Planning and Configuring HP-UX DCE 2.0
About HP-UX DCE Version 2.0
Notes, Cautions and Warnings Regarding This Release
Chapter 216
Notes, Cautions and Warnings Regarding This
Release
Security and Remote Login Utilities
You can use standard UNIX remote login utilities (remsh, rlogin,
telnet) to perform remote DCE cell administration. However, these
utilities expose the cell administrator's password to network attackers
whenever you perform a task on a remote system. If a network attacker
obtains the password, the security of the cell's DCE services is
compromised. The most secure way to perform cell administration is to
log in locally to each system you want to administer. The use of Secure
Internet Services (SIS) does not provide better security for the purpose of
remote DCE cell administration.
Security and Credential Lifetime
DCE credentials consist of Kerberos tickets shared by principals and the
security server. The security server encrypts the tickets with a server
key. Usually, the credential lifetime for a Kerberos ticket is a defined
expiration time.
Hewlett-Packard recommends using Kerberos tickets with a defined
expiration time and changing the server keys frequently. Using tickets
with an infinite lifetime makes it difficult to automatically change server
keys without invalidating the outstanding tickets. It also defeats the
automatic key garbage collection, which the sec_key_mgmt_change_key
operation performs.
ANSI C Requirement for HP-UX DCE 2.0
Hewlett-Packard supports only the ANSI C compiler for building HP-UX
DCE applications. Hewlett-Packard cannot provide support for problems
with HP-UX DCE applications that were not compiled using the ANSI C
compiler.