Patch Name: PHSS_16143 Patch Description: s700_800 10.20 Authorization Server A.03.00 patch bundle #5 Creation Date: 98/08/24 Post Date: 99/01/13 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: Authorization Server A.03.00 Filesets: PrAS-AuthServer.ASSVR-RUN,A.03.00 PrAS-Core.ASCO-ENG-A-MAN,A.03.00 PrAS-Core.ASCO-ENG-A-MSG,A.03.00 PrAS-Core.ASCORE-RUN,A.03.00 PrAS-HPUXClient.ASCLT-HPUX,A.03.00 PrAS-Win32Client.ASCLT-WIN32,A.03.00 PrAS-WinClient.ASCLT-WIN,A.03.00 Automatic Reboot?: No Status: General Superseded Critical: No (superseded patches were critical) PHSS_14850: OTHER Refer to SR# 4701387738 Inquiries against Pr/AS runtime database fail or return false information when the Engine is on an HP-UX multiprocessor system. Path Name: /hp-ux_patches/s700_800/10.X/PHSS_16143 Symptoms: PHSS_16143: WARNING: PLEASE REFER TO THE SPECIAL INSTALLATION INSTRUCTIONS BELOW, BEFORE INSTALLING THIS PATCH. 1. Symptoms for SR # 4701398883 ... odss_inq_interfaces performance problem when using FUNCTION_ACCESS entitlement to create large numbers of interface/operation priv row combinations. PHSS_15579: 1. Symptoms for SR # 4701395210 Create database backup files in an automated fashion. 2. Symptoms for SR # 4701395228 authu_batch "modify_profile" command does not handle double-quoted characters. 3. Symptoms for SR # 4701395236 After PHSS_14593 installed, enable entitlements flag is not shown correctly. PHSS_15464: 1. Symptoms for SR # 4701392464 The authu_batch command times out when enabling principals with many (about 1,000) privilege rows. 2. Symptoms for SR # 4701392472 The authu_batch command fails in various ways when many privileges are provided in an input file. Failures include "authorization denied". PHSS_15003: 1. Symptoms for SR # 4701390054 Create Principal interfaces return error if setting DCE ERA parameters "PRIN_DISABLE_TIME_INTERVAL" and "PRIN_MAX_INVALID_ATTEMPTS". Error returned is "Invalid External Data". 2. Symptoms for SR # 4701390070 Create Principal interfaces cause authu process to abort with coredump if setting DCE ERA parameter "PRIN_PWD_SECUREWARE_CHK". 3. Symptoms for SR # 4701390294 On Windows 95 and NT, attempts to start a second concurrent process using libt library OdssMsgHdl.DLL results in the following error printed to stdout: "Mutex: Can't create uniquely named mutex in initTraceForMsgHdl()". 4. Symptoms for SR # 4701390104 In Admin GUI, the Test Privileges page with the title "Gather Transaction Data" comes up with an editable year field which is 4 digits wide, but by default diplays only the last 2 digits of the current year. Any attempts to enter a value outside of the range 80...130 result in an automatically failed test. This includes attempts to set the year explicitly past the year 1999. This defect is considered a "Year 2000" limitation. 5. Symptoms for SR # 4701390211 May cause a replica to not start up. PHSS_14850: 1. Symptoms for SR # 4701387639 odss*_inq_*() API call incorrectly returns denied and authpd.log reports odss_s_why_denied4 at dm_retrieve_record()2. 2. Symptoms for SR # 4701387019 The nsapi authpif daemon refuses all authorization requests after 10 hours of continuous operation. 3. Symptoms for SR # 4701387654 The tar file /opt/odss/odss_ito.tar that contains files required to configure Pr/AS into IT/Operations is missing two files, "AS_p.sh" and "AS_1.sh". 4. Symptoms for SR # 4701387449 odss_s_why_denied* message filling up authpd.log log file. 5. Symptoms for SR # 4701387456 ODSS_authz_config failed during the initial config in replicated DCE environement. 6. Symptoms for SR # 4701387704 Can not configure a system where hostname is not the same as nodename -a. 7. Symptoms for SR # 4701387217 Create Entitlement does not work with SSL and systems identified by ip addresses. 8. Symptoms for SR # 4701387225 The performance of Authu was increased. 9. Symptoms for SR # 4701387746 Customer needs to monitor authu heap usage so that authu can be stopped and restarted before the authu memory leak (see SR#4701353524) causes authu to abort. 10. Symptoms for SR # 4701387738 When Pr/AS engine is running on a K260 HP 9000 with 4 CPUs, inquiries against the Informix runtime database begin to fail or return false information. The only solution is to shut down the engine and restart. 