HP-UX 11i March 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

171

172

173

174

175

176

177

178

179

180

Internet and Networking Services

Base HP-UX Internet Services

Chapter 10

172

than in previous releases of BIND. (The conﬁguration ﬁle in previous versions of BIND

was named.boot.)

There are now entirely new areas of conﬁguration, such as, access control lists and

categorized logging. Many options that previously applied to all zones can now be used

selectively.

The conﬁguration ﬁle can be obtained by following these steps:

1. Make sure that Perl is installed on the system.

2. Copy the hosts_to_named script to /usr/sbin and manually provide a link from

/usr/bin.

3. To convert the existing named.boot ﬁle to named.conf ﬁle, use the Perl script

named-bootconf.pl available in /usr/bin.

4. Create the new BIND conﬁguration ﬁle named.conf. Do this in either of two ways:

• If the conﬁguration ﬁle named.boot already exists, create new conﬁg ﬁle as

follows:

/usr/bin/named-bootconf.pl named.boot > named.conf

• If a BIND conﬁguration ﬁle does not exist, execute hosts_to_named with

appropriate options.

New Conﬁgurable Resolver Options

The timeout value is a function of the RES_RETRY and RES_RETRANS options of the

resolver routines. It is currently hardcoded as 5000 milliseconds for RES_RETRANS and 4

attempts for RES_RETRY. This results in a timeout value of 75 seconds, which is obtained

when you assume that there is one nameserver. When there are multiple nameservers,

the timeout value will increase. Hence, to help achieve shorter timeout values, and

better performance, the resolver options RES_RETRY and RES_RETRANS are now

conﬁgurable.

These resolver options can be conﬁgured using any of the three methods shown below.

They are listed in order of priority, from highest (ﬁrst) to lowest (last).

1. Use environment variables.

2. Use resolver conﬁguration ﬁle /etc/resolv.conf.

3. Use the new APIs deﬁned in set_resfield.

The RES_RETRY and RES_RETRANS options can be set with any positive non-zero integer.

“PAM-ized” rexecd and remshd

The rexecd and remshd services on HP-UX 11i now use Pluggable Authentication

Modules (PAM) for authentication.

You can take advantage of using an authentication mechanism of your choice like DCE

Integrated Login, UNIX, or Kerberos by making a change in the /etc/pam.conf ﬁle. By

default, if you do not edit the /etc/pam.conf ﬁle, the rexec and the remsh services will

use the authentication mechanism speciﬁed by the OTHER directive in the

/etc/pam.conf ﬁle.

The earlier version of rexecd and remshd allowed only those UNIX users who were

included in /etc/passwd to use the rexecd and remshd services. This limitation has