2-Apr-1996 11:55:42 -0800,6816;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Tue, 2 Apr 1996 11:55:42 -0800 (PST) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA16972; Tue, 2 Apr 96 11:55:40 -0800 Received: from localhost by saul2.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA11956; Tue, 2 Apr 96 11:55:38 -0800 Date: Tue, 2 Apr 1996 11:55:38 -0800 (PST) From: Yonah Karp To: DCE Planning -- James W DeRoest , Donn Cave , Jim Fox , Tracy Stenvik , Ken Lowe Cc: "L. Stevens" , Oren Sreebny , Sandra Moy , Sid McHarg Subject: Minutes from 3/29/96 DCE meeting Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ======== 03/29/96 DCE/ Uniform Namespace Meeting ======== PRESENT: Donn Cave, Jim Deroest, Jim Fox, Yonah Karp, Ken Lowe, Tracy Stenvik. NEXT MEETING: Friday, 04/12/96, 10:30 a.m. TO DO: - Consensus regarding setname turn-off deployment - Listdist policy and FAQ - Filter/ user+folder faq - Samba, Endora need exploring and testing - Progress with incomplete "todo"'s below ======== Meeting Notes CURRENT ACTION ITEMS TS Set up melville/ neruda as test clients in u.washington.edu cell (king/ queen) STATUS: Not yet; still on the learning curve. DC Kerberized r-commands replace r commands on melville & neruda (possibly hide differences of above, based on what we see) STATUS: Clarified: will put up kr-commands as variants. YK Bring setname change plan to coordination meeting (maximum one name -- once you consolidate to 1, can't go back to 2: message now, execute summer quarter) STATUS: Did this; much discussion. Consensus needed on dates and actual deployment. [Oren's namespace doc nearly complete (Yonah added DCE info, Oren revised).] YK Contact Gradient regarding clients for NT, Win95, Mac, [OS/2] STATUS: Did this; no response at meeting time. [On Monday, 4/1, did get interested response from Gradient -- am pursuing it.] ALSO, Jim Fox has a version of "Endora" from Platinum; is going to put it up. YK Namespace cleanup progress STATUS: No change. YK Continue testing/ IBM interaction/ creating testing plan STATUS: In progress; much discussion with IBM, Transarc, and DEC to isolate some problems involved in loading 60K principals on an Alpha (saul8), with an RS6K (King) as the master server. She is also configuring ozzo to be a client machine for the test cell. Currently the test cell has a master on king with saul8 as a client (queen was a slave, but is either inactive or has been destroyed). Also, still on the learning curve myself. YK Change name of cell (destroy/ reload) STATUS: Decide to wait until Ken and I are more up to speed on DCE details so re-creation of the cell is more straightforward. It's not really necessary now -- the new machines will need the new cell name, anyway. JF Tool(s) to get li dump -- make available to staff STATUS: Created "lirpt" which flexibly dumps Li data. Done. KL Current DCE-related software mods review STATUS: Ken looked at new account creation. Was concerned because the principal "passwd_server" ticket is put into a file and installed on all systems -- is this a security weakness and maybe we should do it another way? E.g., do we need to encrypt the ticket cache? Some discussion. In the DCEized future, there should be a "new" server for each cluster. (As there already is -- aesop05 and seuss1.) Only that host should have these tickets. KL Uid changing -- both making uid changes and tracking to ensure software doesn't create new uid collisions STATUS: Ken changed dozens of multiple uids. Yonah is working with Frank so that we can use his data to notify us when new duplicate uids occur. (We cannot completely prevent their creation -- e.g. if a new person starts at the U, and gets a homer account with a high uid, then needs an account on bank, which is Ultrix, then that person will get a second, <32k, uid. Being notified when this occurs will simplify things, though, and that's what we're working towards. We also need to know the volume of these new multiple uid situations.) DISCUSSION - Boeing wants full legal name, org name, and citizenship from people planning to attend the Northwest DCE users' group meeting at Boeing in Bellevue, which is Wednesday, April 24, 1996; 3-5 pm. [Yonah took care of this for the people on the DCE project who will be in town.] Jim D suggested we encourage Jonathan Chinitz (who will be the speaker at the meeting) to bug the OSF about the general inadequacy of the CDS, notably stale caches. We and other big DCE users are thinking about (or already are) circumventing the CDS. - Support from Transarc Brian Herhusky -- area code 415, not 417 Hotline for transarc support is (412) 281-5852 They'll give us support for IBM problems, not DEC - Contacts for IBM support. JimD says we have three contacts already assigned in our group, and will look at the list -- believes we can add two more with a recent change in the service; one from Sid's group, and one from ours. There is a total of eight split between our groups. - Jim Fox put up Samba on Neruda. He will inform us of how to use it from the desktop once he is done testing/ investigating. Everyone should try it. - Jim D ordered two new servers for the production cell. They are 39H's with 512Mb memory. There may be funds to purchase more servers, but we are not sure yet what we will need. - On the "someday" wish list -- we should have a Web interface to new, and it would be great if a user could initiate their own account expiration. - For listdist, a policy is needed, and an FAQ is needed. Perhaps converting listdist's to listproc's would work? - Regarding setname, we will need more documentation about filter and user+folder, so that people can easily continue processes for which they have needed two or more userids. ====== 3-Apr-1996 15:09:06 -0800,1558;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Wed, 3 Apr 1996 15:09:06 -0800 (PST) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA17648; Wed, 3 Apr 96 15:09:05 -0800 Received: from localhost by saul2.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA07873; Wed, 3 Apr 96 15:09:02 -0800 Date: Wed, 3 Apr 1996 15:09:01 -0800 (PST) From: Yonah Karp Reply-To: Yonah Karp To: DCE Planning -- James W DeRoest , Donn Cave , Jim Fox , Tracy Stenvik , Ken Lowe Subject: dce help tools on aix Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII A few ways to get info online, from king: /usr/lpp/dcedoc/bin/asciiview -- General overview info. Weird interface -- use space bar, not enter key, to select an item. /usr/lpp/dcedoc/bin/dceman -- Man pages for DCE utilities and programs, e.g. "/usr/lpp/dcedoc/bin/dceman dcecp". From saul8: Man pages on the Alpha client machines (e.g. saul8) are in /opt/dcelocal/man/man?/*, so you can just put /opt/dcelocal/man/ in your MANPATH. Also to just see what dce tools exist, look (on AIX) in ls /usr/lpp/dce/bin Yonah 8-Apr-1996 11:55:59 -0700,2862;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Mon, 8 Apr 1996 11:55:59 -0700 (PDT) Return-Path: Received: from mailer8.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA17778; Mon, 8 Apr 96 11:55:59 -0700 Received: from mx2.cac.washington.edu by mailer8.u.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA44296; Mon, 8 Apr 96 11:55:58 -0700 Received: from osi-west.es.net by mx2.cac.washington.edu (5.65+UW96.03/UW-NDC Revision: 2.33 ) id AA10969; Mon, 8 Apr 96 11:55:56 -0700 Received: from achilles.ctd.anl.gov by osi-west.es.net with ESnet SMTP (PP); Mon, 8 Apr 1996 11:50:49 -0700 Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id NAA28360 for ; Mon, 8 Apr 1996 13:50:49 -0500 Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id NAA20642; Mon, 8 Apr 1996 13:50:43 -0500 Date: Mon, 8 Apr 1996 13:50:43 -0500 Message-Id: <199604081850.NAA20642@pembroke.ctd.anl.gov> From: Doug Engert To: authtf@es.net Subject: Kerberos 5 - DCE Update Authtf members, I thought I would drop you a note and let you know were we stand today with the process of integrating Kerberos 5 with DCE. We now have an automated way of getting an AFS token from a forwarded K5 ticket. This is done by using a new routine k5afslogin which is similar to the k5dcelogin which converts a forward K5 ticket to a DCE context. The krlogind with the -L option can invoke either of these routines. Modifications to the January snapshot of the Kerberos code from MIT are available at ftp:/achilles.ctd.anl.gov/pub/kerberos.v5. See the README file, and the k5dce.960404.tar, k56b.cdiff.960401, aklog.cdiff.960323, and aklog.tar.Z files. The January snapshot also has a GSS-API ftp and ftpd which look good. I expect these to catch on. This obsoletes the kftp.951017.tar and wu242b5.cdiffp.951017 which are at the ftp site. I have built and have (krlogin and krlogind at least) running on AIX 4.1.4, Solaris 2.4, SGI 5.3, SunOS 4.1.3 and HPUX 10.0 See the README file for more information. These have been run against an HPUX 10 DCE security server running HP DCE 1.4 (OSF 1.1), and most of them have also been tested at PNNL with a Transarc 1.0.3a Security server. Also checkout the OSF RFC 92.0 which covers K5 and DCE integration issues. Drop me a note if you need more information. Douglas E. Engert Systems Programming Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (708) 252-5444 Internet: DEEngert@anl.gov 16-Apr-1996 10:39:33 -0700,5720;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Tue, 16 Apr 1996 10:39:33 -0700 (PDT) Return-Path: Received: from mx5.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA03862; Tue, 16 Apr 96 10:39:32 -0700 Received: from red8.cac.washington.edu by mx5.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA25760; Tue, 16 Apr 96 10:39:31 -0700 Received: by red8.cac.