HP UX DCE Software manual 31

About HP DCE/9000 Version 1.7

Notes, Cautions and Warnings Regarding This Release

ANSI C Requirement for HP DCE/9000

Hewlett-Packard supports only the ANSI C compiler for building HP DCE applications. Hewlett-Packard cannot provide support for problems with HP DCE applications that were not compiled using the ANSI C compiler.

This restriction also applies to applications on HP-UX 10.x systems built using the HP-UX user-space threads library (libcma).

dce_login -r Option

Starting with HP DCE 1.4, the -roption, which refreshes a user’s credentials, was added to dce_login. Users are encouraged to use dce_login -rrather than kinit to refresh their credentials, since dce_login -ruses the more secure DCE Third-party preauthentication protocol, whereas kinit uses the less secure Kerberos 5 Timestamps protocol.

Removing DCE Credentials

A user’s DCE credentials (stored in the directory /var/opt/dce/security/creds) are not automatically removed by exiting a shell or logging out. Unless you plan to leave background processes running that require your DCE credentials, you should manually remove your credentials before logging out by running the kdestroy utility. This will make the system more secure by decreasing the opportunity for someone to maliciously gain access to your network credentials.

The kdestroy command has been modified to allow destruction of credentials older than a specified number of hours. kdestroy -eexp-periodmay be run manually or regularly as a cron job to purge older credential files. See the kdestroy (1) man page for syntax and usage information.

Credentials are automatically removed at system boot.