HP-UX DCE Version 1.9 Release Notes

Chapter 1

About This Document

In This Version

New Features in HP-UX DCE 1.9

The following features are new in HP-UX DCE 1.9:

• Support for IPF platform

• Kernel-threaded DCE servers

• Capacity expansion

Features Removed From HP-UX DCE 1.9

The following features have been removed from HP-UX DCE 1.9:

• Tracing facility

• CMA threads

• Support for DFS

Supported Features of HP-UX DCE 1.9

HP-UX DCE 1.9 includes the following OSF DCE 1.2.1 features. For more information about these features,

refer the OSF DCE 1.2.1 documentation, which is provided with HP-UX DCE 1.9.

• Single administrative DCE control program — dcecp.

• DCE daemon (combines rpcd and sec_clientd) — dced.

• Cell aliasing.

• Hierarchical cell naming without transitive trust.

• Serviceability improvements.

• Security delegation — intermediary servers can operate on behalf of the initiating client while preserving

identities and Access Control List (ACLs).

• Auditing — tracking of security-related events.

• Extended Generic Security Service Application (GSSAPI) — permits use of DCE security by message

passing applications.

• Extended Registry Attribute (ERA) facility— provides a means to deﬁne arbitrary attribute types; to

attach instances of those types to principals, groups, and organizations; and to insert attributes in a

principal's credentials for use by specialized security applications. For example, the ERA facility could be

used to support single sign-on across non-UNIX platforms and legacy systems by associating additional

security information with users and groups.

• Extended logon capabilities — provide the following features:

✓ Pre-authentication, which improves the security of authentication by eliminating passive attacks on

the Key Distribution Center.

✓ Login denial, which permits limitation on the number of successive invalid attempts and Security

Server enforcement of password expiration.

✓ Password management, which permits strength checking of user-selected passwords according to site

policies and automatic generation of random plaintext passwords.

• ACL Manager Library — provides server writers with an ACL manager for use with all servers.

• Group override — customizes group name mapping from host to host to allow DCE to adapt to various

operating system conventions.