               H                     Compaq_DCE_for_OpenVMS_VAX_and_OpenVMS_Alpha________!                     Release Notes   -                     Order Number: AA-RMWWA-TE                          July 2000   G                     This document contains the release notes for Compaq G                     Distributed Computing Environment (DCE) for OpenVMS *                     VAX and OpenVMS Alpha.                    G                     Revision/Update Information:  This is a new manual.   I                     Operating System:             OpenVMS VAX Version 6.2 ;                                                   or higher G                                                   OpenVMS Alpha Version ?                                                   6.2 or higher   H                     Software Version:             Compaq DCE for OpenVMS=                                                   Version 3.0                         /                     Compaq Computer Corporation "                     Houston, Texas                 N               ________________________________________________________________  0                2000 Compaq Computer Corporation  E               Compaq, VAX, VMS, the Compaq logo, and the DIGITAL logo =               Registered in U.S. Patent and Trademark office.   G               OpenVMS is a trademark of Compaq Information Technologies                Group, L.P.   B               Microsoft, Windows, and Windows NT are trademarks of$               Microsoft Corporation.  >               OSF/1 and UNIX are trademarks of The Open Group.  A               All other product names mentioned herein may be the E               trademarks or registered trademarks of their respective                companies.  G               Confidential computer software. Valid license from Compaq G               required for possession, use, or copying. Consistent with B               FAR 12.211 and 12.212, Commercial Computer Software,E               Computer Software Documentation, and Technical Data for H               Commercial Items are licensed to the U.S. Government under3               vendor's standard commercial license.   C               Compaq shall not be liable for technical or editorial 3               errors or omissions contained herein.   F               The information in this publication is subject to changeE               without notice and is provided "AS IS" WITHOUT WARRANTY D               OF ANY KIND. THE ENTIRE RISK ARISING OUT OF THE USE OFH               THIS INFORMATION REMAINS WITH RECIPIENT. IN NO EVENT SHALLI               COMPAQ BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, G               SPECIAL, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING G               WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, F               BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION),C               EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF @               SUCH DAMAGES. THE FOREGOING SHALL APPLY REGARDLESSB               OF THE NEGLIGENCE OR OTHER FAULT OF EITHER PARTY ANDF               REGARDLESS OF WHETHER SUCH LIABILITY SOUNDS IN CONTRACT,G               NEGLIGENCE, TORT, OR ANY OTHER THEORY OF LEGAL LIABILITY, I               AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY                LIMITED REMEDY.   H               The limited warranties for Compaq products are exclusivelyH               set forth in the documentation accompanying such products.B               Nothing herein should be construed as constituting a-               further or additional warranty.   C               The OpenVMS documentation set is available on CD-ROM.                                  F      _________________________________________________________________  F                                                               Contents      F            1     Services Compaq DCE Offers....................      1F            1.1       New Features in Version 3.0...............      2F            2     Contents of the Kits..........................      3F            2.1       Runtime Services Kit......................      4F            2.2       Application Developer's Kit...............      5F            2.3       CDS Server Kit............................      5F            2.4       Security Server Kit.......................      5F            3     Installation/Configuration Prerequisites......      6F            3.1       Reconfiguring After Installation..........      7:            3.2       Configuration Prerequisite on OpenVMSF                      Version 6.2...............................      7F            4     Troubleshooting...............................      8F            5     Updates to the System Login File..............      8F            6     Sizing for a Large Number of Users............      8F            7     Support for Applications......................      9=            8     Using TCP/IP Services for OpenVMS (UCX) with F                  DCE...........................................     10F            8.1       Sufficient TCP/IP Sockets.................     10F            8.2       Sufficient UCX Small and Large Buffers....     11F            8.3       UCX TCP Protocol Settings.................     11F            8.3.1       OpenVMS UCX TCP Parameter Settings......     12F            8.4       cdsLib Service Definition.................     12F            8.5       Using MultiNet with DCE...................     14F            9     Using PathWay with DCE........................     15F            10    Using TCPware with DCE........................     16F            11    Kerberos......................................     16F            12    Windows NT LAN Manager........................     168            13    Linking RPC Stub Modules into ShareableF                  Images........................................     17F            13.1      Errors Creating a Shareable Image.........     187            13.2      Errors Linking Against a Shareable F                      Image.....................................     19F            13.3      Errors Activating Shareable Images........     19  F                                                                    iii                   I               14    Restrictions and Known Problems...............     21 I               14.1      Documentation.............................     21 I               14.2      OpenVMS Supported Versions................     22 I               14.3      Kernel Threads and UPCALLS Support........     22 7               14.4      DCE Applications Do Not Require I                         Relinking.................................     22 I               14.5      DTS Server................................     22 =               14.6      Integrated Login and OpenVMS External I                         Authentication............................     22 I               14.7      Minimum Global Pages......................     23 I               14.8      RTI (Remote Task Invocation) RPC..........     23 I               14.9      Format of X.500 Cell Names................     23 <               14.10     Shutting Down Compaq DCE for OpenVMSI                         Before Reinstallation.....................     23 I               14.11     Configuring a CDS Replica Clearinghouse...     24 3               14.12     Reconfiguring a CDS Replica I                         Clearinghouse.............................     24 I               14.13     Privileged User Refreshing Credentials....     25 ?               14.14     Support for Integrated Login Before DCE I                         Startup on OpenVMS Systems................     25 ?               14.15     Support for Integrated Login Before DCE I                         Startup on OpenVMS Workstations...........     25 A               14.16     32-Character Restriction on DCE Principal I                         Names for Integrated Login................     26 @               14.17     Running DCE IMPORT in Batch Mode WithoutI                         Password..................................     26 =               14.18     Potential Integrated Login and SYSGEN I                         Problems..................................     26 I               14.19     Support for Packet Privacy................     28 I               14.20     DCE IDL Compiler and C++ Exceptions.......     28 I               14.21     Automatic Registration of Servers.........     29 I               14.22     Support for sigwait() ....................     29 I               14.23     Server Programming........................     29 I               14.24     Compiling Stubs on Alpha..................     30 <               14.25     Using the -cpp_cmd (/PREPROCESS) IDLI                         Compiler Option on OpenVMS Alpha..........     30 I               14.26     UCX Runtime Calls Not Thread Safe.........     30 I               14.27     POSIX.....................................     31 I               14.28     C RTL Routine Sleep Not Thread Safe.......     31 I               14.29     Ordering of System Startup Procedures.....     31 I               14.30     Case Sensitivity of DCE Utilities.........     31 I               14.31     CDSCP Commands Requiring a Local Server...     32       
         iv                   ?               14.32     DCE Command Line Programs Fail With SMG I                         Error.....................................     32 I               14.33     Dumping the CDS Cache.....................     32 I               14.34     CDS Clerk Failing on UCX Shutdown.........     33 I               14.35     Global Directory Agent Configuration......     33 I               14.36     Changes to RPC Shutdown...................     35 I               14.37     IDL Error When Installing DCE.............     35 I               14.38     Owner Error When Installing DCE...........     35 I               14.39     Port Error During DCE Configuration.......     36 :               14.40     Exception During DCE ConfigurationI                         Verification Program......................     36 B               14.41     Problem Converting DTS Local to DTS GlobalI                         Server....................................     37 ?               14.42     Problems With Sun Solaris DCE System as I                         CDS Master................................     37 I               14.43     Compile Warning in Example Programs.......     37 I               14.44     Missing CXX Library.......................     37 I               14.45     Unknown Ethernet Device on Host System....     38 <               14.46     Public Key Routines Not Supported onI                         OpenVMS...................................     38 A               14.47     Audit Trail Files Require UNIX-Style File I                         Specifications............................     39 I               14.48     Installation Warnings.....................     39 I               15    New APIs for Authenticated RPC................     40 I               15.1      RPC_WINNT_SET_AUTH_IDENTITY...............     40 I               15.2      RPC_WINNT_FREE_AUTH_IDENTITY..............     41 I               16    New APIs for Impersonation in DCE.............     42 I               16.1      RPC_IMPERSONATE_CLIENT....................     42 I               16.2      RPC_REVERT_TO_SELF........................     43 I               16.3      RPC_REVERT_TO_SELF_EX.....................     43 I               16.4      Enhanced RPC Security APIs................     44 I               17    The Routing File..............................     44 ;               17.1      Specifying Filenames in the Routing I                         File......................................     44 I               17.2      Using the Routing File....................     44                     I                                                                         v                    /                                   RELEASE NOTES   D             Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.0  F               Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.0D               replaces Digital DCE for OpenVMS VAX and OpenVMS AlphaF               Version 1.5. Version 3.0 is a complete kit that does notF               require a previous version of Compaq DCE for OpenVMS forH               installation. Version 3.0 can be installed on a new systemG               or can be installed as an update to a previous version of                DCE for OpenVMS.  F                 ________________________ Note ________________________  C                 Compaq DCE for OpenVMS Version 3.0 supports OpenVMS B                 Version 6.2, 7.1, and 7.2. See Section 1.1 for newF                 features and Section 14 for important restrictions and                 known problems.   F                 ______________________________________________________  $         1 Services Compaq DCE Offers  F               Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.01               consists of the following services:   I               o  Remote Procedure Call (RPC) service provides connections G                  between individual procedures in an application across <                  heterogeneous systems in a transparent way.  G               o  Interface Definition Language (IDL) compiler (required >                  for developing distributed DCE applications).  ?               o  Threads service provides user-mode control and C                  synchronization of multiple operations. Threads is 9                  packaged with the base operating system.   C               o  Cell Directory Services (CDS) provides a location- E                  independent method of identifying resources within a G                  cell. A cell is the smallest group of DCE systems that ;                  share a common naming and security domain.   F               o  Distributed Time Service (DTS) provides date and time/                  synchronization within a cell.   