11. Symptoms for SR # 4701380162 When the Create Puser Callout facility is used in the Administrative GUI Create Principal page to insert a ppid value greater than 117 bytes in length, the Administrative GUI cgi program aborts without creating the principal. 12. Symptoms for SR # 4701380170 In Authorization Server version A.02.00, the odss_inq*() APIs return a 0 (granted) when privilege records are requested by none are returned (count=0). Beginning with Authorization Server version A.02.10, beginning with patch PHSS_12681, the odss_inq* APIs return a nonzero value (denied) when privilege records are requested but none are returned. 13. Symptoms for SR # 4701380154 The hardware and software requirements documented in the version A.02.10 Release Notes (pn B5196-90010) for the Authorization Server Engine are inadequate to support the optimal performance of the Engine in a realistic production environment. Also, the current Informix database created during product configuration is too small to support a realistic production environment. 14. Symptoms for SR # 4701380147 The performance of the Authorization Server Engine administrative functions to create and enable principals decreases as the number of principals in the runtime Informix database increases. 15. Symptoms for SR # 4701380188 The performance of odss*_inq_*() API calls decrease as the number of principals in the runtime Informix database increases. Defect Description: PHSS_16143: 1. Defect description for SR # 4701398883 ... Too many priv rows were being retrieved unnecessarily, so time was being wasted filtering these extra priv rows. The problem was exacerbated because the buffer used to handle the retrieved results was too small. PHSS_15579: 1. Defect description for SR # 4701395210 This Enhancement enables use of authu_batch in cron jobs. It does so by creating a principle and corresponding keytab file with privileges to run authu_batch. Details can be found on the 2 new Man pages that are part of this patch: ODSS_create_keytab.8 and ODSS_delete_keytab.8 (Also, Man page authu_batch.1 was modified.) Also, 2 new scripts are included with this patch: ODSS_create_keytab and ODSS_delete_keytab - these can be used to create and delete the principal and corresponding keytab file. 2. Defect description for SR # 4701395228 An enhancement was done earlier to allow use of double-quoted characters in authu_batch commands. All commands were modified except modify_profile which was missed - this patch corrects that omission. 3. Defect description for SR # 4701395236 After PHSS_14593 was installed, it was found that the value of the enable entitlement flag was not being shown correctly in the admin GUI or when checked using authu_batch. This did not impact successful running of Pr/AS (entitlements were Enabled even if they showed as Disabled), but it caused confusion administering Pr/AS. The fix causes the value of the flag to be correctly reported. PHSS_15464: 1. Defect description for SR # 4701392464 The authu_batch command, when processing a request to either create or enable a principal that contains a large number of privilege rows, will time out before the transaction is completed. This occurs for three primary reasons: * The overhead associated with the large number of runtime database transactions. * The excessive number of Level 3 business checks with authpd for each database transaction. * The excessive number of self-view status requests made by authu_batch during each transaction. 2. Defect description for SR # 4701392472 The authpd daemon experiences a memory leak problem whenever a request from administrative interfaces (authu_batch or Admin GUI) results in large numbers of transactions. Eventually, the authpd heap reaches the maximum size defined by the kernel parameter maxdsiz (default is 67 Mb) and is unable to process any further inquiry or evaluation requests due to memory allocation errors, returning nothing but "authorization denied" error messages. In addition, when authu_batch is run with an input file containing more than 40 Kb characters in contiguous and related authu_batch commands against a particular object (entitlements, profiles, or principals), authu_batch will fail. PHSS_15003: 1. Defect description for SR # 4701390054 A string length max of 24 characters is used in many places in the product, including the variables that pass DCE ERA parm names. Since PRIN_DISABLE_TIME INTERVAL and PRIN_MAX_INVALID_ATTEMPTS are literals with more than 24 characters, they are truncated to 24 characters, causing errors when other code attempts to compare the truncated name with the untruncated name. 2. Defect description for SR # 4701390070 Cause of the authu abort is unknown. 