HP-UX DCE Version 1.9 Release Notes
Chapter 1
About This Document
Known Problems and Work Arounds
10
One workaround for this condition is to run dcecp in normal mode on a host with dced also in normal
mode and then execute the command again. Alternatively, you can quit out of "local" mode between acl
modify -add commands. For more information, refer Planning and Configuring HP-UX DCE 1.9
(B3190-90076).
• From HP-UX DCE 1.6 onwards, dcecp's secval activate and secval deactivate commands became
asynchronous. They return before the actual change takes place within dced. (Prior to HP-UX DCE 1.6,
secval activate and secval deactivate were synchronous and didn't return until the actual state
change finished in dced.)
You should use the secval status command to verify the state change. Although future HP-UX DCE
releases may reimplement synchronous secval activate and deactivate commands, the verification
by secval status is still recommended.
• The "add cellname as preferred" cdscp command has been removed. The use of the "add cellname
as preferred" command to set a new primary cdsalias name for a local cell causes the cell to have
problems.
• The dcecp commands rpcentry, rpcgroup, and rpcprofile do not support the -version option.
• There is a known bug in the k5dcelogin command when called by rlogin -f to log in to the local node.
If you already have Kerberos credentials on the local node when using rlogin -f to log in to it, then
when you exit or logout, your local Kerberos credentials will be deleted. This is a known bug in
k5dcelogin, where the local credentials are deleted on completion of the process.
The workaround is to use rlogin without -f when logging into the local node. In the remote case, where
you are using rlogin -f to log in to a remote node, it is intended behavior for k5dcelogin to delete the
credentials on the remote system once you exit the remote system.
• Audit events are not generated for authentication services. These events are: AS_Request,
TGS_TicketReq, TGS_RenewReq, and TGS_ValidateReq.
• The chpass command is not supported.
• Intercell logins are insecure with respect to other logins from the same cell; therefore, such logins are
disabled by default. To facilitate administrative control over intercell logins, two switches have been
added to the dcecp registry connect command. If you want to permit intercell logins, specify one or
both of the following switches to the dcecp registry connect command:
For example, to enable peer-to-peer trust between two cells and permit intercell logins in both directions
between them:
dcecp>registry connect /.../_cell_name> \-facct cell_admin\
-facctpw_cell_admin_pwd>\-acctvalid\-facctvalid\-group none\-fgroup none\-org none\-forg none\-mypwd
_cell_admin_pwd>
• A machine whose name has been changed must be unconfigured and then reconfigured into the cell;
otherwise the old name will be used.
Command Definition
acctvalid
Marks the local cell account as a valid account. A valid
local cell account allows users from the foreign cell to
login to nodes in the local cell. The default is invalid.
-facctval
id
Marks the foreign cell account as a valid account. A
valid foreign cell account allows users from the local
cell to log in to nodes in the foreign cell. The default is
invalid.