B               o  DCE Security Services provides authentication andD                  authorization within a cell and is based upon MIT's8                  Kerberos private key encryption system.  I                                                                         1                    '         1.1 New Features in Version 3.0   F               Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.0H               includes the following new features. (For more informationG               on these new features, see the Compaq DCE for OpenVMS VAX H               and OpenVMS Alpha Product Guide, unless otherwise stated.)  H               o  OSF DCE R1.2.2 support - Compaq DCE for OpenVMS VAX andG                  OpenVMS Alpha Version 3.0 is based on The Open Group's G                  R1.2.2 version of DCE. Full documentation for features D                  common to OSF DCE R1.2.2 is available in the R1.2.2                  documentation.   E                  This version adds the following new features to DCE:   9                  -  dced daemon and dcecp control program   C                     The RPC daemon (DCE$RPCD.EXE) has been replaced @                     by a combined RPC and security client daemonE                     (DCE$DCED.EXE). In addition, various command line F                     programs (rpccp, cdscp, dtscp, acl_edit, rgy_edit)D                     have been consolidated into a single new program                     (dcecp).  G                     The new commands that are available using dcecp can =                     be seen by issuing the following command:   #                     $ dcecp -c help                     -  Auditing  G                     A new auditing daemon (DCE$AUDITD.EXE) is available >                     in DCE for OpenVMS Version 3.0. The ModifyI                     Configuration Menu of the DCE setup command procedure E                     allows this feature to be enabled or disabled, as ;                     well as the dcecp command line program.   /                  -  Serviceability enhancements   ?                     See Section 17 for information on using the E                     routing file that is available as part of the newV0                     serviceability enhancements.  &                  -  New dtscp commands  1                     $ dtscp show clock resolution2@                     $ dtscp show time provider timeouts detected:                     $ dtscp show local server not in group5                     $ dtscp show servers not in groupn  *                  -  New dts time providers  	         2e i  U              H                     DCE$SETUP.COM now allows you to configure one of the-                     following time providers:   )                        Null Time Provider (                        NTP Time Provider  E                     This functionality can be accessed via the Modify '                     Configuration Menu.   D               o  Kernel Threads and Thread Manager upcalls support -B                  New in DCE for OpenVMS Version 3.0 is support forI                  running DCE applications with Kernel Threads and upcalls                   enabled.   H               o  RPC_UNSUPPORTED_NETIFS and RPC_SUPPORTED_NETADDRS - DCEH                  for OpenVMS Version 3.0 adds the ability to control theG                  use of DCE on systems with multiple network interfaces %                  and/or IP addresses.d  H               o  LDAP support - DCE support for LDAP over GDA (IntercellE                  communication) and LDAP over NSID (Windows NT accessWG                  to the Name Service Interface) is available in DCE fort%                  OpenVMS Version 3.0.e  C               o  DCE Privacy Kit included in base DCE kit - The DCE D                  Privacy kit has been retired, and the functionalityI                  has been combined into the base DCE kit. You can now useoH                  packet level privacy without a separate kit or license.G                  This funtionality is activated by setting the product_AI                  level parameter in the rpc_binding_set_auth_info call toS1                  rpc_c_protect_level_pkt_privacy.            2 Contents of the Kits  =               Compaq DCE for OpenVMS has four kits available:r  %               o  Runtime Services Kito  ,               o  Application Developer's Kit                 o  CDS Server Kiti  $               o  Security Server Kit  D               Note that the right to use the Runtime Services Kit isE               included as part of the OpenVMS license. The other kits .               each require a separate license.  I                                                                         3A                   G               The following sections list the contents of each of theseP               kits.T            2.1 Runtime Services Kit  F               The Runtime Services provide the basic services requiredH               for DCE applications to function. The Runtime Services Kit%               contains the following:I  F               o  NTLM (Windows NT LAN Manager) security (OpenVMS Alpha/                  Version 7.2-1 and higher only)C  @               o  Authenticated CDS Advertiser and Client Support                 o  CDS Browser  ,               o  DCE Control Program (dcecp)  ,               o  CDS Control Program (cdscp)  H               o  Authenticated DCE RPC runtime support (supports DECnet,                  TCP, and UDP)  G               o  RTI (Remote Task Invocation) RPC for the Compaq ACMSxp                   TP producti  (               o  Security Client Support  !               o  Integrated Logina  ;               o  A DCE_LOGIN tool for obtaining credentials   C               o  A RGY_EDIT tool for registry maintenance functions   :               o  KINIT, KLIST, and KDESTROY Kerberos tools  I               o  An ACL_EDIT tool for access control lists (ACLs) for DCE                   objects  ,               o  RPC Control Program (rpccp)  I               o  Name Services Interface Daemon (nsid); also known as theu$                  PC Nameserver Proxy  (               o  Native Kerberos support  '               o  XDS Directory Services2  %               o  XDS Object Managment.  	         4                    '         2.2 Application Developer's Kit.  F               The Application Developer's Kit is used by developers toE               build DCE applications. The Application Developer's Kit.%               contains the following:/  ?               o  The above contents of the Runtime Services Kitn  E               o  A mechanism to act as a porting aid in mapping MSRPCuF                  calls to DCE RPC calls (OpenVMS Alpha Version 7.2 and                  higher only)   B               o  Required DCE application development header files  =               o  Interface Definition Language (IDL) compiler   F               o  DCE IDL Compiler with C++ Extensions (Object-Oriented                  RPC)S  2               o  Generic Security Service (GSSAPI)  &               o  LSE Templates for IDL                 o  UUID Generator   B               o  .H (Include) files and .IDL files for application                  development  (               o  Sample DCE applications           2.3 CDS Server Kit  G               The CDS Server provides the naming services necessary for.D               DCE clients to locate DCE server applications. The CDS0               Server Kit includes the following:  "               o  CDS server (cdsd)  -               o  Global Directory Agent (GDA)h  E               The Global Directory Agent (GDA) lets you link multiple.I               CDS namespaces using the Internet Domain Name System (DNS),.               X.500, or LDAP.            2.4 Security Server Kit.  F               The Security Server provides security services necessaryG               for authenticated RPC calls between DCE client and serveroH               applications to function. The Security Server Kit includes               the following:  '               o  Security server (secd)   I                                                                         5                    G               o  Tool used to create the security database (sec_create_i                  db)  @               o  Security server administrative tool (sec_admin)  2         3 Installation/Configuration Prerequisites  D               In addition to shutting down DCE, DCE RPC must also beF               shut down before installing DCE for OpenVMS Version 3.0.G               Failure to do so can result in the inability to start DCE G               for OpenVMS Version 3.0. For DCE for OpenVMS Version 1.5, 9               the following is the proper shutdown order:   ;               1. Shut down DCE and clean up temporary files.  /                  $ @SYS$MANAGER:DCE$SETUP CLEAN.                 2. Shut down RPC  0                  $ @SYS$MANAGER:DCE$RPC_SHUTDOWN  C               If you are running a DCE for OpenVMS version prior to.F               Version 1.5, then executing the first command shuts down               both DCE and RPC.   G               As of OpenVMS Version 7.2, DCE RPC is supplied as part of H               the OpenVMS operating system, and may be running without aI               full DCE kit installed. In this situation, you only need toeG               perform the second command listed above to shut down RPC.   B               Compaq DCE for OpenVMS VAX and OpenVMS Alpha must beH               installed by running the DCE$INSTALL.COM procedure. Do notE               install the product by invoking the POLYCENTER SoftwaredC               Installation (PCSI) utility directly. DCE$INSTALL.COMpA               calls PCSI and performs several preinstallation andu=               postinstallation tasks. To install DCE, run the13               DCE$INSTALL.COM procedure as follows:   A               $ @ddcu:DCE$INSTALL.COM [help] ! optional PCSI help   B               See the Compaq DCE for OpenVMS VAX and OpenVMS AlphaH               Installation and Configuration Guide for more information.  A               Make sure that you run DCE$INSTALL.COM from a valid F               directory. Errors may occur during the installation that2               leave the default directory invalid.  	         6                    A               See the first chapter in the Compaq DCE for OpenVMS4B               VAX and OpenVMS Alpha Installation and ConfigurationE               Guide for information on installation and configuration                prerequisites.  D               If you are installing DCE for the first time, you mustG               configure DCE before starting it. To configure DCE, enterv$               the following command:  0               $ @SYS$MANAGER:DCE$SETUP CONFIGURE  ,         3.1 Reconfiguring After Installation  C               If you are installing a new version of Compaq DCE for E               OpenVMS VAX and OpenVMS Alpha over an existing version, H               you do not have to reconfigure DCE after the installation.G               Before the installation, stop the DCE daemons by entering4'               the following command(s):f  ,               $ @SYS$MANAGER:DCE$SETUP CLEAN  I               If you have DCE for OpenVMS Version 1.5 installed, you mustnB               also shut down RPC by issuing the following command:  -               $ @SYS$MANAGER:DCE$RCP_SHUTDOWN   B               After the installation, enter the following command:  ,               $ @SYS$MANAGER:DCE$SETUP START  =         3.2 Configuration Prerequisite on OpenVMS Version 6.2   @               After installing DCE for OpenVMS Version 3.0 on anH               OpenVMS Version 6.2 system, you must perform the following<               operations to enable DCE to operate correctly.  I               After the first installation of DCE for OpenVMS Version 3.0.I               on OpenVMS Version 6.2, execute the following command file:.  +               $ @SYS$MANAGER:UTC$TIME_SETUPw  D               Once this command procedure has run, and after DCE hasH               been configured, add the following two lines to the system?               startup procedure, SYS$MANAGER:SYSTARTUP_VMS.COM:e  +               $ @SYS$MANAGER:DCE$TIME_SETUP (               $ @SYS$STARTUP:DCE$STARTUP  H               These command procedures must be called in the order shown               above.  I                                                                         7                             4 Troubleshooting.  H               A chapter on troubleshooting is part of the Compaq DCE forG               OpenVMS VAX and OpenVMS Alpha Product Guide. This chapter..               includes the following sections:  .               o  General troubleshooting hints  <               o  Time zone and time synchronization problems  )               o  Client/Server Check List.  *         5 Updates to the System Login File  I               To define foreign commands, have the system manager add thecC               following to your SYLOGIN.COM after the installation:   L               $ If F$SEARCH("SYS$MANAGER:DCE$DEFINE_REQUIRED_COMMANDS.COM")-I               .NES. "" THEN @SYS$MANAGER:DCE$DEFINE_REQUIRED_COMMANDS.COMP  P       $ If F$SEARCH("SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COM")-O         .NES. "" THEN @SYS$COMMON:[DCE$LIBRARY]DCE$DEFINE_OPTIONAL_COMMANDS.COMo  ,         6 Sizing for a Large Number of Users  F               The DCE daemons require a number of system resources forG               each concurrent DCE client or server process. The default F               number of resources allocated to the daemons is based onD               a maximum of 70 concurrent users (servers and clients)D               running on a node. If you are running more than 70 DCE9               users on a node, you must do the following:   +               1. Stop DCE if it is running..  