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA05591; Tue, 16 Apr 96 10:39:30 -0700 Date: Tue, 16 Apr 1996 10:39:29 -0700 (PDT) From: Uniform Access Software Licensing X-Sender: uasoft@red8.cac.washington.edu To: Jim DeRoest Cc: Uniform Access Software Licensing Subject: Encina Support - Request Form Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Jim- Did you get a copy of this? It discusses the process to be used to obtain help from Transarc's Support Group. Thanks. -Marian ---------- Forwarded message ---------- Date: Sat, 13 Apr 1996 10:44:52 -0400 (EDT) From: David_Clark@transarc.com To: +dist+/afs/tr/dept/tpps/db/sqr/ars/list-email-appdev.lis@transarc.com +dist+/afs/tr/dept/ps/info/mlists/info-dce.dl@transarc.com, +dist+/afs/tr/dept/ps/info/mlists/info-encina.dl@transarc.com, bb+transarc.general, bb+transarc.ps, psgroup Subject: Support Model Changes Dear Valued Customer, My name is David Clark, Manager of Transarc's Application Development Support Group, and it is with great pleasure that I announce that, effective Monday, 4/8/96, we have modified the model for handling incoming support requests for Application Development customers (this includes DCE Secure Core, Encina, and CICS). Our goal in modifying our process is to provide you quick access to trained support specialists in the area in which you are encountering problems. Doing so will provide you faster, more accurate answers to your support requests, and will also reduce issue time-to-resolution. Let me explain the changes to you. Prior to 4/8/96, your incoming requests, made via either telephone or e-mail were routed to the next available Customer Support Specialist (CSS) in the Application Development area. That CSS took ownership of the issue until its resolution. This model had served us well for the last two years, but with our products expanding in both capability and available platforms, it was starting to show signs of stress. The biggest problem was that it was becoming increasingly difficult to train new CSSs in all areas of the products to the level of knowledge you have come to rely on. Therefore, a new model has been implemented that is product-line focused, split into three teams: 1) PC-based DCE and Encina; 2) Unix-based DCE; and 3) Unix-based Encina. This new model will feature team-based issue resolution, where each team member has an area of product specialization. We will try to direct your issue as quickly as possible to the appropriate team, and within the teams, as necessary, issues will be directed to the proper CSS with the appropriate specialization. Doing so will require gathering more information up-front. When you submit information via e-mail, we would like you to start using the template below. This will allow us to direct your issue to the proper product team, and it will allow us to proceed more quickly with your issue. When you call on the support hotline, you will notice that the menu options on the call processing system have been changed to be more product-specific. This will also allow us to direct your call to the proper product team more quickly. We in Support are excited about this new organization. We believe that it will provide you an even higher level of support than you are currently receiving. We also value your opinions. Please feel free to contact me directly via phone or e-mail (412.338.6754, clarkd@transarc.com) with any comments, concerns or questions regarding this reorganization or any other service we provide you. Best Regards, David Clark ***** Transarc Support Request Form Revision 1 04/05/96 ----------------------------- Section A: Site/Contact Information SiteID: Contact Name: Contact's e-mail address: Contact's phone number: Contact's FAX number: Section B: Environment Information Involved machine A Hardware/Operating System: Involved machine A AFS Product Version/Patch Level: Involved machine A DCE Product Version/Patch Level: Involved machine A Encina Product Version/Patch Level: Involved machine A Configured Processes concerned: Involved machine A Running Processes concerned: Involved machine B Hardware/Operating System: Involved machine B AFS Product Version/Patch Level: Involved machine B DCE Product Version/Patch Level: Involved machine B Encina Product Version/Patch Level: Involved machine B Configured Processes concerned: Involved machine B Running Processes concerned: [ . . . ] Section C: Problem Description Textual problem description: Keywords: Specific Error messages (eg. DCE-xxx-xxxx, ENC-xxx-xxxx): Severity: Section D: Problem Determination Duplicatable (Y/N): Troubleshooting done so far: Available test case/tracing location: Relevant log files included/location? (server.out,etc.): ***** 17-Apr-1996 10:17:11 -0700,3816;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Wed, 17 Apr 1996 10:17:11 -0700 (PDT) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA22182; Wed, 17 Apr 96 10:17:09 -0700 Received: from localhost by saul2.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA03449; Wed, 17 Apr 96 10:17:06 -0700 Date: Wed, 17 Apr 1996 10:17:05 -0700 (PDT) From: Yonah Karp To: DCE Meeting Minutes -- Donn Cave , James W DeRoest , Jim Fox , Ken Lowe , Tracy Stenvik Cc: Lori Stevens , Oren Sreebny , Sandra Moy , Sid McHarg Subject: Minutes from 4/12/96 DCE meeting Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ======== 04/12/96 DCE/ Uniform Namespace Meeting ======== Present: Donn Cave, Jim Deroest, Jim Fox, Yonah Karp, Ken Lowe, Tracy Stenvik. Next meeting: Friday, 04/26/96, 10:30 a.m. To do: YK Testing plan to bring to next meeting YK Contact Gradient to get PC/Mac/etc clients YK Contact Digital to see if they're interested in our help fixing broken DCE-related code -- also, could we beta test dunix 4.0 (which includes their version of 1.1 DCE)? DC Find out more about WinQVT/ Kerberos Reflections KL Attend DCE conference and report on it JF Refine Li reporting tool (not quite what envisioned) All NW DCE users group at Boeing 4/24 Status of to-do's Testing - More core dumps with all AIX. Parallel with working with vendors on this, Yonah will work on comprehensive testing plan. Setname turn-off/ administrative - Consensus regarding setname turn-off deployment Close. Setname text changes go in early Monday; announcement to go out Monday. Samba - Probably won't work with DFS, probably not very secure, probably shouldn't focus on for a while. Platinum - Nothing Gradient - Contact gave us grid & sample config. We agreed to spend the $1500 necessary to get the sample suite, and to try to get a beta test of the Mac clients. ======== Meeting Notes Yonah has run into many problems with testing. She set up ozzo as a DCE 1.1 client, and ran the same load testing as she had on saul8. Core dumped at different point, IBM is looking at it, but it's all AIX so no finger-pointing between vendors. Jim suggested maybe we should look at some other testing options. Some discussion. Yonah will continue to pursue this avenue as well as begin developing a preliminary testing plan to bring to the next meeting. Donn mentioned 'Kerberos Reflections' and WinQVT, which apparently may both support K5 clients. Yonah warned that the group will need to learn a lot about cell administration, tcl -- we will need to get everyone up to speed on this, even if we initially have some sort of dce_guru rotation. Eventually everyone will need to know this. Discussions related to listdist-->listproc, user+folder, filter, are all in progress with Consulting. After the meeting, Yonah ordered two TCL manuals, one for the Systems Workroom, one for herself. (dcecp uses tcl, and one is encouraged to create customized scripts to interact with dcecp using tcl. ====== 24-Apr-1996 10:36:54 -0700,4653;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Wed, 24 Apr 1996 10:36:54 -0700 (PDT) Return-Path: Received: from mx3.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA21554; Wed, 24 Apr 96 10:36:53 -0700 Received: from indy.gradient.com by mx3.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA01943; Wed, 24 Apr 96 10:36:51 -0700 Received: from derek.gradient.com by indy.gradient.com (8.6.9/Gradient-3) id NAA13217; Wed, 24 Apr 1996 13:36:50 -0400 Message-Id: <2.2.32.19960424173531.006a2500@indy.gradient.com> X-Sender: derek@indy.gradient.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 24 Apr 1996 13:35:31 -0400 To: Yonah Karp From: "Derek E. Brink" Subject: Re: 2nd try on Gradient products table Cc: James W DeRoest Great to hear from you. I'll be travelling out to a big CIC/Big 10 pow-wow tomorrow in Ann Arbor and will be at Spring Internet World all next week in San Jose, so we'll have to keep this moving by e-mail. To reiterate, it sounds like you're OK with our "Big 10" package with a couple of additions: - up to 10 DCE runtimes and SLPs on Win 95 and Win NT - a DFS client on NT - a DCE runtime (beta) on Mac - DCE Web servers, plus CDS and Security servers on NT - DCE Web servers only (not CDS, Sec) on AIX also - you'll have to get DFS server on AIX from IBM This package for the Big 10 was offered at $1500 -- basically this covers our royalty obligations to OSF for the DCE Servers plus a couple hundred dollars to cover support costs. I'd be glad to extend the same offer to you. Please confirm that this makes sense, and I'll get you the paperwork. Thanks Derek. At 10:03 AM 4/24/96 -0700, Yonah Karp wrote: >Derek -- > >We're interested in the package you describe below. We were >also wondering if we could get Mac clients (possibly in beta) -- >this is fairly important to us -- as part of the package. >Basically, we're in testing mode, so a kind of a 'variety pack' >would be helpful for this reason. > >We don't have any Sun/Solaris boxes so we are not interested in >that piece. We're running the servers on IBM AIX 4.1. Current >clients are IBM AIX and Digital Unix. > > Yonah > > >On Fri, 5 Apr 1996, Derek E. Brink wrote: > >> Yonah, >> >> Here's another attempt to convey what we do and don't have in a simple table. >> >> Win 3.1 Win 95 Win NT Mac SVR4 IBM/HP/Sun >> -------------------------------------------------------- >> DCE Runtime now now now now now now >> (Beta) (from vendor) >> DCE Web Secure Local Proxy May now now at GA no plan from OSF RI >> DCE Security, Name servers n/a n/a now n/a now now >> (6/1) (from vendor) >> DCE Web servers n/a n/a now n/a no plan now >> (AIX only) >> DFS client planning planning now planning no plan now >> (from vendor) >> DFS server n/a n/a no plan n/a no plan now >> (from vendor) >> >> Hope this comes through clearly this time -- if not, I'll print and FAX it >> to you. >> >> As a starting point for discussion -- my proposal would be to provide you >> with a configuration identical to that which we provided the Big 10 in their >> DCE Web project, plus the DFS client. Specifically: >> >> - up to 10 DCE runtimes and SLPs and DFS clients on Win 95 and Win NT >> - DCE Web servers, plus CDS and Security servers on NT >> - we can provide DCE Web servers only on AIX also, if you are interested >> - you'll have to get DFS server from another vendor -- my recommendation >> would be Solaris (from Transarc) >> >> This package for the Big 10 was offered at $1500 -- basically this covers >> our royalty obligations to OSF for the DCE Servers plus a couple hundred >> dollars to cover support costs. >> >> If this is of interest to you, I'd be glad to forward the 3-page license >> agreement. >> >> Derek. >> >> > > > 26-Apr-1996 14:39:17 -0700,1294;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Fri, 26 Apr 1996 14:39:16 -0700 (PDT) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA22708; Fri, 26 Apr 96 14:39:15 -0700 Received: from localhost by saul2.