3. Defect description for SR # 4701390294 The trace function uses a module to initialize trace. This module is called automatically when the OdssMsgHdl.dll is loaded. This will create the named mutex using the CreateMutex API. Another process that starts up while the first process is still running will do the same thing. There is an error check in the trace initialization routine that looks if the mutex already exists, and if so, will print this error message. Usually this bug does not occur because the mutex is released after a trace log has been performed, but the mutex is never released because the self-extracting zip file that installs the thin client library on a Windows system does not create the default trace and audit log directory "logs" so the first process cannot find the logging directory. 4. Defect description for SR # 4701390104 The source of the problem is in the source file where struct "tm.tm_year" value is used. tm_year is defined as int tm_year; /* years since 1900 */ To enter a value that corresponds to 1998, you would have to enter 98 (98 is displayed) and to enter a value that corresponds to 2000, you would have to enter 100 (100 is displayed). Of course, entering an actual year like "1998" or "2001" would fail because the resulting integer value would be greater than the maximum default ending date of 2030. 5. Defect description for SR # 4701390211 Fix memory allocation bugs in replication. PHSS_14850: 1. Defect description for SR # 4701387639 Occurs when odss*_inq_*() API calls are invoked for a rule consisting of 5 or more priv attrs, and all priv attr values are not explicitly stated in the filter input parameter of the odss*_inq_*() call. Denied may or may not happen depending on the ordering of the priv attrs. Cause is a defect in /opt/odss/lbin/authpd. 2. Defect description for SR # 4701387019 The authpif daemon does not perform a programmatic dce_login in order to renew its authentication ticket; as a consequence, the nsapi plugin API odss-authorize will always return "authorization denied" after the authpif daemon's kerberos ticket has expired. The lab modified the authpif executable to perform a periodic dce_login in order to renew the authentication ticket. 3. Defect description for SR # 4701387654 The tar file /opt/odss/odss_ito.tar that contains files required to configure Pr/AS into IT/Operations is missing two files, "AS_p.sh" and "AS_1.sh". The tar file has been rebuilt to include these two files. 4. Defect description for SR # 4701387449 odss_s_why_denied[1-5]: WHY DENIED? ... messages are filling up the authpd.log. The fix eliminates the above messages from appearing in the authpd.log during normal processing. The messages are still available through the product trace facility. 5. Defect description for SR # 4701387456 ODSS_authz_config may fail in initial config but OK after doing an ODSS_authz_config -unconfig in a replicated DCE setup. The fix should reduce the chance of ODSS_authz_config from failing due to delay caused by DCE replication overhead. 6. Defect description for SR # 4701387704 Hostname and uname -a were used interchangeably in the configuration scripts. 7. Defect description for SR # 4701387217 The codebase statment in Create Entitlement needed to be changed to the default. 8. Defect description for SR # 4701387225 The performance of Authu was increased. 9. Defect description for SR # 4701387746 A utility is provided that enables a customer to monitor authu heap usage so that authu can be stopped and restarted before the authu memory leak (see SR#4701353524) causes authu to abort. 10. Defect description for SR # 4701387738 On a multiprocessor (MP) system, the Engine runtime database requires HP-UX patch PHKL_14569, requires that two onconfig.odss database configuration parms be set to indicate an MP system, and HP-UX kernel parms need to be set for a "monolithic" environment. Authpd and authpa must be modified to handle Informix errors returned on an MP system. 11. Defect description for SR # 4701380162 String handling characteristics of the Create Puser Callout facility have been modified to allow a user to insert a ppid value of up to 1023 bytes in length (the max allowed size of a ppid value element). 