D               2. Define a systemwide logical called DCE$MAX_USERS toE                  the maximum number of users desired. For example, to C                  configure DCE for a maximum of 80 users, enter the                   following:   1                  $ define/system dce$max_users 80o  H                  Add this command to your system startup command file so;                  that it is executed prior to starting DCE.                  3. Restart DCE.e  G                  Refer to Section 8 for information about adding TCP/IPpI                  sockets if the current number of sockets is insufficientDA                  for the number of DCE users running on the node.i  	         8     t              "         7 Support for Applications  B               The Application Developer's Kit provides support for>               building DCE applications using DCE Services. ItC               provides Application Programming Interfaces (APIs) to D               RPC communication services, security services, and CDSF               name services via the RPC Name Services Interface (NSI).E               (Version 1.1 of Digital DCE for OpenVMS VAX and OpenVMS_H               Alpha replaced the Local Directory Services (LDS) with theI               Cell Directory Services (CDS).) The Application Developer's D               Kit contains the IDL compiler and Runtime support. TheH               header files and IDL files for developing applications are3               installed in the following directory:r  &               SYS$COMMON:[DCE$LIBRARY]  E               DCE applications must also be linked with the followinge               shareable image:  )               SYS$LIBRARY:DCE$LIB_SHR.EXEp  D               This image provides the entry points and global symbol3               definitions for the DCE API services.e  F               A link options file, SYS$COMMON:[DCE$LIBRARY]DCE.OPT, isH               also provided. It is recommended that this options file beG               included when linking your DCE applications. For example:t  3                             $ LINK PROG,DCE:DCE/OPTr  ?               Linking applications in this way makes your builddF               procedures more portable between OpenVMS VAX and OpenVMSC               Alpha. It also prevents link environment changes from 1               requiring changes to command files.   E               To help you port a Microsoft RPC application to the DCEaI               format, a shareable image called SYS$LIBRARY:MSRPC_MAPPING_ C               SHR.EXE can be used to link with the RPC application. G               This new image provides entry points that map a subset of G               Microsoft RPC calls to their DCE equivalents. To identify H               which APIs have been mapped, see the MSRPC_MAPPING.H file.@               This file must be included in the RPC application.      I                                                                         9                    :         8 Using TCP/IP Services for OpenVMS (UCX) with DCE  F               Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.0D               requires modification of several TCP/IP parameters forE               proper operation. You should carefully look through the I               parameters discussed in the next sections to understand anyg8               impact they may have on your local system.  D               The changes required depend on which version of CompaqD               TCP/IP Services for OpenVMS you are using. Most of theH               modifications listed in this section are not required whenE               using Compaq TCP/IP Services for OpenVMS Version 5.0 or,F               higher. Any changes needed for Version 5.0 or higher are%               identified in the text.   C               All parameter changes described below, except for thenE               cdsLib service definition, involve volatile parameters.aA               That is, if TCP/IP is restarted on your system, the E               parameter settings revert back to UCX-defined defaults,iH               unless the configuration is also modified. The appropriateD               commands to modify both the volatile and configuration9               values are shown in the following sections.b  F                 ________________________ Note ________________________  B                 DCE$SETUP checks for incorrect TCP/IP settings. IfD                 DCE$SETUP cannot read the settings, an error messageF                 is written to DCE$SETUP.LOG. If you have Compaq TCP/IP@                 Services for OpenVMS Version 5.0 installed, thenF                 DCE$SETUP.COM does not check or modify the parameters.  F                 ______________________________________________________  %         8.1 Sufficient TCP/IP Socketsn  A               DCE RPC and CDS use TCP/IP sockets for interprocess F               communication. The UCX default maximum number of socketsF               is inadequate for most DCE sites. It is recommended thatI               this parameter be set to a value of at least 250. Your site G               may require a higher value if you are using UCX for other E               than DCE. To modify the number of TCP/IP sockets, enter G               the following commands with the appropriate value for the -               number of sockets. For example:   9               $ UCX SET COMMUNICATION /DEVICE_SOCKETS=250 G               $ UCX SET CONFIGURATION COMMUNICATION /DEVICE_SOCKETS=250   
         10 d                 E               If the number of sockets is insufficient for the number F               of DCE users running on the node, increase the number ofH               device sockets by two for each additional DCE user (client               or server).s  2         8.2 Sufficient UCX Small and Large Buffers  A               The number of UCX small and large buffers necessaryeE               for proper performance depends on the number of networkaH               software applications running on your system. As a minimumB               for DCE sites, the following values are recommended:  ,                  Maximum Small Buffers = 600,                  Maximum Large Buffers = 200  H               Before you configure DCE, you should check the maximum andF               peak values for both small and large buffers as follows:  &               $ UCX SHOW COMMUNICATION-               $ UCX SHOW COMMUNICATION/MEMORYh  I               A nonzero drop value or a nonzero wait value indicates thattG               you should increase the maximum buffer value. In general,fD               the maximum value should be at least 20 percent higherI               than the peak value. Additionally, these counts will change G               in the future, and should be checked periodically, making 4               adjustments as necessary. For example:  9               $ UCX SET COMMUNICATION/SMALL=(MAXIMUM:600)oG               $ UCX SET CONFIGURATION COMMUNICATION/SMALL=(MAXIMUM:600)   9               $ UCX SET COMMUNICATION/LARGE=(MAXIMUM:200)AG               $ UCX SET CONFIGURATION COMMUNICATION/LARGE=(MAXIMUM:200)t  I               See the UCX System Management Guide for more information onK               tuning UCX.t  %         8.3 UCX TCP Protocol Settingse  D               DCE CDS is sensitive to the values of the TCP protocolE               parameters of the underlying TCP communication package.LF               Improperly setting these parameters may cause CDS clientE               operations to appear to hang. (Hangs occur when the TCPrF               parameters are incorrectly set and CDS client operationsI               initiate operations that result in very large data messagesdI               being transferred between CDS clients and servers.) If thisCE               happens, other CDS clients continue to function and thes1               hung client process may be aborted.   I                                                                        11     t              A               You can examine the current settings of the UCX TCP 3               protocol parameters with the command:a  0               $ UCX SHOW PROTOCOL TCP /PARAMETER  0         8.3.1 OpenVMS UCX TCP Parameter Settings  C               The correct default settings for the UCX TCP protocolj?               parameters on OpenVMS VAX systems are as follows:   1               $ UCX SHOW PROTOCOL TCP /PARAMETERSo               TCP -               MTU size segment:      disabled -               Delay ACK:             disabledS-               Loopback:              disabledj-               Drop timer:                 600 -               Probe timer:                 75 A                                       Receive                Send A               Checksum:               enabled             enabled'A               Push:                  disabled            disabledTA               Quota:                     4096                4096A  F               Note that the TCP /LOOPBACK and TCP/DELAY_ACK parameters9               must be disabled on Compaq DCE for OpenVMS.   D               If either of these parameter settings do not match theH               default settings above, enter one of the following sets of               commands:   P     $ UCX SET PROTOCOL TCP /NODELAY                ! Valid on TCP/IP Version 5.0P     $ UCX SET CONFIGURATION PROTOCOL TCP /NODELAY  ! Valid on TCP/IP Version 5.0  0               $ UCX SET PROTOCOL TCP /NOLOOPBACK>               $ UCX SET CONFIGURATION PROTOCOL TCP /NOLOOPBACK  %         8.4 cdsLib Service Definition   C               CDS uses a TCP service definition in the UCX services D               database. This service defines the port number for CDSE               client and clerk communication. The DCE$SETUP CONFIGURE G               operation should properly define this service for you. BysI               default, port number 1234 is used. If your site has another E               application that has defined a service using port 1234, I               the CONFIGURE operation will ask you to choose another port 5               number for use with the cdsLib service..  
         12                   I               After Compaq DCE for OpenVMS is configured, should you need F               to change the port number assigned to the cdsLib serviceI               (for example, you want to install an application that needs 5               port 1234), use the following commands:   *               $ UCX SET NOSERVICE "cdsLib"  E               The current service definition is displayed and you aretF               asked if you wish to delete it. Answer YES and enter the                following command:  ?               $ UCX SET SERVICE "cdsLib" /PORT=nnnn /file=NL: -sD                 /USER=DCE$SERVER /PROTOCOL=TCP /PROCESS=DCE$CDSCLERK  I               where nnnn is an unused port number to be used by CDS. Note.5               that four additional ports are defined:i  F               o  cdsAdver uses port number 1235 for process DCE$CDSADV  C               o  cdsDiag uses port number 1236 for process DCE$CDSDo  C               o  kerberos5 uses port number 88 for process DCE$SECD   B               o  ntp uses port number 123 for process DCE$DTS_NTP_                  PROVIDER                   $ UCX SHOW SERVICE  C               This command lets you examine the current UCX servicet               definitions.  G               The State for all of the DCE services should be Disabled.R  I               Also note that the service definitions in UCX are permanentoE               settings; that is, once defined, they will still be setoF               if UCX is restarted. For this reason, you do not need toH               put changes to the service definitions in your UCX startup               procedure.  B               This service definition is required on Compaq TCP/IP:               Services Version 5.0 as well as Version 4.0.        I                                                                        13  t  a              #         8.5 Using MultiNet with DCE   F               Compaq DCE for OpenVMS Version 3.0 can be used with TGV,A               Inc.'s MultiNet product in place of Compaq's TCP/IP D               Services for OpenVMS. If you want to use MultiNet withF               Compaq DCE for OpenVMS, you must contact TGV, Inc. for aB               copy of MultiNet, which contains support for DCE[1].  I               Then, follow the installation procedure and choose MULTINETuH               when the installation process prompts you for the specific-               TCP/IP product you want to use.   H               Add or replace the following command to the system startupE               command procedure (SYS$MANAGER:SYSTARTUP.COM) after the H               startup commands for the network transports, DECnet and/or%               Compaq TCP/IP Services:   7               $ @SYS$STARTUP:DCE$STARTUP START MULTINET   A               To configure DCE with MultiNet, enter the following                command:  6               @SYS$STARTUP:DCE$STARTUP CONFIG MULTINET  D               Otherwise, DCE will expect TCP/IP communications to be               provided by UCX.  H               The SYSGEN parameter MAXBUF must be set to a value greaterI               than the maximum message size to be transferred between thevG               CDS Clerk and CDS clients. If MAXBUF is not large enough,aF               client processes will hang in an I/O wait state. If thisF               happens, other CDS clients will continue to function andI               the hung process may be aborted without affecting them. TheeH               recommended setting for MAXBUF is 20,000 bytes or greater.F               (If you have a large CDS database with many directories,H               you may have to set it even higher.) If DCE processes hangI               while performing name service requests that transfer larger I               amounts of data, you probably need to increase the value off                MAXBUF as follows:  "               ____________________I               [1]   Compaq is not responsible for third-party applicationp>                     support.  Any issues around third-party IPH                     applications should be directed to those third-party0                     companies and not to Compaq.  
