HP-UX 11i December 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

161

162

163

164

165

166

167

168

169

170

Internet and Networking Services

Base HP-UX Internet Services

Chapter 10

170

2. Copy the hosts_to_named script to /usr/sbin and manually provide a link from

/usr/bin.

3. To convert the existing named.boot ﬁle to named.conf ﬁle, use the Perl script

named-bootconf.pl available in /usr/bin.

4. Create the new BIND conﬁguration ﬁle named.conf. Do this in either of two ways:

• If the conﬁguration ﬁle named.boot already exists, create new conﬁg ﬁle as

follows:

/usr/bin/named-bootconf.pl named.boot > named.conf

• If a BIND conﬁguration ﬁle does not exist, execute hosts_to_named with

appropriate options.

New Conﬁgurable Resolver Options

The timeout value is a function of the RES_RETRY and RES_RETRANS options of the

resolver routines. It is currently hardcoded as 5000 milliseconds for RES_RETRANS and 4

attempts for RES_RETRY. This results in a timeout value of 75 seconds, which is obtained

when you assume that there is one nameserver. When there are multiple nameservers,

the timeout value will increase. Hence, to help achieve shorter timeout values, and

better performance, the resolver options RES_RETRY and RES_RETRANS are now

conﬁgurable.

These resolver options can be conﬁgured using any of the three methods shown below.

They are listed in order of priority, from highest (ﬁrst) to lowest (last).

1. Use environment variables.

2. Use resolver conﬁguration ﬁle /etc/resolv.conf.

3. Use the new APIs deﬁned in set_resfield.

The RES_RETRY and RES_RETRANS options can be set with any positive non-zero integer.

“PAM-ized” rexecd and remshd

The rexecd and remshd services on HP-UX 11i now use Pluggable Authentication

Modules (PAM) for authentication.

You can take advantage of using an authentication mechanism of your choice like DCE

Integrated Login, UNIX, or Kerberos by making a change in the /etc/pam.conf ﬁle. By

default, if you do not edit the /etc/pam.conf ﬁle, the rexec and the remsh services will

use the authentication mechanism speciﬁed by the OTHER directive in the

/etc/pam.conf ﬁle.

The earlier version of rexecd and remshd allowed only those UNIX users who were

included in /etc/passwd to use the rexecd and remshd services. This limitation has

been eliminated with the introduction of the “PAM-ized” modules. By PAM-izing rexec

and remsh services, users belonging to other authenticating services like DCE

Integrated Login can use the remsh and rexec services.

/etc/pam.conf File Changes

To use PAM-ized rexec and remsh, the following lines have to be added to the

/etc/pam.conf ﬁle: