn} {group acct-admin rcidDn} {other_obj r-----} {any_other r-----} ____________________________________________________________________ Initial Container ACL ____________________________________________________________ Name /.
The DCE Cell Namespace A.2.2 The sec/group Directory The following tables describe the namespace entries for /.:/sec/group, the Security sec/group directory. ____________________________________________________________ Name /.:/sec/group/acct-admin ____________________________________________________________ Well Known Description No This is the only group of principals that can create accounts.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/group/kmem ____________________________________________________________ Well Known Description No This is the group that has read access to kernel memory.
The DCE Cell Namespace ____________________________________________________________ Name /.:/sec/group/none ____________________________________________________________ Object ACL {unauthenticated r-t-----} {user creator rctDnfmM} {group_obj r-t-----} {group acct-admin rctDnfmM} {other_obj r-t-----} {any_other r-t-----} UNIX GID 12 ____________________________________________________________ ____________________________________________________________________ Name /.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/group/tcb ____________________________________________________________ Well Known Description No This is the group used by security policy daemons on OSF/1 C2/B1 secure systems.
The DCE Cell Namespace A.2.3 The sec/group/subsys Directory The following tables describe the namespace entries for /.:/sec/group/subsys, the Security sec/group/subsys directory. ____________________________________________________________________ Name /.:/sec/group/subsys/dce ____________________________________________________________________ Well Known Description Default ACLs Object ACL Yes This directory contains the groups used by DCE.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/group/subsys/dce/cds-server ____________________________________________________________ Well Known Description Yes This is the group of all CDS Servers for the local cell. As each new server is added to the cell, it must be added to this group. CDS Server authentication consists of checking for the server’s membership in this group.
The DCE Cell Namespace ____________________________________________________________ Name /.:/sec/group/subsys/dce/dfs-bak-servers ____________________________________________________________ UNIX GID Generated ____________________________________________________________ ____________________________________________________________ Name /.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/group/subsys/dce/dts-servers ____________________________________________________________ {group subsys/dce/dts-admin rctDnfmM} {other_obj r-t-----} {any_other r-t-----} UNIX GID Generated ____________________________________________________________ ____________________________________________________________ Name /.
The DCE Cell Namespace A.2.4 The sec/principal Directory The following tables describe the namespace entries for /.:/sec/principal, the Security sec/principal directory. ____________________________________________________________ Name /.:/sec/principal/bin ____________________________________________________________ Well Known Description Default ACLs Object ACL No This is the owner of the system binaries.
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/principal/dce-ptgt ____________________________________________________________ Well Known Description Yes This is the architecturally defined principal name of the Privilege Server.
The DCE Cell Namespace ____________________________________________________________________ Name /.:/sec/principal/hosts ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ Name /.:/sec/principal/krbtgt (also known as /...
OSF DCE Administration Guide—Introduction ____________________________________________________________ Name /.:/sec/principal/mail ____________________________________________________________ Object ACL {unauthenticated r--------} {user_obj r---f--ug} {user creator rcDnfmaug} {group acct-admin rcDnfmaug} {other_obj r-------g} {any_other r--------} UNIX UID 6 ____________________________________________________________ ____________________________________________________________ Name /.
The DCE Cell Namespace ____________________________________________________________ Name /.:/sec/principal/sys ____________________________________________________________ UNIX UID 2 ____________________________________________________________ ____________________________________________________________ Name /.:/sec/principal/tcb ____________________________________________________________ Well Known Description No This is the user for security policy daemons on OSF/1 C2/B1 secure systems.
OSF DCE Administration Guide—Introduction A.2.5 The sec/principal/hosts Directory The following tables describe the namespace entries for /.:/sec/principal/hosts, the Security sec/principal/hosts directory. ____________________________________________________________________ Name /.:/sec/principal/hosts/hostname ____________________________________________________________________ Well Known Description No This directory contains Security principals for host hostname.
The DCE Cell Namespace ____________________________________________________________ Name /.:/sec/principal/hosts/hostname/dfs-server ____________________________________________________________ Well Known Description No This is the principal name of the DFS Servers on node hostname.
Appendix B. The Location of Installed DCE Files This appendix shows the organization of the dceshared, dcelocal, and the UNIX subdirectories used by DCE. B.1 The dceshared Subdirectories Figure B-1 shows the dceshared subtree. Figure B-1. The dceshared Subtree dceshared bin etc nls zoneinfo msg share usr examples lib dts etc include sources dce var adm directory gds The following directories are created in the dceshared subtree during installation.