         14 C  M              %               $ RUN SYS$SYSTEM:SYSGEN                 SYSGEN> USE ACTIVED               SYSGEN> SET MAXBUF nnnn  ! nnnn = new value for MAXBUF"               SYSGEN> WRITE ACTIVE!               SYSGEN> USE CURRENT D               SYSGEN> SET MAXBUF nnnn  ! nnnn = new value for MAXBUF#               SYSGEN> WRITE CURRENTm               SYSGEN> EXIT  D               Note that this setting will remain in effect until theI               next time AUTOGEN is invoked. Make the changes permanent by D               editing SYS$SYSTEM:MODPARAMS.DAT and adding MIN_MAXBUFB               = nnnn and then invoking AUTOGEN as described in the3               installation and configuration guide.l  D               For further information on modifying SYSGEN parametersC               or on AUTOGEN, refer to the OpenVMS system managements               documentation.            9 Using PathWay with DCE  H               Compaq DCE for OpenVMS Version 3.0 has been designed to beI               used with Wollongong's PathWay product in place of Compaq'sf1               TCP/IP Services for OpenVMS.DCE[1].C  I               If you want to use PathWay with Compaq DCE for OpenVMS, youEF               must contact Wollongong for availability information andD               for a copy of PathWay, which contains support for DCE.  H               Then, follow the installation procedure and choose PATHWAYH               when the installation process prompts you for the specific-               TCP/IP product you want to use.   E               Add the following command to the system startup command E               procedure (SYS$MANAGER:SYSTARTUP.COM) after the startup G               commands for the network transports, DECnet and/or Compaq                TCP/IP Services:  4               @SYS$STARTUP:DCE$STARTUP START PATHWAY  I               To configure DCE with PathWay, enter the following command:i  5               @SYS$STARTUP:DCE$STARTUP CONFIG PATHWAYe  D               Otherwise, DCE will expect TCP/IP communications to be               provided by UCX.  I                                                                        15l i                 !         10 Using TCPware with DCEs  F               Compaq DCE for OpenVMS Version 3.0 can also be used withE               Process Software's TCPware product in place of Compaq's E               TCP/IP Services for OpenVMS. If you want to use TCPwareoC               with Compaq DCE for OpenVMS, you must contact ProcessuD               Software for a copy of TCPware, which contains support               for DCE[1].   H               Then, follow the installation procedure and choose TCPWAREH               when the installation process prompts you for the specific-               TCP/IP product you want to use.n  E               Add the following command to the system startup commandaE               procedure (SYS$MANAGER:SYSTARTUP.COM) after the startupiG               commands for the network transports, DECnet and/or Compaqf               TCP/IP Services:  4               @SYS$STARTUP:DCE$STARTUP START TCPWARE  I               To configure DCE with TCPware, enter the following command:   5               @SYS$STARTUP:DCE$STARTUP CONFIG TCPWAREe  D               Otherwise, DCE will expect TCP/IP communications to be               provided by UCX.           11 Kerberosv  E               The DCE Security Server makes UDP port 88 (service nameoG               "kerberos5") available for use by native Kerberos clientsc!               for authentication.   F               Kerberos realm names must match the cell name of the DCE               security server.  B               Support for native kerberos5 clients has had minimal'               interoperability testing.   !         12 Windows NT LAN ManagerS  E               Another mechanism to provide Authenticated RPC has beenmE               added to DCE for OpenVMS. Support for NTLM (Microsoft'soF               NT LAN manager protocol) has been added in OpenVMS Alpha'               Version 7.2-1 and higher.n  
         16    s              I               To use Authenticated RPC, a client passes its user securityeD               information (credentials) to the client's runtime. TheE               client runtime forwards these credentials to the server G               runtime through 3-legged protocol exchange. This provides H               a secure mechanism for authenticating the client, and also9               allows server impersonation of that client.   E               To select NTLM security, set the authn_svc parameter of F               the rpc_binding_set_auth_info call to rpc_c_authn_winnt.H               More information about manipulation of the data structures2               involved can be found in Section 15.  9         13 Linking RPC Stub Modules into Shareable Images   F               If you build shareable images that contain RPC generatedA               stub modules, you should use a linker options file.EE               PSECT statements in the linker options file are used tomE               resolve differences in the PSECT attributes between theaD               RPC generated object file and the new shareable image.G               The following sections discuss how to solve problems thattD               can arise when you create, link against, or activate aG               shareable image that contains RPC generated stub modules.p8               This section can be summarized as follows:  E               o  Program sections (PSECTs) in shareable images shouldpH                  be SHR,NOWRT or NOSHR,WRT unless the image is installed"                  with priviledges.  E               o  Program sections in modules linked against shareableaF                  images must match exactly or conflicting PSECT errors                  will occur.  F               o  Until the program runs, you may have to correct PSECT?                  attributes as far back as the shareable image.e  A               The PSECT attributes of the RPC generated interfacefF               specifications (IFspecs) should be set to the following:                 (GBL,SHR,NOWRT)   A               RPC interface specs usually do not change, so it is_B               rarely required that they be set to a writable PSECTF               attribute. RPC interface specs are frequently shared. IfI               your shareable image contains more than one cluster and thenH               same interface spec is defined in multiple object modules,E               these interface specs can be effectively collected intosH               the same global cluster with the GBL PSECT attribute. Note  I                                                                        17n                   E               that, in this case, the first module encountered by thecG               linker that defines the IFspec will be used to initializeuH               the value of the IFspec in the shareable image. A map fileD               can help you identify and correct problems with PSECTsE               and their contents. The contents of any PSECT should ben               nonzero.  G               If you find a zero byte PSECT, you may need to explicitly E               specify the module name in the options file. The moduleeB               name can be specified directly on its own or as partE               of the /library/include=() statement associated with an G               object library. PSECTs should not be zero unless they aresI               initialized at runtime, and this presumes that the PSECT is                writable (WRT).   .         13.1 Errors Creating a Shareable Image  G               The following examples show some of the errors that mightUE               occur when you try to create a shareable image with RPC "               stub object modules.  8               $ link/share/exe=myshr.exe/map=myshr.map -6               _$ test1_mgr,test1_sstub,dce:dce.opt/optJ               %LINK-I-BASDUERRS, basing image due to errors in relocatable               referencesL               %LINK-W-ADRWRTDAT, address data in shareable writeable section<               in psect TEST1_V0_0_S_IFSPEC offset %X00000000K               in module TEST1_SSTUB file USER:[MY.CODE.DCE]TEST1_SSTUB.OBJ;                $   F               The PSECT name is causing the linker problem. To correctI               this problem, create an option file including the followingtF               line, and place it on your link command line as follows:                  $ create myopt.opt7               PSECT= TEST1_V0_0_S_IFSPEC, shr,nowrt,gbl                ctrl-z               $e8               $ link/share/exe=myshr.exe/map=myshr.map -D               $_ test1_mgr,test1_sstub,dce:dce.opt/opt,myopt.opt/opt  I               This will remove the link problems so that you can create aMG               shareable image. There are still errors in this shareableMH               image whose solutions are shown in the following examples.  
         18 E  O              5         13.2 Errors Linking Against a Shareable Imageh  G               Once you have a shareable image, you may still see linkergB               problems related to the PSECT attributes between theD               shareable image and new object files. In the following@               example, a main routine is linked against the sameG               shareable image from the previous example. The new object I               module references some of the same variables defined by thea               RPC stub module.  H               $ link/exec=test1d/map=test1d.map test1_main,sys$input/opt               myshr.exe/share                ctrl-z>               %LINK-W-MULPSC, conflicting attributes for psect!               TEST1_V0_0_S_IFSPECfI               in module TEST1_MAIN file USER:[MY.CODE.DCE]TEST1_MAIN.OBJ;                $   ?               If you search the map files of both myshr.map and H               test1d.map for the PSECT TEST1_V0_0_S_IFSPEC, you will seeF               that the PSECT attributes for this PSECT match; however,D               the map files are incorrect. The solution to this linkC               problem is to include the PSECT directive in a linkereE               options file for the offending PSECT name. The previous H               example simply typed in the options from the command line,F               but you should place these linker statements in a linkerI               option file. The options are typed in from SYS$INPUT in thed                following example:  I                $ link/exec=test1d/map=test1d.map test1_main,sys$input/opt 8                PSECT= TEST1_V0_0_S_IFSPEC, shr,nowrt,gbl                myshr.exe/share                ctrl-z                 $  /         13.3 Errors Activating Shareable Images   E               When you run this program, the following results occur:                  $ run test1d;               %DCL-W-ACTIMAGE, error activating image MYSHR I               -CLI-E-IMAGEFNF, image file not found SYS$LIBRARY:MYSHR.EXE                $r    I                                                                        19t f  o              E               To allow the image activator to check a directory other E               than SYS$LIBRARY for your new shareable image, you mustCG               define a logical name or you must copy your new shareable I               image into SYS$LIBRARY. In the following example, a logicalPC               name is defined and the program is run again with the                 following results:  2               $ define MYSHR sys$disk:[]myshr.exe;               $e               $ run test1d;               %DCL-W-ACTIMAGE, error activating image MYSHRRE               -CLI-E-IMGNAME, image file USER:[MY.CODE.DCE]MYSHR.EXE;.O               -SYSTEM-F-NOTINSTALL, writable shareable images must be installed                $l  B               The problem is in the myshr.exe image: myshr.exe hasE               PSECTs whose PSECT attributes specify both SHR and WRT. H               The solution is to add the correct PSECT attributes to theH               myshr.opt options file that is used to build the myshr.exeG               shareable image. This can be done on the command line, asr               follows:  8               $ link/share/exe=myshr.exe/map=myshr.map -D               $_ test1_mgr,test1_sstub,dce:dce.opt/opt,sys$input/opt7               psect= TEST1_V0_0_S_IFSPEC, shr,nowrt,gbl =               psect= RPC_SS_ALLOCATE_IS_SET_UP, noshr,wrt,gble<               psect= RPC_SS_CONTEXT_IS_SET_UP, noshr,wrt,gbl;               psect= RPC_SS_SERVER_IS_SET_UP, noshr,wrt,gblc:               psect= RPC_SS_THREAD_SUPP_KEY, noshr,wrt,gbl=               psect= RPC_SS_CONTEXT_TABLE_MUTEX,noshr,wrt,gbl 7               psect= TEST1_V0_0_C_IFSPEC, shr,nowrt,gbl                <ctrl-z>               $e  E               All of the PSECTs that existed in the myshr.map mapfile F               that had SHR and WRT attributes were changed so that theI               PSECT was either SHR,NOWRT or NOSHR,WRT. The choice dependsEH               upon your use of the data item. IFspecs are usually sharedD               and nonwritable. The RPC_SS PSECTs are written and notF               generally shared among program images linked against the               shareable image.        
