DCE and DFS for Linux Installation and Configuration Guide
6 —
Modifying Cell Configuration
[Previous]
[Next]
[Contents]
[Index]
6.1 Overview of Cell Re-Configuration
This chapter describes how to modify the configuration of a DCE cell, and contains the following sections:
6.1 Overview of Cell Re-Configuration
6.2 Adding a Replica CDS Server
6.3 Adding a Replica Security Server
6.4 Adding a DTS Local Server
6.5 Adding a DTS Global Server
6.6 Adding a Null Time Provider
6.7 Adding an NTP Time Provider
6.8 Enabling Auditing
6.9 Adding Kerberos 5
6.10 Adding PKSS Server
6.11 Adding Password Management Server
6.12 Registering a Cell in X.500
From the DCE Setup Main Menu, go to the Configuration Choice Menu, and choose option 6 (Modify DCE Cell Configuration). The choices are outlined in Table 6-1.
*** Modify Configuration Menu ***
1) Add Replica CDS Server
2) Add Replica Security Server
3) Change from DTS Local Server to DTS Clerk
4) Change from DTS Local Server to DTS Global Server
5) Add Null Time Provider
6) Add NTP Time Provider
7) Enable Auditing
8) Add Password Management Server
R) Return to previous menu
8) Enable Kerberos 5
9) Add PKSS Server
Please enter your selection (or '?' for help):
NOTE:
The operations in the following table require superuser (root) privileges.
6.2 Adding a Replica CDS Server
You can create a replica of the master CDS server on your machine, if your machine has already been configured as a client, or has not yet been configured for DCE.
This example is for a system not configured for DCE. If already a client, steps 3-8 are not needed.
-
Get to the Modify Configuration Menu from the DCE Setup Main Menu, choosing option 1 Configure, then option 6 Modify.
-
Choose option 1 (Add Replica CDS Server). At the prompt:
Would you like to search the LAN for known cells? (y/n) [y] :
-
-If you know the name of your DCE cell, answer no.
-To view a list of available DCE cells, answer yes to view a list of
available DCE cells.
While it prepares the list, another prompt is displayed:
Please enter your DCE hostname [myhost]:
-
Take the default or enter your DCE hostname.
At the prompt:
Please enter the name of your DCE cell:
-
Enter the name of the cell as listed in step 3, or from your own sources.
At the prompt:
Is this time correct? (y/n):
-
Be sure that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify n, and the procedure exits to the operating system to allow you to reset the system time.
After you correct or verify the time, specify y,
At the prompt(s):
Do you want this system to be a DTS Server (y/n/?) [y]:
Do you need the Distributed Time S Service (y/n/?) [y]:
-
Accept the defaults.
After the prompts:
Enter Principal Name:
Password:
-
Enter the Principal Name and Password
The procedure begins to configure the system as a client.
If you get the prompt:
Do you wish to delete this principal now (y/n/?) [y]:
-
Answer y to delete the principal.
At the prompt:
Do you wish to delete these objects? (y/n/?) [y]:
-
Answer y to delete the objects.
If you get the prompt:
Do you wish to delete these principal now (y/n/?) [y]:
-
Answer y to delete the principals.
At the prompt:
What is the name for this clearinghouse? (Type '?' for help) [myhost_ch]:
-
Accept the default or specify a name for this clearinghouse that is unique in this cell, using OFS conventions.
The root directory from the CDS master server is replicated.
At the prompt:
Do you wish to replicate more directories? (y/n/?):
-
You can replicate more directories, if you want, by answering y. To identify other directories, see the Administrator's Guide, ch. 5: Managing CDS REplicas..............
At the prompt:.
Enter the name of a CDS directory to be replicated (or '?' for help):
-
Enter the name of a CDS directory existing in the master CDS namespace that you want to replicate on this system. Type the directory name without the /.:/ prefix (it is added automatically). When you are done, press only the <Return > key.
At the prompt:
Do you want to run the DCE Configuration Verification Program?
(y/n/?) [y]:
6.2.1 Removing a Replica CDS Server
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
If your system is configured as a Replica CDS Server, the first option on the Modify Configuration Menu will show as "Remove Replica CDS Server" instead of as "Add Replica CDS Server".
*** Modify Configuration Menu ***
1) Remove Replica CDS Server
2) Add Replica Security Server
...
At the prompts:
Enter Principal Name:
Password:
-
Enter the Principal Name and Password.
At the prompt:
Are you sure you want to continue (y/n) [y]:
-
Press Return.
You will not affect the rest of your system's DCE configuration.
The Configuration Choice Menu is displayed after the Security Replica is removed.
6.3 Adding a Replica Security Server
-
To add a replica security server to your system, choose option 2 (Add Replica Security Server) from the Modify Configuration Menu.
