Planning and Configuring HP DCE 1.7

Planning and Conﬁguring HP DCE 1.7 1-5

About HP DCE/9000 Version 1.7

HP DCE/9000 Core Services Software

See “Establishing Peer-to-peer Trust” in Chapter 7 for more

information on these important new options.

• HP has added a new -r option, which refreshes a user’s credentials, to

dce_login. Users are encouraged to use dce_login -r rather than

kinit to refresh their credentials, since dce_login -r uses the more

secure DCE Third-party preauthentication protocol, whereas kinit

uses the less secure Kerberos 5 Timestamps protocol.

• HP has changed the default behavior of its conﬁguration tools to

automatically enable audit ﬁltering. In addition, the default behavior

of secd has been changed to enable audit ﬁltering at start-up, and a

new secd option, -noauditﬁlters, had been added to disable audit

ﬁltering. See “Conﬁguring the DCE Audit Service” in Chapter 5, and

the online secd man page for more information.

• HP DCE Measurement Service (DMS) to monitor resource utilization

and performance of HP DCE 1.6 servers.

• Support for large uids.

• Support for context-switching 64-bit machine registers in DCE

threads ( libcma and libdce).

• Support for MC/ServiceGuard.

• Support for Secure Remote Utilities (Secure Internet Services) in the

InternetSrvcs product.

Features Added at HP DCE 1.7

The following features are new at HP DCE 1.7:

• NSS-DCE: a DCE module for the Name Service Switch (see

“Integrating DCE with HP-UX Integrated Login” in Chapter 6 for

more information).

• DCE support for Kerberos V5 applications through creation of

conﬁguration and keytab ﬁles.

• All integrated login utilities, including ftpd, now use the Pluggable

Authentication Module (PAM). There are no longer any separate

.auth binaries.

In addition, HP DCE 1.7 contains numerous bug ﬁxes.