12. Defect description for SR # 4701380170 This is an enhancement for a customer 13. Defect description for SR # 4701380154 With performance enhancements introduced in this patch, a minimum of 200 Mb of disk space is required under /var/opt/odss for the successful creation of an enlarged Informix database. The number of buffers used by the Informix runtime database has been increased to increase runtime performance. For this reason, at least 256 Mb o RAM is recommended for optimal performance of the Engine. 14. Defect description for SR # 4701380147 4701380188 An index was added to the database to increase performance of creating/enabling principals and calls to odss*_inq* API calls. SR: 4701380162 4701380170 4701380154 4701380147 4701380188 4701387639 4701387019 4701387654 4701387449 4701387456 4701387704 4701387217 4701387225 4701387746 4701387738 4701390054 4701390294 4701390070 4701390104 4701390211 4701392464 4701392472 4701395210 4701395228 4701395236 4701398883 Patch Files: /opt/odss/bin/authu_batch /opt/odss/bin/authu_maint /opt/odss/bin/odss_aud_filter /opt/odss/bin/odss_cgi_authz /opt/odss/bin/odss_cgi_inq /opt/odss/bin/odss_errtext /opt/odss/bin/odss_rep_admin /opt/odss/bin/odsst_authz_eval /opt/odss/bin/odsst_errtext /opt/odss/bin/odsst_inq_entitlements /opt/odss/bin/odsst_inq_interfaces /opt/odss/client/PCDCE/include/odssmsg.h /opt/odss/examples/odsst/NTSELFZIP.EXE /opt/odss/gui/odss/cgi-bin/odss_admin_gui.cgi /opt/odss/include/odss/odssmsg.h /opt/odss/lbin/ODSS_authz_cds_entry /opt/odss/lbin/ODSS_authz_raima_create /opt/odss/lbin/ODSS_informix_config /opt/odss/lbin/authpa.informix /opt/odss/lbin/authpd.informix /opt/odss/lbin/authpif /opt/odss/lbin/authu /opt/odss/lbin/initdb.informix /opt/odss/lbin/odss_conf_maint /opt/odss/lbin/onconfig.odss /opt/odss/lbin/rep_create_db /opt/odss/lib/adm_authu.dbd /opt/odss/lib/libauthl.sl /opt/odss/lib/libecallout.sl /opt/odss/lib/libodssb.sl /opt/odss/lib/libodssd.sl /opt/odss/lib/libodssg.sl /opt/odss/lib/libodssmsghdl.sl /opt/odss/lib/libodssnsapi.sl /opt/odss/lib/libodsst.sl /opt/odss/lib/libucall.sl /opt/odss/lib/nls/msg/C/Hplibodss.cat /opt/odss/lib/qdm_authu.dbd /opt/odss/odss_ito.tar /opt/odss/sbin/ODSS_authz_add_runtime_space /opt/odss/sbin/ODSS_authz_chkdsize /opt/odss/sbin/ODSS_authz_config /opt/odss/sbin/ODSS_authz_startup /opt/odss/sbin/ODSS_authz_status /opt/odss/sbin/ODSS_authz_switchlogs /opt/odss/sbin/ODSS_authz_unconfig /opt/odss/sbin/ODSS_create_keytab /opt/odss/sbin/ODSS_delete_keytab /opt/odss/share/man/man1.Z/authu_batch.1 /opt/odss/share/man/man8.Z/ODSS_create_keytab.8 /opt/odss/share/man/man8.Z/ODSS_delete_keytab.8 what(1) Output: /opt/odss/bin/authu_batch: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/authu_maint: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odss_aud_filter: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/bin/odss_cgi_authz: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odss_cgi_inq: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odss_errtext: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/bin/odss_rep_admin: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/bin/odsst_authz_eval: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odsst_errtext: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odsst_inq_entitlements: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/bin/odsst_inq_interfaces: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/client/PCDCE/include/odssmsg.h: None /opt/odss/examples/odsst/NTSELFZIP.EXE: None /opt/odss/gui/odss/cgi-bin/odss_admin_gui.cgi: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/include/odss/odssmsg.h: None /opt/odss/lbin/ODSS_authz_cds_entry: None /opt/odss/lbin/ODSS_authz_raima_create: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ yaccpar 1.6 88/02/08 SMI /opt/odss/lbin/ODSS_informix_config: None /opt/odss/lbin/authpa.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_16143) Wed Aug 12 11:14:08 PDT 1998 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqcomm.c 9.14 1/25/94 iqconnct.c 9.50 1/13/93 12:18:51 iqdynsql.c 9.4 1/14/93 15:57:25 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 osdshift.c 9.3 8/28/92 18:10:15 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /opt/odss/lbin/authpd.