Would you like to search the LAN for known cells (y/n) [y]:
At the prompt:
Please enter your DCE hostname [myhost]:
-
Take the default or enter your DCE hostname.
At the prompt:
Please enter the name of your DCE cell (or '?' for help) [first listed]:
-
Enter the name of the cell as listed, or from your own sources.
At the prompts:
The local system time is: Wed Jul 12 11:38:14 1998
Is this time correct? (y/n): y
-
Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify n, and the procedure exits to the operating system to allow you to reset the system time.
After you correct or verify the time, specify y, and the procedure continues
with the following messages (if you have DECnet/OSI installed and
configured). After the prompts:
Do you need the Distributed Time Service? (y/n/?) [y]:
-
Answer the prompts about using this system as a DTS server. Defaults should be adequate.
At the prompts:
Enter Principal Name:
Password:
-
Enter the Principal Name and Password.
Obtain the password from your cell administrator.
At the prompt:
Do you wish to delete this principal now? (y/n/?) [y]:
-
Press Return to delete the principal.
At the prompt:
Do you wish to delete these objects? (y/n/?) [y]:
-
Press Return.
At the prompt:
Enter the security replica name (without subsys/dce/sec) [this host]:
-
Accept the default or name the security replica.
A screen describes a `keyseed' and prompts you to enter a keyseed.
*************************************************************
* Starting the security server requires that you supply *
* a 'keyseed.' When asked for a 'keyseed,' type some *
* random, alphanumeric keystrokes, followed by RETURN. *
* (You won't be required to remember what you type.) *
*************************************************************
Enter keyseed for initial database master key:
-
Enter random numbers and letters, as the keyseed.
-
The Configuration Choice Main Menu is displayed when the Replica Security Server is configured.
Do you want to run the DCE Configuration Verification Program? (y/n/?) [y]:
If you type y to run the CVP at this time, you see the following display:
Executing DIGITAL DCE V3.1 (Rev. 635) for Compaq Tru64 UNIX CVP (please
wait)
copyright (c) Digital Equipment Corporation. 1998. All Rights Reserved.
Verifying...........
DIGITAL DCE V3.1 (Rev. 635) for Compaq Tru64 UNIX CVP completed successfully
6.3.1 Removing a Replica Security Server
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
If your system is configured as a Replica Security Server, option 2 in the
Modify Configuration Menu will show as Remove Replica Security Server
instead of as Add Replica Security Server.
*** Modify Configuration Menu ***
1) Add Replica CDS Server
2) Remove Replica Security Server
3) Add DTS Local Server
.) ...
-
Choose option 2 Remove Replica Security Server. Its removal does not affect the rest of your system's DCE configuration.
At the prompts:
Enter Principal Name:
Password:
-
Enter the Principal Name and Password.
The Configuration Choice Menu is displayed after the Security Replica is removed.
6.4 Adding a DTS Local Server
If you want to add a DTS server to your machine, you can do so on a system that has already been configured as a client, or on a system that has not yet been configured for DCE. The following example assumes no prior configuration. If already a client, steps 4-9 are not needed.
-
From the DCESetup Main Menu, choose option 1 Configure.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
from the Modify Configuration Menu, choose option 3 (Add DTS Local Server). At the prompt:
At the prompt:
Would you like to search the LAN for known cells? (y/n) [y]
-
Press Return.
At the prompt:
Please enter your DCE hostname [myhost]:
-
Press Return.
The procedure displays an alphabetical list of the cells within broadcast
range. At the prompt:
Please enter the name of your DCE cell (or '?' for help) [first_cell]:
-
Supply the name of the DCE cell from the list. Type the cell name without the /.../ prefix; it is added automatically.
After the prompts:
The local system time is: Thu Jul 13 10:32:25 1998
Is this correct? (y/n):
-
Check the time on your server and the your host, and respond to this prompt.
-
At the prompts, enter your principal name and password
At the prompt:
Do you wish to delete this principal now? (y/n/?) [y]:
-
Press Return.
dcesetup configures your machine as a security client and a CDS client.
At the prompt:
Do you wish to delete these objects? (y/n/?) [y]:
-
Press Return.
At the prompt:
Press <RETURN> to continue:
-
Press Return.
When configured the script returns to the Configuration Choice Menu.
6.4.1 Change from DTS Local Server to DTS clerk
After your system is configured as a DTS Local Server, option 3 shows as: "Change from DTS Local Server to DTS clerk."
-
From the Configuration Choice Menu, Choose option 6.
*** Modify Configuration Menu ***
1) Add Replica CDS Server
2) Add Replica Security Server
3) Change from DTS Local Server to DTS clerk
4) Add DTS Global Server
...