         20                   D               The following example tries to relink the main program0               again, but another problem occurs:  H               $ link/exec=test1d/map=test1d.map test1_main,sys$input/opt7               PSECT= TEST1_V0_0_S_IFSPEC, shr,nowrt,gbl                myshr.exe/sharer               ctrl-z  >               %LINK-W-MULPSC, conflicting attributes for psect!               TEST1_V0_0_C_IFSPECaI               in module TEST1_MAIN file USERE:[MY.CODE.DCE]TEST1_MAIN.OBJ                $   E               Because the PSECT attributes of the TEST1_V0_0_S_IFSPEC H               PSECT was changed in the shareable image, its reference inG               test1_main.obj is not correct. To solve this problem, adde7               the correct PSECT attribute. For example:v  H               $ link/exec=test1d/map=test1d.map test1_main,sys$input/opt7               PSECT= TEST1_V0_0_S_IFSPEC, shr,nowrt,gbl 7               PSECT= TEST1_V0_0_C_IFSPEC, shr,nowrt,gbl                myshr.exe/sharee               <ctrl>               $I  E               In the final example, the test1d program is run and thec$               desired results occur:                 $ run test1d*               ncacn_ip_tcp 16.32.0.87 33143               ncacn_dnet_nsp 63.503 RPC270002590001S*               ncadg_ip_udp 16.32.0.87 1485  *         14 Restrictions and Known Problems  H               The following sections provide details on restrictions andG               known problems in this version of Compaq DCE for OpenVMS.D           14.1 Documentation  G               All DCE documentation except the online help can be foundCG               on the OpenVMS documentation CD-ROM. The Open Group's DCEcF               documentation for the R1.2.2 release is provided in HTML               format.b  I                                                                        21r f  e              D               OpenVMS specific documentation (Compaq DCE for OpenVMSA               VAX and OpenVMS Alpha Product Guide, Compaq DCE for.G               OpenVMS VAX and OpenVMS Alpha Reference Guide, and CompaqiD               DCE for OpenVMS VAX and OpenVMS Alpha Installation and5               Configuration Guide) is also available.B  '         14.2 OpenVMS Supported Versions   E               Compaq DCE for OpenVMS Version 3.0 includes support for F               OpenVMS Version 6.2, Version 7.1-*, and Version 7.2-* on)               both VAX and Alpha systems.a  /         14.3 Kernel Threads and UPCALLS Supporty  I               As of OpenVMS Version 7.2-1, Compaq DCE for OpenVMS Version F               3.0 supports DCE applications on Alpha built with Kernel9               Threads and Thread Manager upcalls enabled.   H               By default, DCE daemons (dced, secd, cdsd, etc.) are builtG               and shipped with Kernel Threads disabled. Enabling Kernel G               Threads and Thread Manager upcalls on these images is notU               supported.  6         14.4 DCE Applications Do Not Require Relinking  F               Although there are many new APIs in this version of DCE,I               existing DCE applications do not need to be relinked beforenG               they can run on this release. However, if the application H               developer wants to use any of the new APIs, then they must#               recompile and relink.            14.5 DTS Serverd  E               The following time server commands are not supported inA               this release:   +               dtscp>SHOW DECnet TIME SOURCEa  A         14.6 Integrated Login and OpenVMS External Authenticatione  F               As of OpenVMS Version 7.1, the operating system providesF               support for external authentication using PATHWORKS. DCEH               Integrated Login is incompatibile with this functionality.I               DCE$SETUP.COM will warn the user if external authentication C               is enabled on the host system. If Integrated Login is F               enabled in spite of the warning, external authenticationE               will be disabled and applications that are dependent onuC               external authentication may not function as expected.   
         22 h  ,              !         14.7 Minimum Global Pages   F               Compaq DCE for OpenVMS VAX and OpenVMS Alpha Version 3.0E               has increased its global pages requirements as follows:   F               o  Compaq DCE for OpenVMS VAX requires 3750 global pagesF                  before installation. (Previously, the requirement was                  3000.)   H               o  Compaq DCE for OpenVMS Alpha requires 7350 global pagesF                  before installation. (Previously, the requirement was                  6000.)   -         14.8 RTI (Remote Task Invocation) RPCr  E               RTI RPC is a transactional RPC that is provided for use F               with Compaq's ACMSxp TP product. RTI RPC requires OSI TP;               from the OSI Application Developer's Toolkit.   '         14.9 Format of X.500 Cell Names   E               X.500 cell names have the form c=country/o=organization H               /ou=organization unit. X.500 cell names can contain spacesC               or hyphens if they are enclosed in double quotes, but F               underscores are never allowed, even if they are enclosedG               in double quotes. For example, the X.500 cell names /c=us I               /o=digital/ou="excess cell" and /c=us/o=digital/ou="excess- G               cell" are allowed, but /c=us/o=digital/ou=excess_cell and ?               /c=us/o=digital/ou="excess_cell" are not allowed.r  H         14.10 Shutting Down Compaq DCE for OpenVMS Before Reinstallation  F               If you are installing Compaq DCE for OpenVMS Version 3.0E               over an existing version of DCE on a common system disk D               in a OpenVMS Cluster environment, be sure to shut downH               DCE and RPC on all nodes that share the common system diskF               before the installation. If you do not shut down DCE andD               RPC, parts of DCE and your OpenVMS cluster may exhibit*               undesirable characteristics.  H               If you are reinstalling Compaq DCE for OpenVMS Version 3.0H               over a Version 1.x kit and you are using Integrated Login,E               and if you do not shut down DCE on all nodes that shareiF               the common system disk, you can cause the LOGINOUT imageF               to fail to run on all of the nodes that share the common               system disk.  I                                                                        23n o  a              ?               You can correct this problem by shutting down and H               restarting DCE on the affected nodes. However, if LOGINOUTD               is not running, you cannot log in; therefore, you must7               reboot the system to correct the problem.   5         14.11 Configuring a CDS Replica Clearinghouse   I               Before you configure a CDS replica clearinghouse, make suresE               that the system clock is synchronized to within secondsmE               of the CDS master server. To validate the time, use thes                following command:  (               $ dtscp show local servers  D               This shows the skew between the host and all other DTS"               servers in the cell.  7         14.12 Reconfiguring a CDS Replica ClearinghouseM  F               If it becomes necessary to reconfigure or rebuild a hostE               that includes a CDS replica clearinghouse, you may findnE               that the creation of the clearinghouse succeeds but thebE               skulk that is executed immediately after fails. If thise:               happens, you will see the following message:  M               *** The creation of the CDS Replica Clearinghouse has succeededpK               *** but the namespace has been left in an inconsistent state.sO               *** This condition will correct itself in a short period of time. F               *** Once the command "cdscp set dir /.: to skulk" can beL               *** successfully executed the namespace will be consistent andF               *** the replica clearinghouse will be fully operational.@               *** In the meantime you can replicate directories.  F               This is a known problem. The situation will clear itselfG               in about an hour; however, you will not be able to createbD               any other clearinghouses until this condition has been               corrected.  A               If you want to correct the problem immediately, you A               can restart DCE on the master server. You will thenoD               be able to skulk the root directory and add additional               clearinghouses.P      
         24    t              4         14.13 Privileged User Refreshing Credentials  =               When a priviledged process creates or refreshescG               credentials, the owner UIC for the files is [DCE$SERVER].LI               If a privileged process needs to refresh credentials for an G               unprivileged process, the privileged process should firstTE               change its owner UIC to be the same as the unprivilegedfF               process and disable its privileges. Otherwise, the ownerG               UIC for the updated credentials will be [DCE$SERVER], anduH               the unprivileged process may no longer be able to read its               own credentials.  H         14.14 Support for Integrated Login Before DCE Startup on OpenVMS               Systems   F               If your OpenVMS system startup allows interactive loginsI               to occur before DCE is started, the interactive logins thateE               occur before DCE is started will not support Integratede               Login.  B               If you interactively log in to OpenVMS before DCE isA               started, you must specify your OpenVMS username andsG               password. You will not be logged in with DCE credentials.fB               (If you log in after DCE is started on systems whereA               Integrated Login is enabled, it is recommended that A               you specify your DCE principal name and password at E               the username and password prompts when using Integrated                Login.)s  H         14.15 Support for Integrated Login Before DCE Startup on OpenVMS               Workstations  G               If your OpenVMS system startup allows DECwindows Motif toSI               start up and display the DECwindows login box before DCE isoH               fully started, the first DECwindows login will not supportG               Integrated Login. In this case, Integrated Login will notsI               be supported even if the first login occurs after DCE is upd               and running.  C               If DECwindows Motif displays the DECwindows login box B               before DCE is started, you must specify your OpenVMSG               username and password. You will not be logged in with DCEfG               credentials. (If the DECwindows login box is displayed onEH               your workstation after DCE is started and Integrated LoginE               is enabled, it is recommended that you specify your DCEeF               principal name and password at the username and password3               prompts when using Integrated Login.)   