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA09997; Fri, 26 Apr 96 14:39:12 -0700 Date: Fri, 26 Apr 1996 14:39:10 -0700 (PDT) From: Yonah Karp To: DCE Planning -- Douglas Luft , James W DeRoest , Donn Cave , Jim Fox , Tracy Stenvik , Ken Lowe Subject: URL's for articles JimD mentioned Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII They seem to have moved things around. The URL's that work are http://www.developer.ibm.com/sdp/library/aixpert/nov94/aixpert_nov94_dceper.html http://www.developer.ibm.com/sdp/library/aixpert/nov95/aixpert_nov95_dce.html ('developer' rather than 'austin' in the domain name.) Yonah 2-May-1996 15:35:25 -0700,1540;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Thu, 2 May 1996 15:35:25 -0700 (PDT) Return-Path: Received: from mailer8.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA22734; Thu, 2 May 96 15:35:25 -0700 Received: from mx2.cac.washington.edu by mailer8.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA14448; Thu, 2 May 96 15:35:24 -0700 Received: from homer02.u.washington.edu by mx2.cac.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA11574; Thu, 2 May 96 15:35:23 -0700 Received: from localhost by homer02.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA17429; Thu, 2 May 96 15:35:20 -0700 Date: Thu, 2 May 1996 15:35:20 -0700 (PDT) From: Eliot Lim To: Ken Lowe , jim deroest , Yonah Karp , Jim Fox Subject: latest dce patches Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII the latest dce patches contains something like 200+ fixes and enhancements. looking at the one line header of items, many of them address memory leaks and memory usage as well as caching this and that. perhaps we have the performance tweaks that they were talking about. there are some nasty bugs too, like root from a foreign cell being trusted... eliot 6-May-1996 08:31:19 -0700,4413;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Mon, 6 May 1996 08:31:19 -0700 (PDT) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA15362; Mon, 6 May 96 08:31:19 -0700 Received: from localhost by saul2.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA28185; Mon, 6 May 96 08:31:18 -0700 Date: Mon, 6 May 1996 08:31:18 -0700 (PDT) From: Yonah Karp To: James W DeRoest , Sid McHarg Subject: Re: OSF Technology Symposium (fwd) Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Below is the outline and the registration form (not much more than what we had before). Of interest is the fact that if you register 4, you get the 5th person free. Yonah ---------- Forwarded message ---------- Date: Mon, 06 May 1996 09:42:27 -0400 From: OSF-Direct Registration To: Yonah Karp Subject: Re: OSF Technology Symposium > A number of us here at the University of Washington are > interested in attending the OSF Technology Symposium on DCE, May > 21-23, in Vancouver, BC. Could you please email me more info > about the symposium and about group discounts. > > Thanks, > Yonah > > > ~~~~~~~~~~~~~ > Yonah D. Karp (206) 543-2876 yonah@u.washington.edu > Software Engineer > University Computing Services, > University of Washington > 4545 15th Ave NE > Seattle, WA 98105-4527 > > Dear Yonah: Thank you for your interest in the OSF Technology Symposium. Please see below the outline and registration form. We are currently running a group discount as follows: If you register 4 people for the same days the 5th person is FREE for the same days also. Please contact our Direct Channels dept. should you have any additional questions at 617-621-7300. OSF Technology Symposiums 1996 Series May 13 - 15 Dallas, TX May 21 - 23 Vancouver, BC June 3 - 5 Phoenix, AZ June 26 - 28 Denver, CO Sept 16 - 18 Detroit, MI Sept 24 - 26 Minneapolis, MN Oct 15 - 17 McLean, VA Oct 28 - 30 Raleigh, NC Day 1 DCE Features and Functionality (updated) Day 2 Introduction to The Open Group Prestructured Technologies (PSTs) CDE/Motif DCE 1.2 X/Open Federated Naming Advanced Technology Offerings (funded) DCE Web (more detail on Day 3) Java/HotJava Microkernel Specification Test Suite Advanced Technology Offerings (proposed - DCE related) DCE Cell Exerciser DCE SNMP Multiple Cryptographic Algorithm Support in DCE DCE Naming Policies Messaging and Queueing Services in DCE WWW Access to DCE Applications DCE Java Advanced Technology Offerings (proposed - Not DCE related) Turbo Java Real-Time Java Security-Enhanced Java Guest Speaker Day 3 X/Open Federated Naming DCE Web DCE Security Internals FEES and Registration Form: Fee for organizations that are not Members of The Open Group: $525 for all three days $300 for Day One $99 for Day Two $200 for Day Three Fee for Members of The Open Group: $295 for all three days $200 for Day One FREE for Day Two $150 for Day Three To register, or to find out about group discounts, send email to or fax your request to (617) 621-0306. For those companies interested in learning about The Open Group Membership and its many benefits or if you would like to speak with a representative, please call OSF Direct Channels at (617) 621-7300. Note: All major credit cards accepted. Name: Company Name: Title: Address: City: State: Zip: Telephone: Fax: Email: Amex__ MC__ Visa__ #: Exp. Date: Purchase Order No: Check No: -- -- Cheers, -- OSF Registrar -- ------------------------------------------------------------------------ OSF Direct Channels _/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/_/_/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/ registrar@osf.org ------------------------------------------------------------------------ 29-Apr-1996 15:01:11 -0700,3792;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Mon, 29 Apr 1996 15:01:11 -0700 (PDT) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA13036; Mon, 29 Apr 96 15:01:09 -0700 Received: from localhost by saul2.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA29312; Mon, 29 Apr 96 15:01:05 -0700 Date: Mon, 29 Apr 1996 15:01:05 -0700 (PDT) From: Yonah Karp Reply-To: Yonah Karp To: DCE Meeting Minutes -- Douglas Luft , Donn Cave , James W DeRoest , Jim Fox , Ken Lowe , Lori Stevens , Oren Sreebny , Sandra Moy , Sid McHarg , Tracy Stenvik Subject: Minutes from 4/26/96 DCE meeting Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ======== 04/12/96 DCE/ Uniform Namespace Meeting ======== Present: Donn Cave, Jim Fox, Yonah Karp, Ken Lowe, Tracy Stenvik. Next meeting: Friday, 05/10/96, 10:30 a.m. DCE NW Users' group meeting comments: Overall, Sleuth looks good; Snare sounds slow and unlikely to buy us anything (even if it works). Donn received email from David Lemson from the University of Illinois. David will be in the area for Memorial Day and wants to meet with us. Donn will arrange for him to be here Friday, May 24. Coincidentally, I met David at DECORUM in February. When I spoke with him then, he thought our project sounded like 'a piece of cake' (they are running 90K users on DFS -- but not using security/CDS). They (U of I) also have a strong connection with Gradient; I recall him saying they have many PC clients (and he was looking into Mac clients at the time). We discussed the clients/ runtimes Gradient offered us, which led to questions about exactly what is available. We are interested (at least) in being able to run clients on Win 95 and Mac. The DCE Web server for AIX sounded interesting also (it is part of the same package we are being offered). I talked with Frank after the meeting about this server, and also sent him some info about what Ohio State University is doing with DCE Web applications -- they do appear to have something in production, or nearly. Since Chinitz characterized Stanford as a bunch of former (current?) hippies, there was some interest in their work with DCE. Look at http://www-leland.stanford.edu/group/DCE/ for more info. Notable in that page are the links from the sentence We have authored documents on DCE application programming, cell administration, security and advanced cell administration. We did some brainstorming on what our DCE testing should model. - login (simultaneous, consecutive, large loads) - clients -- much discussion on which ones and their relative importance, including: - password changes (several per minute; this will stress test security server but not CDS). Currently with password expiration we expire 1000/ day. - DFS - rsh, ftp, telnet (all k5) - Kerberos 'sample client' - authenticated http - authenticated imap Other user actions mentioned were email (in general) and netscape. Jim Fox suggested that we write a generic client and then test it by executing it X times/ sec (varying X). Jim volunteered to do this. 14-May-1996 13:02:09 -0700,51122;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Tue, 14 May 1996 13:02:09 -0700 (PDT) Return-Path: Received: from mailer5.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA22972; Tue, 14 May 96 13:02:08 -0700 Received: from mx1.cac.washington.edu by mailer5.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA31026; Tue, 14 May 96 13:02:08 -0700 Received: from osi-west.es.net by mx1.cac.