-
Choose option 3 Change from DTS Local Server to DTS clerk. This changes the configuration from server to back to clerk, but does not affect the rest of your system's DCE configuration.
6.5 Adding a DTS Global Server
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
Choose option 4 Add DTS Global Server.
At the prompt:
Would you like to search the LAN for known cells? (y/n) [y]
-
Press Return.
At the prompt:
Please enter your DCE hostname [myhost]:
-
Press Return.
After you enter your DCE hostname, the procedure displays an
alphabetical list of cells it has found within broadcast range of your
system. At the prompt:
Please enter the name of your DCE cell (or '?' for help) []:
-
Choose the name of the DCE cell that you want to join. If you do not know the name of the cell, consult your network administrator. Do not add the /.../ prefix to the cell name; the procedure automatically adds it.
If you enter a cell name that is not on the list of cell names, the procedure
assumes you are performing a WAN configuration, and asks you to enter
the hostname of the master CDS server for your cell.
At the prompt:
The local system time is: Thu Jul 13 10:36:36 1998
Is this time correct? (y/n):
-
Make sure you check that the correct time is displayed before you continue with the configuration. If the time is incorrect, specify n, and the procedure exits to the operating system to allow you to reset the system time.
After you correct or verify the time, specify y.
At the prompts:
Enter Principal Name: cell_admin
Password:
-
Enter the Principal Name and Password. (Obtain from your cell administrator)
At the prompt:
Do you wish to delete this principal now? (y/n/?) [y]:
-
Press Return.
dcesetup configures your machine as a security client and a CDS client.
At the prompt:
Do you wish to delete these objects? (y/n/?) [y]:
-
Press Return.
Do you want to run the DCE Configuration Verification Program? (y/n/?)
[y]:
The DCE Configuration Verification Program (CVP) exercises the
components of DCE that are running in this cell. It requires approximately
1 to 2 minutes to run.
If you type y to run the CVP at this time, you see the following display:
The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted. When the procedure is completed, the DCE Configuration Choice Menu is redisplayed.
6.5.1 To change from DTS Global Server to DTS Clerk
If your system is configured as a DTS Global Server, option 4 becomes
"Change from DTS Global Server to DTS clerk."
-
From the Configuration Choice Menu, choose option 6 Modify DCE cell configuration.
*** Modify Configuration Menu ***
1) Add Replica CDS Server
2) Add Replica Security Server
3) Add DTS Local Server
4) Change from DTS Global Server to DTS clerk
5) Add Null Time Provider
...
-
Choose option 4 Change from DTS Global Server to DTS clerk.
When the procedure is completed, the Configuration Choice Menu redisplays.
6.6 Adding a Null Time Provider
The null time provider allows DTS to set the inaccuracy without setting the time or modifying the host system time. You can configure Null Time Provider on a configured server OR CLIENT, not on an unconfigured system.To add a null time provider to your system:
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 5 Add Null Time Provider.
The configuration adds and starts the null time provider, displaying the
following messages:
Starting Null Time Provider (dts_null_provider)...
Press <RETURN> to continue:
-
Press Return. When the procedure is completed, the Configuration Choice Menu redisplays.
6.6.1 Removing a Null Time Provider
-
From the Modify Configuration Menu, choose option 5, now labeled Remove Null Time Provider
The Configuration Choice Menu appears at completion.
6.7 Adding an NTP Time Provider
If your site uses Network Time Protocol (NTP) to set system time, you can use those time signals to synchronize DTS. One DTS server uses the NTP time provider software to synchronize with NTP. That DTS server synchronizes with other DTS servers using DTS time signals. NTP cannot be configured on a client. Refer to the OSF DCE Administration Guide — Core Components volume for further information about getting time from NTP time sources.
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 6 Add NTP Time Provider.
Enter the hostname where the NTP server is running:
-
Enter your system's hostname using the fully qualified machine name.
At:
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.7.1 Removing an NTP Time Provider
-
From the Modify Configuration Menu, choose option 6, now labeled Remove NTP Time Provider
At:
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.8 Enabling Auditing
DCE auditing facilities detect and record critical events in distributed applications. To enable auditing on your system:
-
From the DCESetup Main Menu, choose option 1 Configure.
When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 7 Enable Auditing.
The procedure begins configuring the Audit daemon and prompts you to
log in to the cell.
-
At prompts, enter the Principal Name and Password
After you log in, the procedure creates default filters and configures the
Audit daemon.
At:
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.8.1 Disabling Auditing
If auditing was previously enabled on your system, option 7 displays as
"Disable Auditing."
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 7, now labeled Disable Auditing.
At:
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.9 Adding Kerberos 5
On Modify menu, option 8. but doesn't work. goes to Config Menu
6.10 Adding PKSS Server
PKSS is one tool that can manage passwords.