OSF DCE Administration Guide—Introduction This directory contains templates of configuration files that are in architecturedependent format. • dceshared/etc/zoneinfo This directory contains templates of configuration tables. • dceshared/nls/msg/${LANG} This directory contains delivered message catalogs (*.cat) files for each supported language. • dceshared/share All of the previously described subdirectories can contain architecture-dependent files, which are addressable by using @sys.
The Location of Installed DCE Files Figure B-2. The dcelocal Subtree dcelocal bin etc var adm dce-component-name dce-component-name adm The following directories are created in the dcelocal subtree during installation. • dcelocal/bin This directory contains DCE administration utilities and server processes (daemons), which are necessary for local client system initialization and for server machines.
OSF DCE Administration Guide—Introduction B.3 Conventional UNIX Directories Figure B-3 shows the directories that DCE uses in the standard UNIX tree. Figure B-3. Standard UNIX Directories Tree / etc krb5 usr zoneinfo bin include lib dce DCE uses the following standard UNIX directories. • /etc/zoneinfo This directory contains copies of the templates, which are modified, if necessary, from the dceshared/etc/zoneinfo directory. Note: Preexisting files can be modified on the local system.
Index _____________________________ Symbols Environment, installing, 7-12 application development machines, 3-16 Audit servers, planning guidelines, 3-7 Audit Service, client requirements, 3-4 auditing, configuring, 8-30 @host variable, 2-15 @sys variable, 2-15 A access control, in the namespace, 5-5 access control lists (ACLs), about, 1-4 to 1-5 accounts managing, 5-9 UNIX, importing to DCE, 5-9 ACL, 5-9 Additional Server Configuration menu, 8-12 administering DCE about, 1-1 to 1-5 utilities, 3-13 to 3
OSF DCE Administration Guide—Introduction environment variable, 10-17 caching, about, 1-5 CDS Browser, 5-3 control program, 5-3 maintenance tasks, 5-3 monitoring, 5-3 CDS servers, planning guidelines, 3-7 to 3-8 cdsbrowser, installing, 7-12 Cell Directory Server server, configuration initial, 8-8 Cell Directory Service, database size, 8-3 Cell Directory Service (CDS) administration utilities, 3-15 client requirements, 3-4 hosts directory contents, A-7 root directory structure and contents, A-2 subsys direct
Index dcecp, 5 -9 dcelocal directories creating, 4-1 to 4-3 structure and contents, B-2 to B-3 dceshared directories creating, 4-1 to 4-2 structure and contents, B-1 to B-2 dce_com.
OSF DCE Administration Guide—Introduction configuration prerequisites, 8-16 Distributed File System servers configuring, 8-15 installing, 7-10 types, 8-15 Distributed Time Service (DTS) administration utility, 3-15 client requirements, 3-4 server requirements, 3-8 Distributed Time Service servers configuring, 8-9 types, 8-9 Domain Name System (DNS) cell name conventions, 2-5 cell names, 2-5 registering cell names, 2-5 DO_CHECKS dce_config environment variable, 10-10 DTS maintenance tasks, 5-7 time, provider
Index H J hierarchical cell names, 2-6 hosts See also machines HOST_NAME_IP dce_config environment variable, 10-10 junctions, 2-8 I Initial Cell Configuration menu, 8-5 initial privileged registry user, defining during configuration, 8-7 INIT_LFS dce_config environment variable, 10-17 install tree location, 7-1 naming during DCE installation, 7-3 Installation of CDS Servers, 7-10 of DFS Servers, 7-10 of DTS Servers, 7-10 of GDS Servers, 7-10 installation, prerequisites, 7-1 Installation Menu, 7-4 insta
OSF DCE Administration Guide—Introduction Security Service, 5-9 message catalog location, 7-6 messages, controlling with dce_config variables, 10-18 multiple LANs, defining during configuration, 8-8, 8-28 MULTIPLE_LAN dce_config environment variable, 10-10 R N namespace about, 1-3 configuration guidelines, 2-7 to 2-12 structure and contents, A-1 native file system, exporting during DFS configuration, 8-19, 8-23 NTP_HOST dce_config environment variable, 10-10 P passwd_export, 5-9 passwd_import, 5-9 passwd
Index S SCM_NAME dce_config environment variable, 10-17 scout, 5-11 Security database, size, 8-3 Security server, configuring the master, 8-6 Security Server configuring replicas, 8-26 installing, 7-13 Security servers, requirements, 3-6 Security Service access control planning, 2-11 administration utilities, 3-14 client requirements, 3-3 maintenance tasks, 5-9 SEC_SERVER dce_config environment variable, 10-10 SEC_SERVER_IP dce_config environment variable, 10-10 server machines, configuring, 3-6 to 3-13 se