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA01355; Tue, 14 May 96 13:02:07 -0700 Received: from pnl.gov (actually relay.pnl.gov) by osi-west.es.net with ESnet SMTP (PP); Tue, 14 May 1996 12:54:19 -0700 Received: from maddog.emsl.pnl.gov by pnl.gov (PMDF V4.3-13 #6012) id <01I4P37H3URK95QGYR@pnl.gov>; Tue, 14 May 1996 12:54:06 -0700 (PDT) Received: by maddog.emsl.pnl.gov (5.x/SMI-SVR4) id AA13156; Tue, 14 May 1996 12:53:59 -0700 Date: Tue, 14 May 1996 12:53:58 -0700 From: ta_harper@pnl.gov Subject: DCE 1.1 patches To: authtf@es.net Message-Id: <9605141253.ZM13154@maddog.emsl.pnl.gov> Mime-Version: 1.0 X-Mailer: Z-Mail (3.2.0 06sep94) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7BIT AuthTF - Transarc has released a new patch set for DCE 1.1 (patch level 16, fix number 17360). To obtain the US/Canada version (including DES), you must contact Transarc (412.281.5852). This patch addresses many critical problems in DCE 1.1 so you might want to scan the README below. Tom Harper -- /*<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>*/ Thomas A. Harper, Ph.D. Battelle Sr. Research Scientist Pacific Northwest National Laboratories ta_harper@pnl.gov M/S K1-87, P.O. Box 999 509.375.2150 Fax:6631 Richland, WA 99352 PGP fingerprint = E1 8F 5E 94 D3 15 72 7F 87 77 8C 4C 5C 43 7B 2F /*<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>*/ >From README.P16 ============================================================= Transarc DCE 1.1 Solaris 2.4 Patch 16 07-MAY-1996 Copyright 1996 by Transarc Corp. ============================================================= ----------------------------------------------------------------------- SECURITY NOTICE --------------- This patch contains security changes. Please read the 'Security Issue Information' included in the "Installation Instructions" section of this file. ----------------------------------------------------------------------- Binaries affected: Solaris 2.4 US ./dce1.1/bin/butc ./dce1.1/bin/cdsadv ./dce1.1/bin/cdsclerk ./dce1.1/bin/cdsd ./dce1.1/bin/chpass ./dce1.1/bin/dcecp ./dce1.1/bin/dced ./dce1.1/bin/dceident ./dce1.1/bin/dce.ps ./dce1.1/bin/dtsd ./dce1.1/bin/login.dce ./dce1.1/bin/secd ./dce1.1/bin/sec_create_db ./dce1.1/bin/sec_salvage_db ./dce1.1/dcecp/cell.dcp ./dce1.1/dcecp/user.dcp ./dce1.1/etc/dce_modules/cdsadv ./dce1.1/etc/dcesetup ./dce1.1/etc/dce_modules/dced ./dce1.1/etc/dce_modules/dtsd ./dce1.1/etc/dce_modules/nsid ./dce1.1/etc/dce_modules/secd ./dce1.1/etc/dce_modules/var ./dce1.1/etc/rc.dfs ./dce1.1/kernel/drv/krpch ./dce1.1/kernel/fs/dfs ./dce1.1/kernel/fs/lfs ./dce1.1/kernel/sys/dfscore ./dce1.1/nls/msg/en_US.ASCII/dcedcp.cat ./dce1.1/nls/msg/en_US.ASCII/dfszhs.cat ./dce1.1/nls/msg/en_US.ASCII/dfsbcm.cat ./dce1.1/nls/msg/en_US.ASCII/dfsbtm.cat ./dce1.1/share/include/xds.h ./dce1.1/share/include/xdsext.h ./dce1.1/share/include/xdsbdcp.h ./dce1.1/share/include/xom.h ./dce1.1/share/include/xomext.h ./dce1.1/share/include/xomi.h ./dce1.1/share/include/xoi.h ./dce1.1/share/include/dce/dced.h ./dce1.1/share/include/dce/aclif.h ./dce1.1/share/include/dce/dbif.h ./dce1.1/share/include/dce/dce_cf.h ./dce1.1/share/include/dce/assert.h ./dce1.1/share/include/dce/dce_msg.h ./dce1.1/share/include/dce/svcfilter.h ./dce1.1/share/include/dce/svclog.h ./dce1.1/share/include/dce/svcremote.h ./dce1.1/share/include/dce/codesets_stub.h ./dce1.1/share/include/dce/audit.h ./dce1.1/share/include/dce/gssapi.h ./dce1.1/share/include/dce/utc.h ./dce1.1/usr/lib/libaudit.a ./dce1.1/usr/lib/libdce.so.3 ./dce1.1/usr/lib/libdce.a Solaris 2.4 International ./dce1.1/bin/butc ./dce1.1/bin/cdsadv ./dce1.1/bin/cdsclerk ./dce1.1/bin/cdsd ./dce1.1/bin/chpass ./dce1.1/bin/dcecp ./dce1.1/bin/dced ./dce1.1/bin/dceident ./dce1.1/bin/dce.ps ./dce1.1/bin/dtsd ./dce1.1/bin/login.dce ./dce1.1/bin/secd ./dce1.1/bin/sec_create_db ./dce1.1/bin/sec_salvage_db ./dce1.1/dcecp/cell.dcp ./dce1.1/dcecp/user.dcp ./dce1.1/etc/dce_modules/cdsadv ./dce1.1/etc/dcesetup ./dce1.1/etc/dce_modules/dced ./dce1.1/etc/dce_modules/dtsd ./dce1.1/etc/dce_modules/nsid ./dce1.1/etc/dce_modules/secd ./dce1.1/etc/dce_modules/var ./dce1.1/etc/rc.dfs ./dce1.1/kernel/drv/krpch ./dce1.1/kernel/fs/dfs ./dce1.1/kernel/fs/lfs ./dce1.1/kernel/sys/dfscore ./dce1.1/nls/msg/en_US.ASCII/dcedcp.cat ./dce1.1/nls/msg/en_US.ASCII/dfszhs.cat ./dce1.1/nls/msg/en_US.ASCII/dfsbcm.cat ./dce1.1/nls/msg/en_US.ASCII/dfsbtm.cat ./dce1.1/share/include/xds.h ./dce1.1/share/include/xdsext.h ./dce1.1/share/include/xdsbdcp.h ./dce1.1/share/include/xom.h ./dce1.1/share/include/xomext.h ./dce1.1/share/include/xomi.h ./dce1.1/share/include/xoi.h ./dce1.1/share/include/dce/dced.h ./dce1.1/share/include/dce/aclif.h ./dce1.1/share/include/dce/dbif.h ./dce1.1/share/include/dce/dce_cf.h ./dce1.1/share/include/dce/assert.h ./dce1.1/share/include/dce/dce_msg.h ./dce1.1/share/include/dce/svcfilter.h ./dce1.1/share/include/dce/svclog.h ./dce1.1/share/include/dce/svcremote.h ./dce1.1/share/include/dce/codesets_stub.h ./dce1.1/share/include/dce/audit.h ./dce1.1/share/include/dce/gssapi.h ./dce1.1/share/include/dce/utc.h ./dce1.1/usr/lib/libaudit.a ./dce1.1/usr/lib/libdce.so.3 ./dce1.1/usr/lib/libdce.a -------------------------------------------------------------- INSTALLATION INSTRUCTIONS: The affected binaries are provided in us.tar and intl.tar files for each operating systems. The binares can be put into place by following these steps: 1. Stop all DCE processes on the machine 2. % cd / 3. % tar xvf where tar_file is the full pathname of the file containing the patches 4. If DFS is in use on this machine, either as a client or a server, you must reboot it to use the new binaries. If DFS is not in use, you may simply restart all the DCE processes. Security Issue Information regarding fix included in Patches 9 & up ---------------------------------------------------------------------- Problem Description and Resolution: The random number generator in the DCE security runtime is not being correctly seeded. A timestamp is being used instead of a secret value. This allows for the remote possibility of a password guessing attack based on the boot-time of the security server machine. Due to this problem, someone with a desktop workstation could compromise server keys. Once the enclosed patch is installed, you have the option of either manually forcing the keys to be regenerated, or waiting 8 hours for the keys to be automatically regenerated by the software. To force the keys to be regenerated, execute the following additional administrative procedures: All of the keys in the all keytabs need to be changed. For every machine in the cell: 1) Log in as root 2) Start 'rgy_edit' 3) Do a 'rgy_edit> ktlist' 4) For every unique principal listed, do the following: rgy_edit> kta -p -r -a 5) Exit rgy_edit Additional Info. ---------------- Direct network access to the DCE cell would be required to exploit this security vulnerability. (End of Security Issue Info. included in all patches form level 9 & up) ------------------------------------------ Serviceability Messages - Patches 16 & up ------------------------------------------ All files delivered in Patches 16 and greater are compiled to include serviceability debug messages. The purpose of including these messages is to increase the usefulness of the binary files when troubleshooting problems and debugging errors. Special note for installations done with the mklinks option -- if the DCE machine to be upgraded was installed using the mklinks option of dcesetup (that is a minimal installation pointing to shared binaries on a shared file system) then extra step should be taken as follows: 1. The system adminstrator must install the patch files onto the shared file system. The actual steps may vary based on the specific situation but they should resemble steps 2 and 3 as shown above. 2. If the target machine is a Solaris 2. machine running DFS, the ./dce11/kernel/* files supplied in the patch file must be copied to /kernel/* before continuing. Upon installation of the patch, the machine must be rebooted to load the new kernel drivers. 3. Following these steps the DCE can be restarted on each machine linked to the shared file system and will then be running at the new patch level Also note that a file named PATCH_LEVEL will be installed in the dce1.1 directory to indicate the current level of the DCE product installation. A final note is that a static version of the libdce (libdce.a) is included in all tar files. This static library is not often needed, and since it is quite large, you may want to delete it from your machine. This file is provided as a convenience for some development environments. -------------------------------------------------------------- Summary of fixes: - Corrects issue with cdsd dumping core when serviceability messages are enabled. - Corrects issue with deadlock occurring in function call rpc_cn_call_start(). - Fix command 'dcecp -c cell ping -clients' to include 1.0.3a clients not running dced. - Fix defect with the function 'sec_key_mgmt_manage_key()' failing with a password expired error. - Fix issue with the function 'sec_key_mgmt_manage_key()' corrupting the keytab file when the registry is read-only - Log inter-process communication ID's for cleanup later - Fixes problem with function call "sec_login_become_impersonator" causing 'secd' to drop core - Fixes defect regarding 'login.dce' not checking for a local account as documented - Resolves issue that when using integrated login, uid and gid overrides do not work - Fixes DFS communication errors when accessing DFS filespace through FORE ATM interface - Fixes issue with backup failing if a tape has not been pre-loaded - Provides wrapping in 'secd' and 'dtsd' audit logs - Fixes issues with 'dce stop' failing to stop secd - Resolves code/documentation mismatch with dce_aud_next() - Addresses problem with 'dcesetup' truncating the NTP Provider hostnm - Provides a fix to assist with resolving the issue of 'secd' core dumping when DEC client running beta software enables the DCE SIA feature (This patch should eliminate core dumping) - Fixes defect with 'dcecp user delete' not properly handling user names with embedded '/' - Solves issue with cross-cell server tickets expiring prematurely - Fixes issue with the ownership of dcecred_xxxxxxxx.data becoming corrupted and invalidating credentials - Resolves problem with xom headers not working with C++ - reserved words used - Fixes problem with DCE 1.1 dtscp hanging after several days - Fixes issue with cds objects becoming randomly corrupted - Fix the 'max_invalid_attempts' attribute to disable an account - Fix the issue with 'dcecp user delete' failing in concurrent scripts - Repairs a security issue with same-owner checks being done without reference to cellid (*SEE BELOW - Special installation info for this defect) - Provide better random number generator seeding - Fixes problem with tty size being lost due to integrated login - Fixes header files so that C++ programs can correctly identify C programs - Fixes deadlock in security client lib in cdsclerk - Allows CDS server to recognize a decrease in the number of network interfaces - Fixes the issue with 'dcesetup' failing if an AFS bosserver is running - Allows connections to be re-established when lost due to a change in the callback address - Fixed problem with RPC runtime dumping core - Permits the retrieval of OM_S_INTEGER attributes via om_get - Fixed the server from dumping core in sec_login_pvt_check_exp() - Fixed