I                                                                        25b                   A         14.16 32-Character Restriction on DCE Principal Names form               Integrated Login  F               When you log in to an OpenVMS system that has IntegratedI               Login enabled, you can specify either your OpenVMS usernamelI               or your DCE principal name at the username prompt. However,sD               the DCE principal name you specify can contain no moreF               than 32 characters. If your principal name and cell nameG               combination contains more than 32 characters, specify thegG               OpenVMS username that is associated with your DCE account F               instead. (This username is entered in the DCE$UAF file.)D               You should still enter your DCE password to obtain DCED               credentials even if you specify your OpenVMS username.  ?         14.17 Running DCE IMPORT in Batch Mode Without Passworda  G               If you run DCE IMPORT in batch mode and you do not supplysE               a password for the DCE account on the command line, the D               password valid flag incorrectly remains set in the DCEE               registry. Because a password was not supplied, the flagEH               should indicate password not valid and the user should notF               be allowed to log in. A scan of the DCE account via RGY_E               EDIT reveals the incorrect flag setting (password valid D               when actually the password is not valid). However, theF               user will not be allowed to log in (which is the correct               behavior).  <         14.18 Potential Integrated Login and SYSGEN Problems  F               The Integrated Login component of Compaq DCE for OpenVMSG               uses the SYSGEN parameter LGI_CALLOUTS. LGI_CALLOUTS mustpF               be set to 1 only in the ACTIVE SYSGEN parameter set whenH               DCE is running with Integrated Login enabled. LGI_CALLOUTSD               must never be set to 1 in the CURRENT SYSGEN parameterE               set - this would prevent all logins from occurring on a G               subsequent reboot of the system. The following paragraphs G               discuss the reasons for this restriction and solutions ify!               the problem occurs.r  D               If Integrated Login is enabled on your system, the DCEF               startup and configuration procedure, DCE$SETUP.COM, setsI               the SYSGEN parameter LGI_CALLOUTS to 1 in the ACTIVE SYSGEN H               parameter set when DCE is started and resets the parameterF               when DCE is shut down. LGI_CALLOUTS must never be set toD               1 in the CURRENT SYSGEN parameter set because, in thatG               case, the next time the system is booted the LGI_CALLOUTS   
         26                   H               parameter is set in the ACTIVE SYSGEN parameter set beforeB               DCE is started. This prevents logins from occurring.  F               If the ACTIVE value of LGI_CALLOUTS is set to 1 when DCEG               and Integrated Login are not running, the following errorrF               is displayed when LOGINOUT attempts to run (for example,/               for interactive or batch logins):-  #               No logical name match   F               Consequently, all users are prevented from logging in to               the system.e  H               This problem can occur if, for example, a SYSGEN parameterE               is modified in the following way while Integrated LogintE               is enabled. This prevents logins because it causes LGI_rI               CALLOUTS to be set to 1 the next time the system is booted.a  %               $ RUN SYS$SYSTEM:SYSGEN %               SYSGEN> SET param valuem#               SYSGEN> WRITE CURRENT1               SYSGEN> EXIT               $   E               The correct way to modify a SYSGEN parameter is to makeCE               the change in MODPARAMS.DAT and then run AUTOGEN. If itTE               is essential to modify a SYSGEN parameter without using_D               MODPARAMS.DAT and AUTOGEN, you must ensure that if youH               use ACTIVE, you write the parameters into ACTIVE only; andG               if you use CURRENT, you write the parameters into CURRENTcC               only. Do not copy the ACTIVE parameters into CURRENT.t  G               Following are two examples of acceptable ways to modify a                SYSGEN parameter:   %               $ RUN SYS$SYSTEM:SYSGEN,!               SYSGEN> USE CURRENT %               SYSGEN> SET param valuep#               SYSGEN> WRITE CURRENT                SYSGEN> EXIT               $n        I                                                                        27                    %               $ RUN SYS$SYSTEM:SYSGEN B               SYSGEN> USE ACTIVE     ! optional, default is ACTIVE%               SYSGEN> SET param valueo"               SYSGEN> WRITE ACTIVE               SYSGEN> EXIT               $n  G               If you cannot log in because LGI_CALLOUTS is set to 1 and F               DCE is not running, there are two solutions, as follows:  I               o  If you are already logged into the system, use SYSGEN toE%                  correct the problem.f  (                  $ RUN SYS$SYSTEM:SYSGEN+                  SYSGEN> SET LGI_CALLOUTS 0C%                  SYSGEN> WRITE ACTIVE                   SYSGEN> EXITe                  $  H               o  Reboot the system with a conversational boot and ensure9                  that the LGI_CALLOUTS parameter is zero.b  ,                  SYSBOOT> SET LGI_CALLOUTS 0                  SYSBOOT> Ca  (         14.19 Support for Packet Privacy  G               Compaq DCE for OpenVMS supports the rpc_c_prot_level_pkt_hI               privacy level of data encryption as of this release. Recent F               changes in the government's encryption regulations allowD               this functionality to be provided in the base DCE kit,G               as opposed to a separate product (as in previous versions_G               of Compaq DCE for OpenVMS). See the documentation on rpc_40               binding_set_auth_info for details.  1         14.20 DCE IDL Compiler and C++ Exceptionss  E               A client using the DCE IDL compiler with C++ extensionspH               invokes methods on objects that cause IDL generated clientH               stub code to be invoked. By default, communications errorsF               or remote faults that occur during the stub's processingA               cause exceptions to be raised using the DCE Threads D               exception handling mechanism. Therefore, C++ code thatF               needs to catch and respond to these exceptions must also?               use the DCE Threads exception handling mechanism.M  
         28 u  ,              E               Some, but not all, C++ compilers have built-in languagemE               support for exceptions. Exceptions are not supported inaF               older versions of the DEC C++ for OpenVMS compilers. C++F               application code that processes exceptions returned fromI               DCE IDL stubs should continue to use DCE Threads exceptionsn<               if using compilers without exceptions support.  B               You can avoid the raising of exceptions from DCE IDLE               stubs by using the [comm_status] and [fault_status] ACF F               attributes. For more information, see the Guidelines forG               Error Handling chapter in the DCE Application Development                Guide.  /         14.21 Automatic Registration of Servers   @               In the IDL compiler, servers are now automaticallyA               registered by server stubs. If you call rpc_server_ G               register_if(), the already registered status is returned.RC               (Remove the call to rpc_server_register_if() from therF               server.cxx file before you build the example programs inH               the Example Programs section of the Compaq DCE for OpenVMS3               VAX and OpenVMS Alpha Product Guide.)e  #         14.22 Support for sigwait()   G               The DCE Application Guide and DCE Reference Guide include F               incorrect information about support for sigwait(). POSIXD               Threads Library (formerly DECthreads) does not support0               sigwait() on the OpenVMS platform.            14.23 Server Programming  C               When running DCE server applications on OpenVMS AlphauG               Version 6.2 systems, it is possible to exhaust the servereI               thread stack space if your server makes use of the %f or %eEG               conversion characters for formatting output. For example,eG               the following printf statement could cause an overflow of &               the server thread stack:  :               printf ("The computed value = %f\n", value);  B               This error can cause the server to terminate with anD               unexpected error code such as an Access Violation or a%               Reserved Operand Fault.o  I                                                                        29r e  t              B               If you experience this type of error, you must add aD               call to the RPC routine rpc_mgmt_set_server_stack_sizeI               specifying a stack size of at least 14000, prior to calling                 rpc_server_listen.  &         14.24 Compiling Stubs on Alpha  G               If a stub is compiled on Alpha with optimization switched6F               on, it may not handle exceptions correctly, depending onG               the version of Compaq C for OpenVMS. Therefore, on Alpha, F               you should compile stubs with optimization switched off,B               unless you are sure that the version of Compaq C forC               OpenVMS that is on your system handles this situationm               correctly.  E         14.25 Using the -cpp_cmd (/PREPROCESS) IDL Compiler Option ons               OpenVMS Alpha   F               When you specify the -cpp_cmd (/PREPROCESS) option in anC               IDL command, the IDL compiler preprocesses any IDL orsD               ACF sources by invoking the Compaq C compiler with theF               /PREPROCESS_ONLY qualifier. Because of a problem in someE               versions of the Compaq C compiler on OpenVMS Alpha, the/I               IDL compiler may incorrectly report source line numbers and 6               contents when it reports error messages.  H               If your IDL and ACF source files do not use C preprocessorC               directives (such as #define), then you do not need to G               specify the -cpp_cmd (/PREPROCESS) option. Otherwise, the G               workaround is to change multiline comments to a series of #               single line comments.t  /         14.26 UCX Runtime Calls Not Thread Safe   E               Note that UCX Runtime Calls are not always thread safe.i  F               UCX has two main application programming interfaces: VMSC               system services (for example, $ASSIGN, $QIO, $CANCEL)gD               and the C socket library. Of these two, the VMS systemI               services are fully thread-safe, while the socket library isIG               not. The most common problem with sockets is the select()hI               call, which blocks the entire process (not just the calling I               thread) until the specified I/O events occur or the timeout                expires.  