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_16143) Wed Aug 12 11:14:08 PDT 1998 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqcomm.c 9.14 1/25/94 iqconnct.c 9.50 1/13/93 12:18:51 iqdynsql.c 9.4 1/14/93 15:57:25 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 osdshift.c 9.3 8/28/92 18:10:15 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /opt/odss/lbin/authpif: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/lbin/authu: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lbin/initdb.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqconnct.c 9.50 1/13/93 12:18:51 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqcomm.c 9.14 1/25/94 iqdynsql.c 9.4 1/14/93 15:57:25 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 osdshift.c 9.3 8/28/92 18:10:15 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 PATCH/10.20:PHCO_10027 libc.a_ID@@/main/r10dav/libc_ dav/libc_dav_cpe/7 /ux/core/libs/libc/archive_pa1/libc.a_ID Feb 7 1997 16:44:21 /opt/odss/lbin/odss_conf_maint: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/lbin/onconfig.odss: None /opt/odss/lbin/rep_create_db: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/lib/adm_authu.dbd: None /opt/odss/lib/libauthl.sl: None /opt/odss/lib/libecallout.sl: None /opt/odss/lib/libodssb.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lib/libodssd.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lib/libodssg.sl: None /opt/odss/lib/libodssmsghdl.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lib/libodssnsapi.sl: Version 1 odss_nsapi.slJun 17 1998 /opt/odss/lib/libodsst.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lib/libucall.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_15579) Mon Jun 22 18:08:09 PDT 1998 /opt/odss/lib/nls/msg/C/Hplibodss.cat: None /opt/odss/lib/qdm_authu.dbd: None /opt/odss/odss_ito.tar: HP Authorization Server Registration File /opt/odss/sbin/ODSS_authz_add_runtime_space: None /opt/odss/sbin/ODSS_authz_chkdsize: None /opt/odss/sbin/ODSS_authz_config: None /opt/odss/sbin/ODSS_authz_startup: None /opt/odss/sbin/ODSS_authz_status: None /opt/odss/sbin/ODSS_authz_switchlogs: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/sbin/ODSS_authz_unconfig: None /opt/odss/sbin/ODSS_create_keytab: None /opt/odss/sbin/ODSS_delete_keytab: None /opt/odss/share/man/man1.Z/authu_batch.1: None /opt/odss/share/man/man8.Z/ODSS_create_keytab.8: None /opt/odss/share/man/man8.Z/ODSS_delete_keytab.8: None cksum(1) Output: 455270779 1060116 /opt/odss/bin/authu_batch 573508590 911484 /opt/odss/bin/authu_maint 3931868888 264676 /opt/odss/bin/odss_aud_filter 939300711 103492 /opt/odss/bin/odss_cgi_authz 1616452965 103676 /opt/odss/bin/odss_cgi_inq 2615580125 91940 /opt/odss/bin/odss_errtext 426944427 612344 /opt/odss/bin/odss_rep_admin 1466363188 55168 /opt/odss/bin/odsst_authz_eval 2294215040 55252 /opt/odss/bin/odsst_errtext 2796413172 55632 /opt/odss/bin/odsst_inq_entitlements 2333557939 55656 /opt/odss/bin/odsst_inq_interfaces 604123084 157911 /opt/odss/client/PCDCE/include/odssmsg.h 722669617 283136 /opt/odss/examples/odsst/NTSELFZIP.EXE 3353774636 1257084 /opt/odss/gui/odss/cgi-bin/ odss_admin_gui.cgi 604123084 157911 /opt/odss/include/odss/odssmsg.h 809718558 16032 /opt/odss/lbin/ODSS_authz_cds_entry 391287404 1668176 /opt/odss/lbin/ODSS_authz_raima_create 3286641768 3650 /opt/odss/lbin/ODSS_informix_config 800916990 1782000 /opt/odss/lbin/authpa.informix 3287419394 2675976 /opt/odss/lbin/authpd.informix 3876102448 185484 /opt/odss/lbin/authpif 3215635927 6956276 /opt/odss/lbin/authu 596718468 1000656 /opt/odss/lbin/initdb.informix 4006712974 123376 /opt/odss/lbin/odss_conf_maint 1267676275 7051 /opt/odss/lbin/onconfig.odss 3866848864 2667348 /opt/odss/lbin/rep_create_db 968330237 5250 /opt/odss/lib/adm_authu.dbd 2588995721 985280 /opt/odss/lib/libauthl.sl 393679908 146756 /opt/odss/lib/libecallout.sl 2530789776 512104 /opt/odss/lib/libodssb.sl 1852646505 876948 /opt/odss/lib/libodssd.sl 2835126609 437480 /opt/odss/lib/libodssg.sl 31845632 155820 /opt/odss/lib/libodssmsghdl.sl 2679685720 191300 /opt/odss/lib/libodssnsapi.sl 3132731495 228904 /opt/odss/lib/libodsst.sl 3923618933 77096 /opt/odss/lib/libucall.sl 2117898851 120159 /opt/odss/lib/nls/msg/C/Hplibodss.cat 1649490436 2845 /opt/odss/lib/qdm_authu.dbd 347191032 163840 /opt/odss/odss_ito.tar 570855360 1635 /opt/odss/sbin/ODSS_authz_add_runtime_space 64333343 474 /opt/odss/sbin/ODSS_authz_chkdsize 