HP-UX 11i September 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

151

152

153

154

155

156

157

158

159

160

Internet and Networking Services

Base HP-UX Internet Services (new at 11i original release)

Chapter 10

156

/etc/pam.conf File Changes

To use PAM-ized rexec and remsh, the following lines have to be added to the

/etc/pam.conf ﬁle:

rcomds auth required /usr/lib/security/libpam_unix.1

rcomds account required /usr/lib/security/libpam_unix.1

Using PAM-ized remshd in Secure Internet Services (SIS) Environment

rexecd is not Kerber-ized and hence will not work in the SIS environment. However,

remshd is Kerber-ized. To take advantage of the PAM-ized modules, add the following

line to the /etc/pam.conf ﬁle.

rcomds auth required /usr/lib/security/libpam_dce.1

Also in the Kerberos environment, remshd has command line options for combining the

UNIX method and the Kerberos method of authentication. These command line options

can be set in the /etc/inetd.conf ﬁle for the kremshd service. Refer to the kremshd

(1M) manpage for a more detailed description of the options available.

Changes for GateD

With HP-UX 11i, the HELLO protocol of GateD will be obsoleted and no longer supported.

The BGP protocol available with GateD-3.5.9 on HP-UX 11.0 is also available and

supported on HP-UX 11i.

DHCP with Nonsecure DNS Updates

The Dynamic Host Control Protocol (DHCP) available on HP-UX 11i is capable of

updating the Dynamic Domain Name Server (DDNS). This feature updates the DDNS

with name and IP address of the client. This means that for every client to which DHCP

assigns a name and IP address, it also adds an “A” and “PTR” resource record (RR) of

that client to the DDNS.

To assign a name for every IP address, a new tag, “pcsn”, has been introduced. This tag

is a Boolean tag. If set, the DHCP server gives priority to the name (if any) provided by

the client. A name should be a fully qualiﬁed domain name (FQDN). If the name

provided by the client is NOT a FQDN, then the DHCP server will try to append the

domain name (if set using the ‘dn’ tag) else it appends “.” and updates the DDNS. If the

“pcsn” tag is set, then the DHCP server will try to assign a name of its choice for every

IP address.

To enable the DHCP server to perform updates to the DDNS, a new tag,

“ddns-address”, specifying the address of the DDNS server, has to be added in the

DHCP_POOL_GROUP or DHCP_DEVICE_GROUP keywords. The “pcsn” tag is also added within

the same entry.

A sample DHCP_DEVICE_GROUP entry with the ”ddns-address” tag and the “pcsn” tag is

shown below: