HP-UX 11i December 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

171

172

173

174

175

176

177

178

179

180

Internet and Networking Services

Base HP-UX Internet Services

Chapter 10

171

rcomds auth required /usr/lib/security/libpam_unix.1

rcomds account required /usr/lib/security/libpam_unix.1

Using PAM-ized remshd in Secure Internet Services (SIS) Environment

rexecd is not Kerber-ized and hence will not work in the SIS environment. However,

remshd is Kerber-ized. To take advantage of the PAM-ized modules, add the following

line to the /etc/pam.conf ﬁle:

rcomds auth required /usr/lib/security/libpam_dce.1

Also in the Kerberos environment, remshd has command line options for combining the

UNIX method and the Kerberos method of authentication. These command line options

can be set in the /etc/inetd.conf ﬁle for the kremshd service. Refer to the kremshd

(1M) manpage for a more detailed description of the options available.

Changes for GateD

With HP-UX 11i, the HELLO protocol of GateD will be obsoleted and no longer supported.

However, the BGP protocol available with GateD-3.5.9 on HP-UX 11.0 is also available

and supported on HP-UX 11i.

DHCP with Nonsecure DNS Updates

The Dynamic Host Control Protocol (DHCP) available on HP-UX 11i is capable of

updating the Dynamic Domain Name Server (DDNS). This feature updates the DDNS

with the name and IP address of the client. This means that for every client to which

DHCP assigns a name and IP address, it also adds an “A” and “PTR” resource record

(RR) of that client to the DDNS.

To assign a name for every IP address, a new, Boolean tag, pcsn, has been introduced. If

set, the DHCP server gives priority to the name (if any) provided by the client. The name

should be a fully qualiﬁed domain name (FQDN). If it is not, then the DHCP server will

try to append the domain name (if set using the dn tag); otherwise, it appends a “.” and

updates the DDNS. If the pcsn tag is set, then the DHCP server will try to assign a

name of its choice for every IP address.

To enable the DHCP server to perform updates to the DDNS, you need to add a new tag,

ddns-address, specifying the address of the DDNS server, as well as the pcsn tag

(within the same entry) to the DHCP_POOL_GROUP or DHCP_DEVICE_GROUP keywords.

The following is a sample of a DHCP_DEVICE_GROUP entry that includes the

ddns-address tag and the pcsn tag:

DHCP_DEVICE_GROUP:\

ba:\

pcsn:\

class-name=SUBNET_128_XTERMINAL_GROUP:\ class-id=”xterminal:”\

subnet-mask=255.255.255.0 :\

addr-pool-start-address= 15.14.128.1 :\

addr-pool-last-address= 15.14.128.254 :\

ddns-address=1.2.3.4:\

lease-time=604800 :\

lease-grace-period=5