HP-UX 11i September 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

151

152

153

154

155

156

157

158

159

160

Internet and Networking Services

Base HP-UX Internet Services (new at 11i original release)

Chapter 10

155

The conﬁguration ﬁle can be obtained by following these steps:

1. Make sure that Perl is installed on the system.

2. The hosts_to_named script must be copied to /usr/sbin and a link provided from

/usr/bin manually.

3. A Perl script named-bootconf.pl is available in /usr/bin. This script is used to

convert the existing named.boot ﬁle to named.conf ﬁle.

4. The new BIND conﬁguration ﬁle named.conf must be created. Do this in either of two

ways:

• If the conﬁguration ﬁle named.boot already exists, create the new conﬁg ﬁle:

/usr/bin/named-bootconf.pl named.boot > named.conf

• If a BIND conﬁguration ﬁle does not exist:

execute hosts_to_named with appropriate options.

New Conﬁgurable Resolver Options

The timeout value is a function of the RES_RETRY and RES_RETRANS options of the

resolver routines. It is currently hardcoded as 5000 milliseconds for RES_RETRANS and 4

attempts for RES_RETRY. This results in a timeout value of 75 seconds. This timeout

value is obtained when you assume that there is one nameserver. When there are

multiple nameservers, the timeout value will increase. Hence, to help achieve shorter

timeout values, and better performance, the resolver options RES_RETRY and

RES_RETRANS are now conﬁgurable.

These resolver options can be conﬁgured using any of the three methods shown below.

They are listed in priority order with the ﬁrst listed method having the highest priority.

1. Use environment variables.

2. Use resolver conﬁguration ﬁle /etc/resolv.conf.

3. Use the new APIs deﬁned in (set_resfield).

The RES_RETRY and RES_RETRANS options can be set with any positive non-zero integer.

“PAM-ized” rexecd and remshd

The rexecd and remshd services on HP-UX 11i now use Pluggable Authentication

Modules (PAM) for authentication.

You can take advantage of using an authentication mechanism of your choice like DCE

Integrated Login, UNIX, or Kerberos by making a change in the /etc/pam.conf ﬁle. By

default, if you do not edit the /etc/pam.conf ﬁle, the rexec and the remsh services will

use the authentication mechanism speciﬁed by the OTHER directive in the

/etc/pam.conf ﬁle.

The earlier version of rexecd and remshd allowed only those UNIX users who were

included in /etc/passwd to use the rexecd and remshd services. This limitation has

been eliminated with the introduction of the “PAM-ized” modules. By PAM-izing rexec

and remsh services, users belonging to other authenticating services like DCE

Integrated Login can use the remsh and rexec services.