         30 d                          14.27 POSIXo  I               The OpenVMS POSIX product has been retired, and support for I               the POSIX command line has been removed from Compaq DCE foreF               OpenVMS VAX and OpenVMS Alpha Version 3.0. The OpenVMS CG               runtime support for many of the POSIX calls has improved,eE               and most applications should see no change in behavior.eI               Only those applications that require the POSIX command lineh%               interface are affected.   1         14.28 C RTL Routine Sleep Not Thread Safe   H               The C RTL routine sleep is not thread safe. The sleep callF               may wake up prematurely if calls to DCE APIs are made atE               the same time. It is recommended that you use a thread-lI               safe mechanism such as pthread_delay_np, pthread_cond_wait,fH               pthread_cond_timedwait, and pthread_cond_signal to delay aI               thread. For more information on these APIs, please refer to C               the OSF DCE Application Development Reference Manual.   3         14.29 Ordering of System Startup Procedures   C               The order of startup procedures should be as follows: B               DECnet, TCP/IP software, DCE, then DCE applications.  /         14.30 Case Sensitivity of DCE Utilities*  D               Some input to Compaq DCE for OpenVMS utilities is caseD               sensitive (for example, CDSCP entity attribute names).H               Since the DCL command line interface converts all input toI               uppercase before passing it to a utility, some input to thesG               DCE utilities will need to be enclosed in quotation markso               (" ").  F               When you enter commands directly at DCE utility prompts,A               you should not use the quotation marks because case @               sensitivity is preserved. (Case sensitivity is notB               preserved by the Integrated Login utilities DCE$UAF,F               IMPORT, and EXPORT because these are true native OpenVMS               applications.)          I                                                                        31                    5         14.31 CDSCP Commands Requiring a Local Server   G               There are several CDSCP commands that assume the presencefF               of a CDS server on the local system. These commands willG               not execute properly in the absence of a local server. At =               present, CDSCP will return the following error:    P          Failure in routine: cp-xxxxxxx not registered in endpoint map (dce/rpc)  (               The affected commands are:                 CDSCP SHOW SERVERv"               CDSCP DISABLE SERVER(               CDSCP CREATE CLEARINGHOUSE  ;         14.32 DCE Command Line Programs Fail With SMG Errorr  H               If the process has its UIC set to DCD$SERVER, and does notG               have the BYPASS privilege set, DCE command line utilitiess1               will fail with the following error:   2               error creating SMG virtual keyboard.6               %NONAME-E-NOMSG, Message number 00000002  I               The resolution to this problem is to either run under a UICcF               other than DCE$SERVER, or to set the BYPASS privilege on1               accounts set to the DCE$SERVER UIC.   A               This problem does not affect the running of the DCEr+               daemons, only user processes.   #         14.33 Dumping the CDS Cachei  H               The CDSCP and DCEDP commands to examine the CDS cache willE               fail with the following errors if CDSCP or DCECP is runr:               under a Process UIC other than [DCE$SERVER]:  &               $ CDSCP DUMP CLERK CACHE               Cannot map -1l'               - check id and protectiontF               An error occured calling a CDS API function. (dce / cds)  &               $ DCECP -C CDSCACHE DUMP               Cannot map -1 '               - check id and protectionrF               Error: The cache dump failed in an indeterministic mode.  
         32    u              F               To work around this restriction, issue the following DCL7               command before you invoke CDSCP or DCECP:u  $               $ SET UIC [DCE$SERVER]  H               Remember to reset your UIC to its original value after you               use this command.o  /         14.34 CDS Clerk Failing on UCX Shutdowna  C               If you issue a SYS$STARTUP:UCX$SHUTDOWN command whiledH               running DCE, you may get a CDS Clerk failure and an AccessC               Violation. You may then encounter problems restartinghE               the CDS Clerk (and DCE itself) with the DCE$SETUP START                command.  F               The primary problem is that UCX is being shut down whileC               DCE is still active. Because DCE uses UCX, DCE should (               always be shut down first.  E               To recover from this problem, you need to shut down DCE F               first and then restart. Simply trying to restart withoutA               first shutting down DCE will not fix the underlyingu@               problem. Because temporary files may be left in anA               indeterminate state, you may also want to perform ai:               DCE$SETUP CLEAN operation before restarting.  2         14.35 Global Directory Agent Configuration  C               The Global Directory Agent (GDA) is configured on the)D               OpenVMS node that contains the CDS Master Replica nameD               server. The DNS domain name (for example, zko.dec.com)E               and the Internet Address of an authoritative DNS Master G               Bind Server (for example, 16.32.2.11) are required during F               configuration if you are using DNS Bind style cellnames.  G               Before access to multiple CDS namespaces is possible, the =               following are required after the configuration:E  G               1. The Master Bind Server identified during configuration ?                  becomes the repository for information the GDA G                  requires to resolve the Internet addresses and bindingiF                  information needed by CDS to access foreign cell nameI                  spaces. This applies to DNS Bind cellnames only. See the G                  Intercell Naming chapter in the Compaq DCE for OpenVMSSD                  VAX and OpenVMS Alpha Product Guide for the binding;                  information content, location, and access._  I                                                                        33S    a              F               2. Authenticated access to foreign (intercell) cell nameE                  space requires performing the RGY_EDIT cell command.rE                  The information needed for the cell command requires F                  coordination with the foreign cell administrator. ForI                  more information, see both the Administering a MulticellyH                  Environment chapter in the OSF DCE Administration GuideG                  and the Intercell Naming chapter in the Compaq DCE foro=                  OpenVMS VAX and OpenVMS Alpha Product Guide.m  G               3. Before doing the RGY_EDIT cell command, you must firsthF                  delete the krbtkt account for the foreign cell if oneE                  already exists. Similarly, the administrator for theEH                  foreign cell must also delete the krbtkt account in theG                  foreign cell's registry for your cell. For example, if G                  your cell is called first_cell and the foreign cell isoI                  called second_cell, then you must run RGY_EDIT on first_ F                  cell to delete the account called krbtkt/second_cell,E                  and the administrator on second_cell must delete the ;                  registry account called krbtkt/first_cell.   H                  After the cell command, both cell administrators shouldG                  rerun DCE_LOGIN before attempting authenticated cross-n                  cell requests.   >               If you are unsuccessful in configuring intercell5               communication, check for the following:n  A               o  The clocks on the systems that are attempting to H                  communicate show times that differ by no more than fiveI                  minutes. (Use DTS to change the system time once you areY                  running DCE.)  H               o  CDS has the information that should be contained in theG                  CDS_GDAPointers field in the cell's root directory. If F                  CDS does not have this information in the cell's rootH                  directory, restart the GDA daemon process (DCE$GDAD) by1                  entering the following commands:.  #                  $ STOP/ID=xxxxxxxxf/                  $ @sys$manager:dce$setup starta  C                  where xxxxxxxx is the PID of the DCE$GDAD process.t      
         34    R              %         14.36 Changes to RPC Shutdownm  B               In DCE for OpenVMS Version 1.5, a change was made toH               disassociate RPC shutdown from DCE shutdown. This was doneG               to allow RPC only applications to remain active while DCE &               changes were being made.  F               In DCE Version 1.5, DCE$SETUP stop/clean/clobber did notF               call the RPC shutdown procedure, and gave a warning thatG               RPC would not be shut down. DCE Version 3.0 requires that D               dced (the new RPC endpoint mapper) be shut down duringH               certain operations. Therefore, the behavior of DCE VersionD               3.0 has changed, and the RPC shutdown procedure is nowI               called from DCE$SETUP.COM. This requires the system managernI               to be aware of any RPC-only applications that may be active :               at the time of DCE configuration operations.  +         14.37 IDL Error When Installing DCE   F               When installing DCE over an existing DCE implementation,I               you may see an IDL error if the DCE Application Developer's F               Kit was previously installed, but is not being installed               for the upgrade.  G               The installation is attempting to remove the DCL commands ?               that are associated with the developer's kit from D               DCLTABLES.EXE, and is failing. The following error canC               be ignored. Answer NO to the question "Do you want to                terminate?".  K               %PCSI-E-MODDELERR, error deleting module IDL_CLD from libraryl0               %PCSI-E-OPFAILED, operation failedM               Terminating is strongly recommended.  Do you want to terminate?r               [YES] n   -         14.38 Owner Error When Installing DCEe  I               When installing DCE on OpenVMS VAX Version 6.2, you may see #               the following errors:i  I               %PCSI-E-ERROWNER, error in owner specification 'DCE$SERVER'p0               %PCSI-E-OPFAILED, operation failed                 or  P               %PCSI-E-PARUDF, the directory [DCELOCAL.ETC] has not been providedO               by a previous Install or Register operation - file ownership and  '               protection update skippedC  I                                                                        35h                                  followed by:  M               Terminating is strongly recommended.  Do you want to terminate?c               [YES] n   C               These errors can be safely ignored - answer NO to thev3               question "Do you want to terminate?".t  1         14.39 Port Error During DCE Configuration   G               If the error shown below occurs during DCE configuration,lI               your system has the TCP/IP NTP daemon configured. Since DCE G               also provides an NTP daemon, you must decide which daemoni               you want to use.  H               If you use the DCE NTP daemon, you must disable the TCP/IPG               NTP daemon using your TCP/IP configuration program before )               you can enable the DCE one.a  G               If you use the TCP/IP NTP daemon, then you can ignore theCG               following error. Answer "Y" to the question about whetheri"               you want to proceed.  P                  ************************ ERROR ********************************  K                    Port number 123 is in use by a service other than "ntp".rE                    Please check configuration! Service "ntp" must use #                    port number 123.   P                   **************************************************************3                    Press <RETURN> to continue . . .e  N                    Do you want to proceed with this operation  (YES/NO/?) [N]?  E         14.40 Exception During DCE Configuration Verification Programe  C               When the DCE Configuration Verification Program (CVP)oC               or the test option from the DCE main menu is run, thes(               following error may occur:  G               %CMA-F-EXCCOPLOS, exception raised; some information lost   (               This error can be ignored.    