chpass to not core dump - Fixed dcesetup to wait forever for registry replicas to synchronize during configuration of slave security servers. - Removed remaining shared memory segments after abnormal termination - Corrected dced_wait infinite loop - Fixes typographical error in nsid start/stop module - Fixes secd dumping core when call to authdata decoder is incorrect - The command 'dcecp -c cell ping -clients' was fixed to return the correct status of all clients - Fixed 'dcecp principal modify' to prevent removal of fullname attribute - 'dcecp cdscache create' was changed so that binding is a required option, thereby preventing a core dump - Provides client binding handle from a RPC to potentially be used for address extraction - Provide a mechanism to identify the version of future DCE binary files installed on a system - Eliminates the incorrect issue of an error message when the security server changes state from disabled to enabled ___________________________________________________________________ Fix Details: Transarc Defect 17005 SYNOPSIS: dcecp -c cell ping -clients does not accurately return status of all clients in cell - shows OK even if some are down This defect was originally fixed in DCE 1.1 Patch 3 (see Transarc Defect 17005 below). In Patch 16, this fix was modified to work for cells containing 1.0.3a clients which do not run dced. ----------------------------------------------------------------------------- Transarc Defect 17575 SYNOPSIS: deadlock occurring in rpc__cn_call_start() An Encina application is getting hung in rpc runtime. The problem was caused by a lock of exception handlers in the kerberos routines to refresh binding credentials. If a cancel was raised while the credentials were getting refreshed, the exception would interrupt a pthread_cond_wait and the credentials would never get unlocked. Changed the locking around the CRED_REFRESH to set a flag in the binding handle indicating refresh in progress. Added a cond_wait before the call start to wait for the credentials to get refreshed before trying to use them. Added code to bump the priority of the RPC timer to PRI_OTHER_MAX to make sure that the RPC timer process doesn't get starved. -------------------------------------------------------------------- Transarc Defect 17795 SYNOPSIS: cdsd on the replica clearinghouse keeps core dumping This problem was being caused by a sprintf using an uninitialized pointer. This fix was created because cdsd was SEGV'ing in deb_ascii_btree_ct. ----------------------------------------------------------------------------- Transarc Defect 17733 SYNOPSIS: The function 'sec_key_mgmt_manage_key()' always fails with passwd The function 'sec_key_mgmt_manage_key()' always fails with a password- expired error (number 336760855, "password has expired"). This is because it looks at the current time and the password expiration time, computes the difference, sleeps that long, and then wakes up and tries to change the key. Unfortunately, since it hasn't left any slack, the password is guaranteed to be already expired when it wakes up, making it impossible to change the key. This was fixed so that 'sec_key_mgmt_manage_key' only sleeps until ten minutes before the key was set to expire (or does not sleep at all, if the key expires in less than 10 minutes). This allows time for the key to change. ------------------------------------------------------------------------- Transarc Defect 17734 SYNOPSIS: The function 'sec_key_mgmt_change_key()' corrupts keytab file if the registry is read-only If the security service is in maintenance mode when sec_key_mgmt_change_key() is called, it returns 387063988 ("bad state") as expected, but it also adds a new key to the keytab file. For example, if the current key version in the registry is 5; sec_key_mgmt_change_key() will add key version 6 to the keytab file (but of course not to the registry, since it's read-only). Now if you put the registry back into service mode, the sec_key_mgmt_change_key() function will still fail, this time with code 387063880 ("specified key already exists in key store") since it's trying to change the key from version 5 to 6 based on the registry's contents, but the keytab file already has a version-6 key. This error persists until an administrator removes key version 6 from the keytab file. This has been fixed so that if the registry update fails, the change to the keytab file is rolled back, ensuring that it stays in sync with the registry. ------------------------------------------------------------------------- Transarc Defect 17049 SYNOPSIS: Log inter-process communication ids for cleanup later CDS and DTS should log IPC (sem and shm) ids, so that they can be cleaned up in case of abnormal shutdowns. This has been fixed by logging the IPC resource IDs for cleanup later in file /opt/dcelocal/etc/cdscache.ipcid. ------------------------------------------------------------------------- Transarc Defect 17621 SYNOPSIS: The call "sec_login_become_impersonator" causes secd to drop core This problem resulted when the intermediate server calls sec_login_become_impersonator. When that funciton is called, 'secd' will sometimes drop core in rpriv_become_impersonator(). The problem was that two pointer variables were uninitialized, then were dereferenced after only conditionally being set. This patch fixes the problem by setting the variables on the else-side to innocuous values. ------------------------------------------------------------------------- Transarc Defect 16823 SYNOPSIS: The programs 'login.dce' does not check for local account as documented The DCE 1.1 release notes has the following statement: To use the login.dce command, the DCE identities of users who have DCE accunts must match their local identities. The login.dce command exits if a user's local and DCE id entities do not match. To ensure that users' DCE identities and passwords match their local identities and passwords, use the passwd_import and passwd_export commands to synchronize the local /etc/passwd and /etc/group files with the registry database. This was not happening. This defect occurred because within login.dce, it was possible to login without a local account in /etc/passwd. The login shell got the UID specified in the account information which was contained in the security registry entry. Furthermore, because of this lack of checking against the local /etc/passwd database, a security hole existed where it was possible to obtain root access to any node running unified login, when a user had acct-admin rights for the root principal in the security registry. This has been fixed by tightening the override capabilities of a user. ------------------------------------------------------------------------- Transarc Defect 17348 SYNOPSIS: When using integrated login, uid and gid overrides do not work Overriding the UID or GID field in passwd_override causes integrated login to fail, claiming that the UID or GID is too large. The reason for this is that integrated login looks at the registry to get the uid/gid, and if they're not the same as what it got in its struct passwd earlier, it assumes that that's because they overflowed. This is not the case because if they were overridden, they will not match either. The solution is to first check override entries as the file is parsed. Entries whose uid or gid override values overflow will be flagged as errors (a warning will be generated and the entry will be ignored), just as if the line was in a bad format. Second, the check for rgy value not matching struct-passwd value will only be used if the uid/gid fields were not overridden. This patch will cause overridden values to be checked as the override file is parsed, and non-overridden values will be checked as they are now. ------------------------------------------------------------------------- Transarc TRACS 16178 SYNOPSIS: Intermittant access to DFS filespace through FORE ATM interface DFS clients are unable to access DFS filespace through a FORE ATM interface. The clients receive "Connection timed out" RPC error 38231254 errors. The client will show many communication type failures when contacting the DFS servers: dfs: communication failure with server dfs: lost contact with the fileset location server ------------------------------------------------------------------------- Transarc Defect 4761 SYNOPSIS: Backup fails if no tape pre-loaded This problem was fixed by changing the code to check if a tape has been loaded, and to issue a message when one has not been. ------------------------------------------------------------------------- Transarc Defect 17451 SYNOPSIS: 'secd' and 'dtsd' should allow wrapping of their audit logs The audit logs produced by secd and dtsd are not limited in size. It was requested that they be limited, and that the writing of records to the logs would wrap once the maximum log size is reached (like auditd allows with the -s and -wrap flags). Currently the servers by default continually append to the end of their audit logs. The only action the administrator has is to manually truncate the logs, or disable logging altogether. The size of the audit trail can be limited by settting the environment variable DCEAUDITTRAILSIZE to a value (# of bytes). This is available to all audit clients. This makes the -s swith for secd and dtsd a no must. A new variable DCEAUDITTRAILWRAP has been created for wrapping audittrail. ___________________________________________________________________ Transarc Defect 17371 SYNOPSIS: dce stop fails to stop secd; perms on /.:/sec/replist wrong When stopping DCE, it was reported that 'secd' was not stopping normally. Executing "dcecp -c registry stop ncacn_ip_tcp:machine_name" Error: Registry object not found Waiting for secd to exit Waiting for secd to exit WARNING Process secd did not stop Killing secd The problem was that by the time secd is about to stop, the script (/etc/init.d/dce) is running unautheticated. Even if the script is fixed to run authenticated, it will not solve the problem because the machine principal does not have authority per the /.:/sec/replist ACL. The /etc/init.d/dce script is not an interactive scipt, and it inherits the context of self (default context). The solution is to bypass the sec. admin interface and stop the secd process in the first attempt, which is what happens if 'dcecp reg stop' fails. ___________________________________________________________________ Transarc