Planning and Configuring HP DCE 1.7
1-16 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Notes, Cautions and Warnings Regarding This Release
Notes, Cautions and Warnings
Regarding This Release
dcecp host Command
All of the operations of the dcecp host command are implemented. See
the host (8dce) man page for syntax and details.
Security and Remote Login Utilities
You can use standard UNIX remote login utilities (remsh, rlogin,
telnet) to perform remote DCE cell administration. However, these
utilities expose the cell administrator’s password to network attackers
whenever you perform a task on a remote system. If a network attacker
obtains the password, the security of the cell’s DCE services is
compromised. The most secure way to perform cell administration is to
log in locally to each system you want to administer. The use of Secure
Internet Services (SIS) does not provide better security for the purpose of
remote DCE cell administration.
Security and Credential Lifetime
DCE credentials consist of Kerberos tickets shared by principals and the
security server. The security server encrypts the tickets with a server
key. Usually, the credential lifetime for a Kerberos ticket is a defined
expiration time.
Hewlett-Packard recommends using Kerberos tickets with a defined
expiration time and changing the server keys frequently. Using tickets
with an infinite lifetime makes it difficult to automatically change server
keys without invalidating the outstanding tickets. It also defeats the
automatic key garbage collection, which the
sec_key_mgmt_change_key operation performs.