Refer to the OSF DCE Administration Guide — Core Components volume for further information about ________________________.
-
From the DCESetup Main Menu, choose option 1 Configure. When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press <Return>.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 9 Add PKSS Server.
At:
Press <RETURN> to continue:
-
Press <Return>. The Configuration Choice Menu appears at completion.
6.10.1 Removing a PKSS Server
-
From the Modify Configuration Menu, choose option 9, now labeled Remove PKSS Server
At the prompts:
Enter Principal Name: cell_admin
Password:
-
Enter the Principal Name and Password. (Obtain from your cell administrator)
At:
Press <RETURN> to continue:
-
Press <Return>. The Configuration Choice Menu appears at completion.
6.11 Adding Password Management Server
Password Management Server is a tool for managing passwords
-
From the DCESetup Main Menu, choose option 1 Configure. When asked:
Do you want to proceed with this configuration? (y/n/?) [y]:
-
Press Return.
At the Configuration Choice Menu:
-
Choose option 6 Modify DCE cell configuration.
-
There, choose option 8 Add Password Management Server.
At:
At the prompts:
Enter Principal Name: cell_admin
Password:
-
Enter the Principal Name and Password. (Obtain from your cell administrator)
At the prompt:
Do you wish to delete this principal now? (y/n/?) [y]:
-
Press Return.
At the prompt:
Do you wish to delete these objects? (y/n/?) [y]:
-
Press Return.
At
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.11.1 Removing a Password Management Server
-
From the Modify Configuration Menu, choose option 8, now labeled Remove Password Management Server
At the prompts:
Enter Principal Name: cell_admin
Password:
-
Enter the Principal Name and Password. (Obtain from your cell administrator)
At:
Press <RETURN> to continue:
-
Press Return. The Configuration Choice Menu appears at completion.
6.12 Registering a Cell in X.500
To search for destinations in other cells requires connection with a directory service database. All cross-cell directory name searches are controlled by the global directory agent (GDA), which looks up foreign cell information on behalf of an application in either the Domain Naming Service (DNS) or X.500 database.
NOTE:
See Section 3.2.5, Intercell Naming.Also, Explanations of the X.500
database are available in the OSF DCE Administration Guide
http://support.entegrity.com/private/doclib/docs/osfhtm/admin/adminint/
contents.htm . Start at Section 2.1.1, Establishing a GDS Cell Name.
See also the OSF DCE Application Development Guide - Directory Services,
Section 4.3, X.500 Naming Concepts
http://support.entegrity.com/private/doclib/docs/osfhtm/develop/dirsrvs/
dirsr136.htm
-
Choose option 14 > 13 ? ? to set up communications between your configured cell and the X.500 directory service.
*** Modify Configuration Menu ***
...
13) Register in X.500
R) Return to previous menu
You next see the X.500 menu, listing the object classes
VERIFY HEADING OF X.500 MENU especially 11
*** X.500 Menu ***
1) Organizational Unit
2) Organization
3) Organization Role
4) Country
5) Locality
6) Application Entity
7) Application Process
8) Group of Names
9) Device
10) Person
11) Return to Main Menu >R ? <
Please enter the object class for cell (or '?' for help):
-
Be sure that the X.500 object classes are set up, in the right sequence; the more general (option 4) Country before the more specific (option 2) Organization, then the most specific (option 1) Organizational Unit.
For example, if your cell name is
/.../c=mycountry /o=mycompany/ou=mylocation,
the superior entries, c=mycountry/o=mycompany must exist prior to
establishing the ou=mylocation choosing the cell registration option,
(option 14 > 13 ? ? ) in the Modification Menu.
-
Enter the X.500 object class corresponding to your cell name. For example, if your cell name is /.../c=mycountry /o=mycompany/ou=mylocation, the object class is Organizational Unit (option 1).
Every entry in X.500 is classified according to the characteristics of the
real world object that it represents. Before the cell entry can be created in
the X.500 directory, you must specify the class of the entry.
If the cell entry exists, you are asked to confirm if the cell attribute
information needs to be replaced. IF NO CELL ENTRY ? ?
-
Confirm the cell attribute information, or correct it.
Entegrity cell registration, which is compatible with OSF DCE GDS, saves
the cell information in special CDS-Cell and CDS-Replicas attributes.
If the cell registration fails, the following error is displayed:
*** Error: Unable to register cell information in X.500
-
If the cell registration fails, refer to the dcesetup log file /opt/dcelocal/dcesetup.log for more information. >> ? MORE STEPS ? <
If the cell registration procedure is completed successfully, the Modify Configuration Menu is redisplayed.
[Previous]
[Next]
[Contents]
[Index]
To make comments or ask for help, contact
support@entegrity.com.
Copyright © 2001-2004 Entegrity Solutions Corporation & its subsidiaries