Manualshelf

Planning and Configuring HP-UX DCE 1.9

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
51525354555657585960
Chapter 6
Configuring HP-UX DCE Cells
Configuring Cells Using dce_config
59
selection: 2 (Additional Server Configuration)
2. From the Additional Server Configuration Menu, choose Replica Security Server:
Additional Server Configuration (on
hostname
)
selection: 8 (Replica Security Server)
S******:Configuring Security Replication
S:****** starting slave security server (secd)...
The default name for the replica is subsys/dce/sec/$HOSTNAME. If you want to change the name of
the security replica that is created by dce_config, change the value of SEC_REPLICA, either in
/etc/opt/dce/dce_com_env, or in the shell environment from which dce_config is run. Note that you
must do this
before
running dce_config.
3. dce_config prompts for a name for the security replica. Enter whatever name you wish:
Enter the Security Replica name (without subsys/dce/sec): sec_rep_node
S:****** Modifying acls on /.:/sec/replist...
S:****** Modifying acls on /.:/subsys/dce/sec...
S:****** Modifying acls on /.:/sec...
S:****** Modifying acls on /.: ...
S:****** Modifying acls on /.:/cell-profile...
4. dce_config prompts for a key seed; enter any sequence of characters: Enter
keyseed for initial database master key:
Configuring the DCE Audit Service
At HP-UX DCE 1.4.2, the dce_config utility automatically enabled audit filtering by setting
DCEAUDITFILTERON before starting any DCE servers; in addition, when you invoke the "Auditing" command
from the dce_config "Additional Server Configuration" menu, dce_config specifies a set of default audit
filters before starting auditd, the audit daemon. You can use the dcecp audfilter command to delete or
modify these default filters, or to create new filters. See the -audfilter (1M) manpage for more information on
how to do this.
NOTE If you want to enable auditing, you must explicitly start the audit daemon by selecting 9
(Auditing) from the dce_config "Additional Server Configuration" menu. Not starting the
audit daemon is functionally equivalent to setting DCEAUDITOFF, effectively disabling auditing.
If you want to disable auditing completely, set the DCEAUDITOFF environment variable to 1 on each node
where you intend to run a DCE server before starting the cell's servers.
Removing Systems from the Cell
NOTE You cannot use the dce_config UNCONFIGURE option to remove a Master Security Server or
Initial CDS Server system from a cell. You must either use the DCM to do this, or reconfigure
the entire cell. You can use the dce_config UNCONFIGURE option to remove Additional CDS
Server or Replica Security Server systems from a cell.