Canada Software for HP-UX 11.0 Release Note

8 HP DCE 1.7 U.S./Canada Software for HP-UX 11.0 Release Note

Release Note

HP DCE U.S./Canada Software

The DCE Security component uses the Data Encryption Standard (DES)

algorithm as its default encryption algorithm. Because the United States

State Department restricts the export of DES software, HP supplies two

binary versions of the dced daemon and DCE library:

• The U.S./Canada version is available only to HP customers in the

United States and Canada. The U.S./Canada version of libdce

supports use of DES to encrypt RPC argument values, via the

“privacy” authentication level, and the use of DES to encrypt GSS-

API messages, via the gss_seal “conﬁdentiality requested” ﬂag. The

U.S./Canada version of dced supports secure remote key table

management.

• The Export version is available to all HP customers. The Export

version of libdce disables the “privacy” authentication level in RPC,

the gss_seal “conﬁdentiality requested” ﬂag, and all program entry

points to encryption routines. The Export version of dced does not

support secure remote key table management.

If an application uses the Export version of the DCE library and speciﬁes

the RPC “privacy” authentication level, the library returns an error at

run time.

If an application uses the Export version of the DCE library and speciﬁes

the GSS-API “conﬁdentiality requested” ﬂag, the GSS interface returns a

diagnostic ﬂag at run time.

See the dced man page for more information about remote key table

management support in the two versions of the daemon.

Software Included in the U.S./Canada Version

The U.S./Canada version of HP DCE 1.7 includes the following software:

/usr/lib/libdce.1

/usr/lib/libdce.2

/opt/dce/sbin/dced

/opt/dce/lib/libdce.a (when supplied)