463030279 36414 /opt/odss/sbin/ODSS_authz_config 2787125060 28199 /opt/odss/sbin/ODSS_authz_startup 3068157361 45167 /opt/odss/sbin/ODSS_authz_status 1083367440 266580 /opt/odss/sbin/ODSS_authz_switchlogs 4191417391 15814 /opt/odss/sbin/ODSS_authz_unconfig 2811174177 3961 /opt/odss/sbin/ODSS_create_keytab 3685591492 2602 /opt/odss/sbin/ODSS_delete_keytab 3245822155 4694 /opt/odss/share/man/man1.Z/authu_batch.1 2653898101 1131 /opt/odss/share/man/man8.Z/ ODSS_create_keytab.8 3026180382 1074 /opt/odss/share/man/man8.Z/ ODSS_delete_keytab.8 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_14850 PHSS_15003 PHSS_15464 PHSS_15579 Equivalent Patches: None Patch Package Size: 26130 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_16143 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_16143.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_16143.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_16143. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_16143.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_16143.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: *** Please note that this patch contains a schema change.. If you are installing this patch on a system that contains an Authorization Server Engine (Master or Replica) the Authorization Server Engine must be unconfigured prior to installing this patch, then reconfigured after this patch is installed. If you have implemented an Authorization Server Master/Replica Engine strategy, you must first perform steps 1 through 5 and 7 to unconfigure each Replica Engine before you perform steps 1 through 7 to unconfigure the Master Engine. 1. Prior to reconfiguring the Authorization Server Engine, you must ensure that /var/opt/odss has at least 200 MB of disk space available. (Prior to this patch, the requirement was 100 MB.) 2. Prior to reconfiguring the Authorization Server Engine, you should consider increasing the amount of RAM on your HP 9000 computer to at least 256 MB for optimal performance of the Authorization Server Engine with the performance enhancements introduced in this patch. (The minimum requirement for RAM is currently 128 Mb). 3. Login as a root user. 4. Login to DCE (or Pr/SS) as cell_admin. 5. Ensure that all three Authorization Server Engine processes (authpa, authpd, authu) are running. Enter: ODSS_authz_status -b If one or more of the processes are not currently running, start the Authorization Server Engine. Enter: ODSS_authz_startup 6. On the Master Engine system, Use the authu_batch utility to create a backup file of the administrative database. Enter: authu_batch -d > database_backup_file 7. Unconfigure the Authorization Server Engine. Enter: ODSS_authz_unconfig For more information, refer to "Unconfiguring an Authorization Server Engine" in chapter 5 of the "Authorization Server Administrator's Guide" (B5196-90008). 8. Install this patch following instructions provided elsewhere in this document. 9. Carefully compare the new version of the Informix configuration file /opt/odss/lbin/onconfig.odss to the copy of the file /opt/odss/lbin/onconfig.odss.old that was created during patch installation. Compare parameter values in the new version of onconfig.odss against the corresponding values in the copy onconfig.odss.old. For every parameter value in onconfig.odss.old that is greater than the corresponding parameter value found in the new file onconfig.odss, modify the parameter value in the new version of onconfig.odss to match the greater value of the corresponding parameter value in the older copy. 10. While logged in as a root user and logged in to DCE (or Pr/SS) as cell_admin, configure the Authorization Server Master Engine. Enter: ODSS_authz_config 11. Ensure that all three Authorization Server Master Engine processes (authpa, authpd, authu) are running. Enter: ODSS_authz_status -b If one or more of the processes are not currently running, start the Authorization Server Engine. Enter: ODSS_authz_startup 12. If you have implemented a Master/Replica Engine strategy, please perform additional steps described in the section "Installing and Configuring a Replica Engine" located in the "Authorization Server Administrator's Guide". 13. On your Master Engine system, restore your administrative database from the backup file you created prior to installing this patch. Enter: authu_batch -r < database_backup_file