Defect 17366 SYNOPSIS: Code/documentation mismatch with dce_aud_next() The following problem is present in the dce_aud_next() function, as compared to the OSF App Dev Guide/Reference documentation: The value for the EVENT predicate (EVENT:) is converted from the predicate string via atol(). This means that it cannot be a 0x hex value, contrary to the OSF Dev Guide pg 34-9, which shows an example EVENT=0xC01000001. This patch changes the event IDs to hexadecimal, as documented. The file security/audit/libaudit/evt_read.c was changed to provide compat. in dce_aud_next() for Event IDs. The function dce_aud_print() prints event ID in Hex. ___________________________________________________________________ Transarc Defect 17289 SYNOPSIS: dcesetup is truncating the NTP Provider hostname When configuring a DTS server machine to run NTP, the NTP provider machine is listed in NS with its full qualified IP name. Upon getting the prompt: Enter the name of an NTP Server machine. Specify the name in Internet dotted notation. When dcesetup went to start up the server, an error occurred "no such host name" and listed the first part of the full qualified name. This patch implements the solution which is to not transpose the NTP providername hostname from Internet dotted notation. ___________________________________________________________________ Transarc Defect 17197 SYNOPSIS: 'secd' is core dumping when DEC client running beta software enables the DCE SIA feature Whileparticipating in the external field test for Digital's DCE 2.0 for Digital Unix 4.0, one Alpha machine was configured under T4.0 and DCE T2.0 as client into the main cell. This worked fine as long as the DCE SIA feature was not enabled on the Alpha machine. When SIA (which makes the get* routines in libc talk to the DCE registry) is enabled, and a 'ps -ef' command is issued on the Alpha, 'secd' on the Solaris machine dumps core. This patch includes a fix to check return codes. It is possible for rs_get_login_info to pass an uninitialized pointer to dce_aud_put_ev_info if rs_misc_dce_aud_start fails. There have been bus errors reported where the stack trace shows dce_aud_put_ev_info being called from rs_get_login_info, and it's believed to be the cause. This patch is not expected to completely solve the customer problem, but it should eliminate the core dumps. ___________________________________________________________________ Transarc Defect 17162 SYNOPSIS: 'dcecp user delete' does not properly handle user names with embedded '/' 'dcecp user delete' fails if the user name contains embedded '/'. The file "user.dcp" was changed to process names with '/' included in them. ___________________________________________________________________ Transarc Defect 17360 SYNOPSIS: cross-cell server tickets expire prematurely The problem is that after initiating authenticated cross-cell RPCs, after two hours they begin failing with rpc_s_auth_tkt_expired (382312679): Authentication ticket expired (dce / rpc), even though klist shows that the client still has a valid identity. After running kinit to refresh identity, the issue is resolved. Tickets for servers in remote cells were not getting refreshed properly after expiration. The problem was caused by a missing flag in krb5_get_cred_from_kdc, which was looking in the credential cache for a krbtgt for the remote cell, and finding one and using it without regard to whether it was expired. This change ensures that it will not use an expired foreign krbtgt, but rather try to get a new one. ___________________________________________________________________ Transarc Defect 17358 SYNOPSIS: The ownership of dcecred_xxxxxxxx.data can become corrupted, invalidating credentials The customer reported that while being logged into UNIX as encina, and dce-logged-in as encina_admin (with encina_admin appearring in the /etc/passwd file), after doing a kinit, the DCE credentials were unusable. This problem was traced to an ownership problem in /opt/dcelocal/var/security/creds. The dcecred_xxxxxxx file was owned by encina, as it should be, but dcecred_xxxxxxxx.data was owned by encina_admin. Since both files are readable only by their owner, the .data file could not be read and thus had only half an identity. This was fixed by eliminating "over zealous chowning". ___________________________________________________________________ Transarc Defect 17251 SYNOPSIS: xom headers will not work with C++ - reserved words used and no extern "C" enclosing API prototypes When attempting to utilize the XOM interface, on Solaris 2.4, DCE 1.1 and C++, compile errors on reserved words and name mangling of API prototype calls is occuring. The issue with enclosing API protoypes is fixed in defect 17117. The issue with C++ reserved words being present in the header files, is is fixed by renaming the C++ reserved words (from "class" to "class_id"). ___________________________________________________________________ Transarc Defect 16899 SYNOPSIS: DCE 1.1 dtscp hangs after several days After 2 to 3 days of running dts services on a DCE 1.1 client machine, dtscp will fail to be able to perform any commands. At the time of the failure, a dce.ps shows that the dtsd is still up, and can be pinged (and responds). They have two dts time service servers, both connected to ntp in the cell and at the time of the failure, they both appear to be up and okay. The audit trail files dts_aud_trail and dts_aud_trail.md_index both had last been updated at about the time that the dtscp started hanging. The problem machine seemed to develop a clock skew -- indicating that synchronization is not happening. Shutting down and restarting dce temporarily clears up the problem. The file events.c was changed to guard against exceptions in the functions WaitForMainEvent() and WaitForEventResp(). ___________________________________________________________________ Transarc Defect 17486 SYNOPSIS: cds object uuids sporadically corrupted This fix eliminates the possibility of an inconsistent index. Index errors are caused by the target of index entries being removed. The danger occurs when the last entry in the bucket is removed. It is that the key which points to the bucket is no longer valid, but is not itself removed. If an entry is inserted which is less that that key but later than any other entry in the bucket. Then the code does not insert it into that bucket, but into a following bucket, thus invalidating the key ordering. Another issue is that when replacing keys, we must insure that the key to the first bucket is never lost. If this did happen, there would never be any way to get at these records. The short term strategy is to crash under these conditions and let server restart correct the situation, as the system is overloaded anyway. The long-term solution would be to sacrifice other keys to replace that first key. ___________________________________________________________________ Transarc Defect 15877 SYNOPSIS: Setting max_invalid_attempts attribute never disables the account Setting the max_invalid_attempts registry attribute for a principal does no good, the principal can attempt to log in unsuccessfully as many times as wanted and still login successfully when the account should be disabled. **The following items should be noted because without this information, it can appear that this defect is still not fixed: * The ERAs "max_invalid_attempts" and "disable_time_interval" must BOTH be set in order for the account to be disabled (this is in the documentation). * The "Transarc DCE Administration Guide - Core Components" states on page 20-12 that disable_time_interval is in minutes. This is incorrect; it's in seconds. Setting it to a value of 5 will make the account become valid again after only 5 seconds, which can look like it never became invalid in the first place. This documentation defect will be fixed in the next release. ___________________________________________________________________ Transarc Defect 17200 SYNOPSIS: 'dcecp user delete' fails in concurrent scripts This defect of dcecp simultaneous user failure was due to the problem that "user delete" uses "principal catalog" followed by "principal delete", and that "principal catalog" uses a cursor and the sec_rgy_pgo_get_next function to walk through the registry database. If "principal delete" happened to delete an item while the "principal catalog" cursor pointed at that same item, sec_rgy_pgo_get_next would return sec_rgy_object_not_found, which is propagated back to the script and causes it to exit (before doing anything to the principal in question). This was to do with the way the registry cursors were designed. A "fix" for this defect is implemented via a workaround. ___________________________________________________________________ Transarc Defect 7343 SYNOPSIS: Same-owner checks are done without reference to cellid **IMPORTANT INSTALLATION NOTE** IF YOU ARE A DFS CUSTOMER, THIS FIX REQUIRES THAT THE SYSTEM BE RE-BOOTED AFTER THIS PATCH HAS BEEN APPLIED IN ORDER FOR THE CHANGES TO TAKE AFFECT. Control permissions are being granted to files when the caller happens to share a userid with the file's owner, regardless of whether the owner and the caller happen to be in the same cell. This fix closes a security hole by doing a match on cell/realm ID as well as on userid/principal id when granting control/write access to the owner of a file. ___________________________________________________________________ OSF OT# 13349 SYNOPSIS: Provide improved random number generator seeding The file 'secd' currently uses an all-zero keyblock to seed its random number generator, RNG. This fix strengthens 'secd' to use something more random. ___________________________________________________________________ Transarc Defect 15984 SYNOPSIS: TTY size lost by integrated login The problem is the tty size lost by integrated login; rlogin/telnet to a system using the Transarc integrated login results in tty window size being reset to a default instead of the size of the originating window. The vendor provided login does not lose the size. The terminal info was lost because the program was explicitly setting it to 0x0. It no longer does that; it now preserves the ttysize that it had when it was exec'ed. ___________________________________________________________________ Transarc Defect 17117 SYNOPSIS: File 'utch.h' no longer has _C++ extern "C" around prototypes The include file no longer has the standard #ifdef __cplusplus extern "C" block around its prototypes to ensure that C++ programs would see the functions as C functions. This means that attempts to use utc.h will cause all of the functions defined in it to be undefined at link time (since the functions will be compiled into mangled names, which won't match libdce at link time). Additionally, the files audit.h, aclif.h, dce_svc.h, dced.h also appear to have the same problem, based on a cursory look through the include files. ___________________________________________________________________ Transarc Defect 17269 SYNOPSIS: Deadlock in security client library in cdsclerk This is a case of distributed deadlock resulting from the implementation vagaries of RCA (sec. client lib) cache. This defect was fixed to ensure that clerk does not inherit the login context. ___________________________________________________________________ Transarc Defect 17283 SYNOPSIS: CDS server is oblivious when changed from a dual IP address machine to a single IP address machine When IP addresses are added/removed CDS should notices this when it restarts and update the information. Without restarting the cds server, this information should be refreshed when the following commands are performed: %cdscp clear clear /.:/foo_ch %cdscp creat clear /.:/foo_ch However the above commands, showed no change in the CDS attributes, neither did restarting the CDS server nor rebooting the machine. Since the IP address existed even after rebooting the machine, it appears that CDS is unaware in regards to the lack of an IP address. Upon further investigation : %cdscp clear clear /.:/foo_ch %cdscp creat clear /.:/foo_ch did not fix the situation. The issue was that bindings are obtained when server does RPC runtime init, and it happens only during start up. This patch fixes the case where a decrease in the number of network interfaces was not recognized. ___________________________________________________________________ Transarc Defect 4822 SYNOPSIS: 'dcesetup' fails if the AFS bosserver is running An afs machine, which is also an afs server machine, therefore has an afs-bosserver running. The dcesetup script checks whether or not bosserver is running, and thus fails to invoke the dce bosserver (seeing there is already a bosserver running)! This defect is fixed by installing a hard link "dcebosserver" to "bosserver". This link will be used by dcesetup to invoke the bosserver. This will allow dcesetup to use ps to distinguish between the AFS and DFS bosserver that may be running on the same machine. The dce bosserver will show up as "dcebosse" in a ps listing. ___________________________________________________________________ Transarc Defect 7179 SYNOPSIS: Problem detecting a change in the callback address which prevents the connection from being re-established Allow clients to migrate to a new client port number (endpoint). The client can indicate that it wants to open up shop with a new client-side port number, but retaining the old UUIDs and all the same token state, by making an AFS_SetContext call with a different port number from the one that had been used earlier. Also, most outgoing TKN_xxx calls were being done within the pair fshs_StartCall()/fshs_EndCall(), which effectively serialized all outgoing TKN_xxx calls from a server to a given client of that server. The only renegade was TKN_AsyncGrant. This delta adds the TKN_AsyncGrant call to the set of serialized calls, in order to lock TKN_AsyncGrant calls out from the code path that rebuilds the outgoing binding from the server, protecting those calls from seeing intermediate states, or from using a binding to make an RPC call that another thread is about to destroy. Lastly, some simple-minded defense was added to the fshost module, so that if a server is unable to revoke tokens for RPC or security reasons for several calls in a row, and its revocation attempts have been unsuccessful for several minutes, then the fshost module may declare that host DOWN, allowing its tokens to be revoked, even if the host is continuing to make a stream of calls to the server and thus refreshing its lastCall value. ___________________________________________________________________ Transarc Defect 16385 SYNOPSIS: 'secd' dumps core Fixed problem with server RPC runtime dumping core under the following scenario: 1. Received bind packet from machine with different byte swapping. 2. Reject binding due to bad association group number (unrelated to this bug). 3. Received bind packet from machine with same byte ordering. The problem was that the raw_packet buffer was allocated upon receipt of the byte swapped packet, but when it was rejected, the bind did not free the raw_packet buffer. Later, when a bind packet was received from a machine with the same byte ordering, a raw_packet buffer is not allocated, but there is code later that checks for its existence and uses the values within. Since the old raw_packet was left around, it was used inappropriately. ___________________________________________________________________ Transarc Defect 17250 SYNOPSIS: Unable to retrieve OM_S_INTEGER attributes from a CDS object via om_get Integer types were being lost. The function make_values_contiguous() ensures that this will not happen by copying the attribute values into one piece of contiguous space. ___________________________________________________________________ Transarc Defect 16912 SYNOPSIS: server core dumped in sec_login_pvt_check_exp() Problems with freeing the login context caused the server to core dump in sec_login_pvt_check_exp(). ___________________________________________________________________ Transarc Defect 16662 SYNOPSIS: chpass invoked with anything other than the -p switch core dumps File chpass.c was changed to make mkstemp() writable, thereby preventing a core dump. ___________________________________________________________________ Transarc Defect 17158 SYNOPSIS: dcesetup fails in slave secd configuration when replicating a large security registry. Allow secd_slave_sync to process indefinitely while attempting to synchronize the security registry replicas, rather than terminate after x number of minutes. ___________________________________________________________________ Transarc Defect 17047 SYNOPSIS: /etc/init.d/dce stop left behind shared memory segments after cdsd was abnormally terminated. Remove semaphore and shared memory segments left over from abnormal termination of cdsd. 'dcesetup' will attempt to remove shared memory and semaphore identifiers after cdsadv and dtsd are shutdown by scanning the file /opt/dcelocal/etc/cdscache.ipsid and the file var/adm/time/dts_ipc_id for identifiers, and calling ipcrc to remove them. ___________________________________________________________________ Transarc Defect 17153 SYNOPSIS: /etc/dce_modules/dced's dced_wait looped infinitely, prohibiting a reboot of the client. The etc/dce_modules/dced startup script was changed to allow a client to reboot even if the master security server is not running. This was accomplished by eliminating the infinite loop associated with dced_wait. ___________________________________________________________________ Transarc Defect 16891 SYNOPSIS: nsid start/stop module has a typo on line 36, 'return' is misspelled in the function nsid_top(). Misspelled word was corrected. ___________________________________________________________________ Transarc Defect 16964 SYNOPSIS: Secd dumps core when call to authdata decoder is incorrect The problem is caused by an incorrect call to the authdata decoder function, which was using the wrong number of levels of indirection. A change was made in the file do_tgs_req.c (function process_tgs_req) to use a temporary variable to get the right number of indirections. ___________________________________________________________________ Transarc Defect 17005 SYNOPSIS: The command 'dcecp -c cell ping -clients' does not accurately reflect the state of clients in a DCE 1.1 cell If a client node is not up (DCE processes are not running), the command still returns a status of 1 (DCE Clients available). 'dcecp cell ping -clients' was implemented incorrectly in the tcl script cell.dcp. 'dcecp' is doing a server ping on /.:/hosts/hostname, which is not a server, but a CDS directory. The binding handle obtained for the CDS directory is the UUID of the CDS directory, and the protocol, machine, and port of CDS, not the relevant binding handle for dced on the requested client. As a result, the clients' dceds are never being pinged -- all pings are going to cdsd. The script was changed to server ping /.:/hosts/hostname/config in order to actually reach each client's dced. ___________________________________________________________________ Transarc Defect 16961 SYNOPSIS: 'dcecp principal modify' seems to remove fullname attribute The full name of a principal was being lost when the principal was modified via dcecp. attr_info was initialized in principal_modify() to correct the problem. ___________________________________________________________________ Transarc Defect 16977 SYNOPSIS: 'dcecp cdscache create', with invalid server and no binding, core dumps The file which executes dcecp cdscache create has been modified so that binding is a required option: dcecp> cdscache create /.:/test Error: No binding. ___________________________________________________________________ Transarc Defect 6909 SYNOPSIS: Callback to CM should try more known addresses In multi-homed clients, the CM may make an unfortunate choice of IP address to send along in the AFS_SetContext call, if any of the IP addresses that the client uses may not be reachable from all file servers. The CM/FX protocol allows transmission of only one such IP address from the client's collection, but the server can also tell what IP address was used for the incoming SAFS_SetContext RPC and might be able to try both candidates. Sometimes, for a multi-homed client, the address that the CM picks to send as an AFS_SetContext argument isn't reachable from the server. Alternatively, that address works, but is not the best route from the server back to the client. In either case, another address for the client might be available to the server, not as an explicit parameter given in the AFS_SetContext argument list, but rather as the address that's part of the binding handle with which the server has been called. The fix is to have fshs_CreateHost take an additional argument: the client binding