Planning and Configuring HP DCE 1.8
Chapter 1 17
About HP DCE/9000 Version 1.8
HP DCE/9000 Core Services Software
new options that support intercell login:
See "Establishing Peer-to-peer Trust" in Chapter 7 for more
information on these important new options.
• HP has added a new -r option, which refreshes a user's credentials, to
dce_login. Users are encouraged to use dce_login -r rather than
kinit to refresh their credentials, since dce_login -r uses the more
secure DCE Third-party preauthentication protocol, whereas kinit
uses the less secure Kerberos 5 Timestamps protocol.
• HP has changed the default behavior of its configuration tools to
automatically enable audit filtering. In addition, the default behavior
of secd has been changed to enable audit filtering at start-up, and a
new secd option, -noauditfilters, had been added to disable audit
filtering. See "Configuring the DCE Audit Service" in Chapter 5, and
the online secd man page for more information.
• HP DCE Measurement Service (DMS) to monitor resource utilization
and performance of HP DCE 1.6 servers.
• Support for large uids and groups.
• Support for context-switching 64-bit machine registers in DCE
threads (libcma and libdce).
• Support for MC/ServiceGuard.
• Support for Secure Remote Utilities (Secure Internet Services) in the
InternetSrvcs product.
• NSS-DCE: a DCE module for the Name Service Switch (see
"Integrating DCE with HP-UX Integrated Login" in Chapter 6 for
more information).
• DCE support for Kerberos V5 applications through creation of
configuration and keytab files.
• All integrated login utilities, including ftpd, now use the Pluggable
-acctvalid Marks the local cell account as a valid
account. A valid local cell account allows
users from the foreign cell to login to nodes
in the local cell. The default is invalid.
-facctvalid Marks the foreign cell account as a valid
account. A valid foreign cell account allows
users from the local cell to login to nodes in
the foreign cell. The default is invalid.