About HP DCE/9000 Version 1.7

HP DCE/9000 Core Services Software

See “Establishing Peer-to-peer Trust” in Chapter 7 for more information on these important new options.

HP has added a new -roption, which refreshes a user’s credentials, to dce_login. Users are encouraged to use dce_login -rrather than kinit to refresh their credentials, since dce_login -ruses the more secure DCE Third-party preauthentication protocol, whereas kinit uses the less secure Kerberos 5 Timestamps protocol.

HP has changed the default behavior of its configuration tools to automatically enable audit filtering. In addition, the default behavior of secd has been changed to enable audit filtering at start-up, and a new secd option, -noauditfilters, had been added to disable audit filtering. See “Configuring the DCE Audit Service” in Chapter 5, and the online secd man page for more information.

HP DCE Measurement Service (DMS) to monitor resource utilization and performance of HP DCE 1.6 servers.

Support for large uids.

Support for context-switching 64-bit machine registers in DCE threads ( libcma and libdce).

Support for MC/ServiceGuard.

Support for Secure Remote Utilities (Secure Internet Services) in the InternetSrvcs product.

Features Added at HP DCE 1.7

The following features are new at HP DCE 1.7:

NSS-DCE: a DCE module for the Name Service Switch (see “Integrating DCE with HP-UX Integrated Login” in Chapter 6 for more information).

DCE support for Kerberos V5 applications through creation of configuration and keytab files.

All integrated login utilities, including ftpd, now use the Pluggable Authentication Module (PAM). There are no longer any separate

.auth binaries.

In addition, HP DCE 1.7 contains numerous bug fixes.

Planning and Configuring HP DCE 1.7

1-5