handle from the AFS_SetContext RPC itself, so that the addressing information can be extracted from that handle. -------------------------------------------------------------- Transarc Defect 10685 SYNOPSIS: DCE/DFS binary files did not have a mechanism built-in to determine the version number of the files. This fix embeds the version number in the files for DCE/DFS programs, shared libraries, and scripts. It also created a new file, dceident, which is the tool used to read the embedded version number. The syntax of the command is simply: dceident {file_name}, example: dceident libdce.so.3 -------------------------------------------------------------- Transarc Defect 16738 SYNOPSIS: The security server issues an error message when the registry is changed from a disabled to an enabled state. The security server issued an error message ("Error: security server program error") when changing from a disabled to an enabled state. However, if the command "registry enable" was entered a second time, it worked, and no error message was issued. The fix clears the status in in rs_prop_tasks_setup() on success, eliminating the error message from being issued for this non-error condition. -------------------------------------------------------------- Special note for installations done with the mklinks option -- if the DCE machine to be upgraded was installed using the mklinks option of dcesetup (that is a minimal installation pointing to shared binaries on a shared file system) then extra step should be taken as follows: 1. The system adminstrator must install the patch files onto the shared file system. The actual steps may vary based on the specific situation but they should resemble steps 2 and 3 as shown above. 2. If the target machine is a Solaris 2. machine running DFS the ./dce1.0.3a/kernel/* files supplied in the patch file be copied to /kernel/* before continuing. Upon installation of the patch the machine must be rebooted to load the new kernel drivers. 3. Following these steps the DCE can be restarted on each machine linked to the shared file system and will then be running at the new patch level Also note that a file PATCH_LEVEL will be installed in each of the dce1.0.3a, ncs and netls directories to indicate the current level of the DCE product installation. A final note is that a static version of the libdce (libdce.a) is included in all tar files. This static library is not often needed and since it is quite large you may want to delete it from your machine. This file is provided as a convenience for some development environments. 15-May-1996 08:46:21 -0700,5252;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Wed, 15 May 1996 08:46:21 -0700 (PDT) Return-Path: Received: from saul2.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA16806; Wed, 15 May 96 08:46:20 -0700 Received: from localhost by saul2.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA11174; Wed, 15 May 96 08:46:12 -0700 Date: Wed, 15 May 1996 08:46:12 -0700 (PDT) From: Yonah Karp To: DCE Meeting Minutes -- Douglas Luft , Donn Cave , James W DeRoest , Jim Fox , Tracy Stenvik , Ken Lowe Cc: Lori Stevens , Oren Sreebny , Sandra Moy , Sid McHarg Subject: DCE meeting minutes from 5/10/96 Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ======== 05/10/96 DCE/ Uniform Namespace Meeting ======== PRESENT: Donn Cave, Jim Deroest, Jim Fox, Yonah Karp, Doug Luft, Tracy Stenvik. NEXT MEETING: Friday, 05/24/96, 10:30 a.m. SPECIAL GUEST: David Lemson of University of Illinois. Jim DeRoest talked about security plans which were discussed at a recent high-level meeting. Main components are GSSAPI, authorization server, state server. TSAT, Li, and departmental data will be available via Web (through SSL and the yet-to-be- defined UW security API) if the user has the right authorization. The state server is a kind of a ticket cache, and is something like OSU's model -- it will keep track of the ticket so that when a user attempts access via the Web, the state server will know what privileges that individual has. The authorization server is kind of a ticket-granting-ticket server. UW-ish tickets can be exchanged for DCE/ Kerberos tickets. There have been requests from campus which imply the need for a campus-wide uniform namespace. A (server) knowledge of departmental userid@host's connection with related userid@u is a need some folks have expressed. Doug Luft, Eliot Lim, Jim Blankenship, Sid McHarg, and Donn Cave will be the five who attend the OSF DCE Symposium in Vancouver May 21-23. Jim Fox discussed the current test model (the one Ingersoll wrote which is derived from work at Michigan). He feels the current test is not getting at what we need -- we don't load the database weekly. Instead, we should: Load the DB (once). Then run various test transactions: 1) unauthenticated rpc: sendmail asking Li for mail forwarding (Uses string binding, which means that you're specifying the host directly and not asking the CDS.) 2) authenticated rpc: create new id --> Li & security server 3) another authenticated rpc: password changes --> sec server Donn suggested 4) IMAPd which came up last time. Another suggestion (which we were rather unclear about, as Ken wasn't there) 5) Use Ken's helper --> Li LI could be a global resource for CUF info. (It's not at present.) For each of 1-5, we need to determine the current rate of each of these types of transactions that our software is running now (e.g. how many password changes and Li forwarding lookups per minute?). When we test, we can start with 100% of this load, and then add more load to simulate peak situations like fall quarter, growing numbers of ancillary UW users who will connect to our systems, and a larger Li. Li will very likely expand to serve other purposes; a very big RPC'd Li may be in our future, and Li may also need to be a front end for the CDS. TSAT data will eventually need to be in Li. So the bigger tests will need to use a big Li which has many more fields and many more accesses, and multiple times the number of transactions. Yonah brought up some variables which we'll want to increment in our tests: 1) number of hosts in the cell 2) who's master/ who's slave 3) number of replicas 4) size of secd at start 5) size of registry when test is run Jim DeRoest also added 6) Bob Russell's suggestion to not put cdsd & secd on same server Jim DeRoest reminded us of the work that Russell did -- 9 logins/ second took 40% of a 540. One idea is to use a site file (in tulsa) rather than the CDS. Any program looking for the security server would first use a cached hostname (/cluster/etc/... possibly). If that failed the program would ask the CDS for the security server's address. Other servers' addresses could be cached in a similar manner (e.g. LI). Of paramount importance is the need to limit the load on the CDS. Jim Fox showed us a test script which implements some of these ideas. Yonah will work further with Jim on this testing. Sid is interested in Gradient products. Yonah will bug Gradient as they have not gotten back to her since her last query. Yonah 16-May-1996 19:28:19 -0700,1901;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Thu, 16 May 1996 19:28:18 -0700 (PDT) Return-Path: Received: from mailer15.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA16726; Thu, 16 May 96 19:28:18 -0700 Received: from mx1.cac.washington.edu by mailer15.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA25227; Thu, 16 May 96 19:28:18 -0700 Received: from homer02.u.washington.edu by mx1.cac.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA03888; Thu, 16 May 96 19:28:17 -0700 Received: from localhost by homer02.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA16290; Thu, 16 May 96 19:28:16 -0700 Date: Thu, 16 May 1996 19:28:15 -0700 (PDT) From: Eliot Lim To: jim deroest , Jim Fox , Ken Lowe , Yonah Karp Subject: dce "goodies" Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII i finally got around to looking at the contents of the developer's connection cdrom that we got at the conference. there seems to be a lot of dce tools, examples, documentation and stuff in there. i don't know how much of it is useful, but i'm sure some of it is.. e.g. a "dcemake" utility that generates dce stubs automatically for you. i also came across mention of a cross platform DCE porting document. things are still not very neatly organized at this point (they were that way on the cdrom too) but if you want to take a look they are on ozzo and /s1/devcon10. i am trying to get the browser tool working so that going through the stuff would be easier. it's still quite a mess in there. eliot 24-May-1996 13:56:18 -0700,2047;000000000001 Return-Path: Received: via tmail-4.0(2) for deroest; Fri, 24 May 1996 13:56:18 -0700 (PDT) Return-Path: Received: from mailer1.u.washington.edu by franklin01.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA23292; Fri, 24 May 96 13:56:17 -0700 Received: from mx1.cac.washington.edu by mailer1.u.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA33347; Fri, 24 May 96 13:56:16 -0700 Received: from osi-west.es.net by mx1.cac.washington.edu (5.65+UW96.04/UW-NDC Revision: 2.33 ) id AA10045; Fri, 24 May 96 13:56:15 -0700 Received: from sass165.sandia.gov by osi-west.es.net with ESnet SMTP (PP); Fri, 24 May 1996 13:50:34 -0700 Received: from sahp044.sandia.gov (sahp044.sandia.gov [134.253.14.211]) by sass165.sandia.gov (8.6.12/8.6.12) with SMTP id OAA06208; Fri, 24 May 1996 14:50:33 -0600 Message-Id: <199605242050.OAA06208@sass165.sandia.gov> Received: by sahp044.sandia.gov (1.38.193.4/16.2) id AA13089; Fri, 24 May 1996 14:54:34 -0600 From: Glenn Machin Subject: Re: DCE 1.1 patches To: ta_harper@pnl.gov Date: Fri, 24 May 96 14:54:34 MDT Cc: authtf@es.net, bhoward@llnl.gov In-Reply-To: <9605141253.ZM13154@maddog.emsl.pnl.gov>; from "ta_harper@pnl.gov" at May 14, 96 12:53 (noon) Mailer: Elm [revision: 70.85] More good news about this patch. Some time ago I noted that using MIT's kerberos libraries and passing information over in the authorization field during a TGS request a user could crash the DCE secd. Well with help from Joe Ramus, we determined that this patch corrects that problem. Now lets hope Transarc passed these fixes on to OSF (and HP ) so that this problem is fixed everywhere. -- Sandia National Laboratories | Glenn Machin Dept. 4621, MS 0806 | Email: gmachin@sandia.gov P.O. Box 5800 | Phone: (505) 844-8828 Albuquerque, NM 87185-0806 | Fax: (505) 844-2067