         36                   ?         14.41 Problem Converting DTS Local to DTS Global Server   A               Modification of the DCE configuration to convert an F               existing DTS local server to a DTS global server results%               in the following error:c  H               ERROR- An error occurred attempting to log in to DCE with 0                      principal name "cell_admin"               Sorry.L               Password Validation Failure. - Cannot log in with zero-length                 password (dce/sec)8               Do you wish to try another principal name?  I               If you answer yes to this question, and give the cell_admin I               username and password to the prompts, the conversion to thea3               DTS global server will be successful.s  @         14.42 Problems With Sun Solaris DCE System as CDS Master  C               There are known problems with Sun Solaris Version 2.6 G               and Transarc DCE Version 2.1 as the CDS master if you arenH               attempting to configure a split server configuration usingH               DCE on OpenVMS, Tru64 UNIX, or Windows NT. Solaris VersionF               2.4 and Transarc DCE Version 1.1 work correctly. Contact6               your DCE vendor for further information.  1         14.43 Compile Warning in Example Programs   H               The CXX example programs may produce the following warning               on compilation:n  I               IDL_ms.IDL_call_h = (volatile rpc_call_handle_t)IDL_call_h;l               ...............^L               %CXX-W-CASTQUALTYP, type qualifier is meaningless on cast typeK               at line number 117 in file USER$1:[DCE12.EXAMPLES.RPC.IDLCXX. )               ACCOUNT]ACCOUNT_SSTUB.CXX;1   1               This warning can be safely ignored.   !         14.44 Missing CXX Libraryo  >               Some versions of CXX may not include the libraryB               SYS$LIBRARY:LIBCXXSTD.OLB. If this is the case, this@               line may be removed from the options file found in2               SYS$COMMON:[DCE$LIBRARY]DCE_CXX.OPT.  I                                                                        37  p  f              4         14.45 Unknown Ethernet Device on Host System  F               If your system is relatively new, DCE may not know aboutF               the Ethernet device on the system. DCE uses the EthernetC               device to obtain an Ethernet address which is used in D               the generation of UUIDs. If you see errors such as theB               following, your Ethernet device is not known by DCE:  I               %UUIDGEN-F-RPC_MESSAGE, Received Error Status: "no IEEE 802yC                                       hardware address (dce / rpc)"l  G               You can define one additonal Ethernet device in the tablesD               used by DCE by defining the logical name DCE$IEEE_802_H               DEVICE to the name of your Ethernet device as shown in the                following example:  4               DEFINE/SYSTEM DCE$IEEE_802_DEVICE EWA0  F               This will allow DCE to operate using the Ethernet device2               named EWA0 (a device type of DE500).  :         14.46 Public Key Routines Not Supported on OpenVMS  E               DCE public key technology is not currently supported onpH               OpenVMS. The pkc_* routines and classes ( pkc_add_trusted_F               key, etc.) are not in DCE$LIB_SHR.EXE, and will generateI               undefined symbols if an application that uses them attemptsr               to link.  B               The Open Group has stated their intention to replace>               the existing public key technology in DCE with aI               noninteroperable replacement, based on X.509v3, in a future                release.  F                 ________________________ Note ________________________  ;                 There has been such a high volume of changed;                 activity in the IETF relative to Public KeydE                 Infrastructure (PKI) and Kerberos that the [RFC 68.3]hF                 functionality will not be forward compatible with thisE                 Specification. Therefore, current users of DCE 1.2.2-tC                 based products with [RFC 68.3] functionality shouldf      
         38 a  i              A                 refrain from deploying the public key based logine                 support[1].V  F                 ______________________________________________________  C               For this reason, Compaq is not supplying the obsoletenH               public key functionality in Compaq DCE for OpenVMS VersionF               3.0. For information on the status of public key in DCE,D               see The Open Group's DCE World Wide Web (WWW) address:  0               http://www.opengroup.org/tech/dce/  F         14.47 Audit Trail Files Require UNIX-Style File Specifications  F               The command to show the DCE audit trail files requires a9               UNIX style file specification. For example:   L               $ dcecp -c audtrail show /dcelocal/var/audit/adm/central_trail  #         14.48 Installation Warnings   I               Some systems may see the following warnings when installing                DCE:  E               The following product will be installed to destination: %                   DEC VAXVMS DCE V3.0f+               DISK$MOOSE2_SYS:[VMS$COMMON.]s  H               %PCSI-I-RETAIN, file [SYSEXE]DTSS$SET_TIMEZONE.EXE was notL               replaced because file from kit does not have higher generation               number  L               %PCSI-I-RETAIN, file [SYSLIB]DTSS$RUNDOWN.EXE was not replacedJ               because file from kit does not have higher generation number  M               %PCSI-I-RETAIN, file [SYSUPD]DTSS$INSTALL_TIMEZONE_RULE.COM was E               not replaced because file from kit does not have higher                generation numbert  J               %PCSI-I-RETAIN, file [SYSUPD]DTSS$TIMEZONE_RULES.DAT was notL               replaced because file from kit does not have higher generation               number  F               These warnings can be safely ignored. They indicate thatG               certain files that may also be provided by Compaq OpenVMS 6               are newer than the files in the DCE kit.  "               ____________________C               [1]   Draft Technical Standard - DCE 1.2.3 Public KeypA                     Certificate Login, Draft 0.8, The Open Group,n                       August 1998   I                                                                        39  m                 )         15 New APIs for Authenticated RPC   D               The following APIs are included in DCE Version 1.5 andH               above to manipulate the sec_winnt_auth_identity structure.E               They are supported on OpenVMS Version 7.2-1 and higher.   (         15.1 RPC_WINNT_SET_AUTH_IDENTITY                 NAME0                    rpc_winnt_set_auth_identity -1                    This function is called by theeD                    client RPC application to allocate and populate aM                    WINNT auth_identity structure to be used as a parameter to /                    rpc_binding_set_auth_info(). I                    The caller must use the rpc_winnt_free_auth_identity()EP                    function to free the WINNT auth_idenity. The strings that areN                    passed in may be ASCI or Unicode (UCS-4) strings. The inputA                    flag will tell which type of strings they are.o                 SYNOPSIS  $                     #include <rpc.h>  =                     PUBLIC void rpc_winnt_set_auth_identity (nH                               rpc_winnt_auth_string_p_t        Username;H                               rpc_winnt_auth_string_p_t        Password;F                               rpc_winnt_auth_string_p_t        Domain;P                               unsigned __int64                 CharacterSetFlag;N                               rpc_auth_identity_handle_t       *auth_identity;D                               unsigned32                       *stp)                 PARAMETERS                       INPUTu  L                               username - Pointer to a null terminated string=                                          containing username.iL                               password - Pointer to a null terminated string=                                          containing password.l                                 
         40                   M                                domain   - Pointer to a null terminated stringo<                                           containing domain.  $                     CharacterSetFlag  =                               SEC_WINNT_AUTH_IDENTITY_UNICODEe?                                          4 byte Unicode (UCS-4)B:                               SEC_WINNT_AUTH_IDENTITY_ANSI:                                          ASCII (ISO8859-1)                        OUTPUTuK                               auth_identity - Pointer to a pointer to WINNTrF                                               auth_identity structure.I                               stp           - Pointer to returned status.   F                 ________________________ Note ________________________  F                 Be sure to allocate space for three strings (username,E                 password, domain). The string variables will probablySF                 be pointers of type unsigned_char_t if the strings areE                 ASCII, or pointers of type wchar_t if the strings are                   Unicode (UCS-4).  F                 If the domain string is a valid empty string, then the4                 domain of the computer will be used.  F                 ______________________________________________________  )         15.2 RPC_WINNT_FREE_AUTH_IDENTITY                  NAME  P                    rpc_winnt_free_auth_identity - This function is called by theI                    client RPC application to free a a WINNT auth_identity G                    structure that was previously allocated by a call to 1                    rpc_winnt_set_auth_identity().a                 SYNOPSIS  #                    #include <rpc.h>t  =                    PUBLIC void rpc_winnt_free_auth_identity (nI                               rpc_auth_identity_handle_t  *auth_identity,iE                               unsigned32                        *stp)t                 I                                                                        41                            PARAMETERSy                      INPUTK                               auth_identity - Pointer to a pointer to WINNT F                                               auth_identity structure.M                                               On output auth_identity will be :                                               set to NULL.                    OUTPUTrI                               stp             Pointer to returned status.m  ,         16 New APIs for Impersonation in DCE  D               The following APIs are included in DCE Version 1.5 andF               higher to support server impersonation of a client. ThisF               means that the server runs with the security credentialsF               of the client, and all of the capabilities of the client#               belong to the server.i  #         16.1 RPC_IMPERSONATE_CLIENT                  NAME  M                       rpc_impersonate_client - This function is called by the)N                       server application to allow the current server thread to<                       run with all of the client privileges.                 SYNOPSIS  &                       #include <rpc.h>  2                       void rpc_impersonate_client(B                               rpc_binding_handle_t binding_handle,3                               rpc_status_t *status)x                 PARAMETERS                         INPUT K                               binding_handle - Specifies a server-side call M                               handle for this RPC which represents the client -                               to impersonate.s                         OUTPUTP                               status - Specifies a pointer to an unsigned 32 bit?                               integer that holds a status code.   
         42                            16.2 RPC_REVERT_TO_SELFc                 NAME  J                       rpc_revert_to_self -  This function is called by theG                       server application to revert back to its original D                       security context after impersonating a client.                 SYNOPSIS  &                       #include <rpc.h>  1                       rpc_revert_to_self(*status)r                 PARAMETERS                         INPUTi"                               NONE                       OUTPUTP                               status - Specifies a pointer to an unsigned 32 bit?                               integer that holds a status code.   "         16.3 RPC_REVERT_TO_SELF_EX                 NAME  O                   rpc_revert_to_self_ex - This function is called by the serveroM                   application to revert back to its original security context G                   after impersonating a client.  This acts as a call top'                   rpc_revert_to_self();                  SYNOPSIS  "                   #include <rpc.h>  (                   rpc_revert_to_self_ex(I                               rpc_binding_handle_t        binding_handle, B                               rpc_status_t                *status)                 PARAMETERS                      INPUTF                               call handle - This parameter is ignored.                    OUTPUT P                               status - Specifies a pointer to an unsigned 32 bit?                               integer that holds a status code.S  I                                                                        43                    '         16.4 Enhanced RPC Security APIsV  D               For more information on existing enhanced RPC securityH               APIs, see the Compaq DCE for OpenVMS VAX and OpenVMS Alpha               Reference Guide.           17 The Routing Filep  A               To use routing file services on OpenVMS, define theeF               following logical name for the process or the system forH               which logging information is desired: (syntax is exact for                the routing file):  L               $ define/sys DCE_SVC_ROUTING_FILE "dce_local/var/svc/routing."  E               This enables DCE applications to find and interpret the"B               routing file, and direct any output to the locations,               specified in the routing file.  G               You can also set the number of buffered writes to perform =               before data is flushed to the file, as follows:o  0               $ define/sys DCE_SVC_FSYNC_FREQ 10  F               The example above will flush the buffer every 10 writes.  5         17.1 Specifying Filenames in the Routing Filea  E               The OpenVMS routing file uses UNIX-style filenames whenaG               specifying output log files. You can see examples of this E               in the current routing file found in the directory dce_tI               local:[var.svc]routing. The DCE code that reads the routing G               file uses colons and forward slashes to parse the routing /               file data lines for output files.   #         17.2 Using the Routing File   I               The routing file contains examples of how to set up logging E               for various components. See the routing file itself for*F               additional information. The routing file can be found in*               DCE$COMMON:[VAR.SVC]ROUTING.        
         44