A — Advanced Configuration Parameters

[Previous] [Next] [Table of Contents] [Index]

This appendix describes advanced configuration parameters. It includes the following sections:

A.1 Registry Keys
A.1 Registry Keys
A.2 Environment Variables

A.1 Registry Keys

PC-DCE uses several registry keys that you can modify to fine-tune PC-DCE behavior. These keys are not present in the default configuration; you must create them. In general, if a key is not present, PC-DCE uses the default value.

All keys are subkeys to the key: 

/HKEY_LOCAL_MACHINE/SOFTWARE/Entegrity/DCE/Configuration

SEC_DEFAULT_ENTRY

Discussion

Name of the local profile in the CDS namespace used by the DCE runtime to locate the security server. Refer to Section 6.3.3 on page 100.

Default

/.:/cell-profile

Example

SEC_DEFAULT_ENTRY:REG_SZ:/.:/alternate-profile

SecdWaitTimeout

Discussion

Maximum number of seconds the PC-DCE service waits for the security server to initialize before concluding that a failure has occurred.

In testing, a security server with 10,000 accounts in the DCE registry, running on a Pentium 133 with 32 Mbytes of memory, took approximately one minute to initialize and become available.

Default

200 seconds

Example

SecdWaitTimeout:REG_DWORD:600

CdsdWaitTimeout

Discussion

Maximum number of seconds the PC-DCE service waits for the CDS server to initialize before concluding that a failure has occurred.

In testing, a security server with 2,000 directories and 20,000 objects in the CDS database, running on a Pentium 133 with 32 Mbytes of memory, took approximately five minutes to initialize and become available.

Default

200 seconds

Example

CdsdWaitTimeout:REG_DWORD:500

CDSUpdateInterval

Discussion

CDS solicit interval for dce_update, in seconds. The shorter the interval, the fresher the cached list of CDS clearinghouses, at the expense of increased network traffic.

Notice that if the NoCDSUpdateThread key is set to 1, no updates occur regardless of the value of this key.

You must restart PC-DCE after modifying this key.

For a more detailed discussion, refer to Section 6.2 on page 92.

Default

3600 seconds

Example

CdsUpdateInterval:REG_DWORD:600

NoCDSUpdateThread

Discussion

Enables or disables the CDS solicit function in dce_update.

You must restart PC-DCE after modifying this key.

For a more detailed discussion, refer to Section 6.2 on page 92.

Values

0
1
enable
disable
Default

Enabled

Example

NoCDSUpdateThread:REG_DWORD:1

MapNtToDceExceptions

Discussion

Enables or disables NT-to-DCE exception mapping for all DCE daemons and applications running on the system.

When mapping is enabled, PC-DCE attempts to handle NT exceptions. Windows NT does not display an error dialog or log the exception in the Event Log.

NOTE: To enable NT-to-DCE exception mapping for an individual application, use the call __exc_w32_to_dce_map_set(1).

Default

False

Example

MapNtToDceExceptions:REG_SZ:True

SECUpdateInterval

Discussion

Security server solicit interval for dce_update, in seconds. The shorter the interval, the fresher the contents of the pe_site file, at the expense of increased network traffic.

Notice that if the NoSECUpdateThread key is set to 1, no updates occur regardless of the value of this key.

You must restart PC-DCE after modifying this key.

For a discussion, refer to Section 6.3.2 on page 100.

Default

3600 seconds

Example

SECUpdateInterval:REG_DWORD:600

NoSECUpdateThread

Discussion

Enables or disables the security server solicit function in dce_update.

You must restart PC-DCE after modifying this key.

For a discussion, refer to Section 6.3.2 on page 100.

Values

0
1
enable
disable
Default

Enabled

Example

NoSECUpdateThread:REG_DWORD:1

A.2 Environment Variables

This section provides information about environment variables that can be modified for use with PC-DCE.

A.2.1 Variables for Tuning sec_key_mgmt_manage_key()

PC-DCE provides environment variables you can use to modify the sec_key_mgmt_manage_key() API function. This function is used by DCE daemons to manage their respective keys.

The sec_key_mgmt_manage_key() function by default checks password information for a principal as noted below:

You can set environment variables by opening the Control Panel, selecting the System icon and clicking the Environment Tabbed Dialog.

DCE_SEC_KEYMGMT_WAKEUP_INTERVAL

Represents how often (in seconds) that the sec_key_mgmt_manage_key() function should check a principal's password information to verify that its expiration hasn't been changed.

For example, on a DCE client all the daemons run under the machine/host principal hosts/hostname/self. The password for this machine principal is set so that it will never expire. So, if DCE_SEC_KEYMGMT_WAKEUP_INTERVAL is set to a value of 7200 (2 hours), all the daemons will check with their Security servers about changes in password expiration settings once every 2 hours instead of the default of every 10 minutes.

DCE_SEC_KEYMGMT_GRACE_PERIOD

Represents the grace period (in seconds) during which the sec_key_mgmt_manage_key() function should check a principal's password information before the password is due to expire.

Assume that the password expiration for an application server principal is set to 5 hours.

By setting the DCE_SEC_KEYMGMT_WAKEUP_INTERVAL to 10800 (3 hours) and setting DCE_SEC_KEYMGMT_GRACE_PERIOD to 300 (5 minutes), the sec_key_mgmt_manage_key() will check with the security server once every 3 hours and wake up 5 minutes before the key is due to expire.

A.2.2 Variable for Multi-homed Machines

RPC_UNSUPPORTED_NETIFS

Contains a list of TCP/IP addresses that PC-DCE should not export bindings on. This variable may be useful in multi-homed machines. The list should be space delimited; for example: 

192.93.110.1 205.67.164.5

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Portions of this document were derived from materials provided by Compaq Computer Corporation. Copyright © 1998-2003 Compaq Computer Corporation.

Copyright © 2003 Entegrity Solutions Corporation & its subsidiaries.

All rights reserved.