dce_config(1m)dce_config(1m)NAMEdce_config - Configures and starts up DCE
SYNOPSISdce_config [-i] [-e environment_file] [-c command_file]
OPTIONS
The -i option tells dce_config to look in the /etc directory of the
install area (which is generally /opt/dce1.0/etc) for the component
scripts it needs to run. After you have invoked dce_config once with
the -i option, you do not need to use the option again. The -e option
causes dce_config to source environment_file at startup. environ‐
ment_file is a user-created file that sets the DCE and DFS variables
that specify responses to the dce_config user prompts. Note that if
you do not specify the -e option, dce_config looks for the
/etc/opt/dce/dce_config.conf file and sources it if it exists. If the
file does not exist, it uses shell variable settings if they are set.
The -c option causes dce_config to source command_file at startup. com‐
mand_file is a user-created shell script that initiates configuration
processing.
DESCRIPTION
The dce_config shell command invokes a menu-driven interface that con‐
figures and starts up DCE. The dce_config command displays a hierarchy
of menus and invokes individual configuration routines according to
users' menu selections.
The configuration menu consists of initial cell configuration, addi‐
tional server configuration, and DCE client configuration. The secu‐
rity server and the first CDS server constitute initial cell configura‐
tion.
If you use specify an environment file with the -e option and a command
file with the -c option, you can completely automate dce_config pro‐
cessing.
The Command File
The command file consists of config command lines that specify the com‐
ponent to configure and, for DFS, the type of server.
A sample command file, config.cmd, is provided by with the DCE source.
You can copy the file and use it as supplied or you can use it as guide
to creating your own environment file. The sample file is not copied
to the install tree during DCE installation.
The config lines are in the form: config component
{
client |
gda |
sec {client | server | replica} |
cds {client | server | replica} |
dts {clerk | local | global | ntp-provider | null-
provider}
dfs {client | scm | privatefs | fs | fldb}
} Where Is one of the following values: client—DCE client
configuration gda—GDA configuration sec—Security configuration of any
one of the following: client—Security client machine server—Security
master server machine replica—Security replica machine cds—CDS configu‐
ration of any one of the following: client—CDS client machine server—
CDS initial server machine replica—Additional CDS server machines dts—
DTS configuration of any one of the following: clerk— DTS clerk machine
local—DTS local server machine global—DTS global server machine ntp-
provider—DTS NTP time provider machine null-provider—DTS null time
provider dfs—DFS configuration of any one of the following: client—DFS
client specify scm—System Control machine privatefs—Private File Server
machine fs—File Server machine fldb—File Location Database Server
machine
The Environment File
The Environment file sets the DCE and DFS variables. The file entries
are in the form: variable=value To change a value, simply replace it
with the new value.
A sample environment file, config.env, is provided with the DCE source.
You can copy the file and use it as supplied or you can use it as guide
to creating your own environment file. The sample file is not copied
to the install tree during DCE installation.
The DCE and DFS Variables
The table titled "dce_config Environment Variables" lists the DCE vari‐
ables you can set for dce_config processing. The table titled
"dfs_config Environment Variables" lists the DFS variables you can set.
In the tables, the term default refers to the original setting assigned
to the variable.
┌─────────────────────┬────────────────────────────┐
│Variable │ Value │
├─────────────────────┼────────────────────────────┤
│CACHE_CDS_SERVER │ The name of the CDS server │
│ │ to cache. It is not │
│ │ required that the cached │
│ │ server be the initial CDS │
│ │ Server. Used during CDS │
│ │ client configuration. │
├─────────────────────┼────────────────────────────┤
│CACHE_CDS_SERVER_IP │ The IP address of the CDS │
│ │ server to cache. │
├─────────────────────┼────────────────────────────┤
│CELL_ADMIN │ The principal name of the │
│ │ initial privileged user of │
│ │ the registry database │
│ │ (known as the "registry │
│ │ creator"). Used during │
│ │ Security server configura‐ │
│ │ tion. │
├─────────────────────┼────────────────────────────┤
│CELL_ADMIN_PW │ The default password │
│ │ assigned to the accounts │
│ │ created when the registry │
│ │ database is created, │
│ │ including the account for │
│ │ the registry creator. The │
│ │ default is │
│ │ -dce-. │
├─────────────────────┼────────────────────────────┤
│CELL_NAME │ The name of the cell │
│ │ (without the .../) on │
│ │ which the configuration is │
│ │ being performed. Used │
│ │ during Security server │
│ │ configuration. │
├─────────────────────┼────────────────────────────┤
│CHANGE_PW │ Indicates whether or not │
│ │ dce_config displays 'Pass‐ │
│ │ word must be changed' on │
│ │ exiting when the cell │
│ │ administrator password │
│ │ (CELL_ADMIN_PW) is the │
│ │ same as the default pass‐ │
│ │ word. The default is n. │
│ │ It is recommended that you │
│ │ do not change this value │
│ │ in order to help ensure │
│ │ that the cell administra‐ │
│ │ tor is not assigned a com‐ │
│ │ monly known password. │
│ │ This variable is used in │
│ │ conjunction with the │
│ │ DEFAULT_PW variable. │
├─────────────────────┼────────────────────────────┤
│CHECK_TIME │ Specifies whether or not │
│ │ to check client and server │
│ │ clock synchronization: y │
│ │ indicates the time will be │
│ │ checked; n indicates it │
│ │ will not. The default is │
│ │ y. │
├─────────────────────┼────────────────────────────┤
│DC_DISPLAY_THRESHOLD │ Specifies the messages to │
│ │ write to stdout. Possible │
│ │ values are ERROR, WARNING, │
│ │ SUMMARY, DETAIL, VERBOSE, │
│ │ and DEBUG. The default is │
│ │ SUMMARY. │
├─────────────────────┼────────────────────────────┤
│DC_LOG_THRESHOLD │ Specifies the Minimum pri‐ │
│ │ ority log messages to │
│ │ write to the log file, │
│ │ $DCELOCAL/var/con‐ │
│ │ fig/dce_config.log. Pos‐ │
│ │ sible values are ERROR, │
│ │ WARNING, SUMMARY, DETAIL, │
│ │ VERBOSE, and DEBUG. The │
│ │ default is DEBUG. │
├─────────────────────┼────────────────────────────┤
│DEFAULT_MAX_ID │ The highest value UNIIX ID │
│ │ for principals. The │
│ │ default value is │
│ │ 2147483646, which means │
│ │ that only principals with │
│ │ UNIX IDs lower than │
│ │ 2147483646 can access the │
│ │ cell. It is recommended │
│ │ that you accept the │
│ │ default. Used during │
│ │ Security Server configura‐ │
│ │ tion. │
├─────────────────────┼────────────────────────────┤
│DEFAULT_PW │ Contains the default pass‐ │
│ │ word used when the reg‐ │
│ │ istry is created. This │
│ │ variable is used to deter‐ │
│ │ mine if the cell adminis‐ │
│ │ trator's password │
│ │ (CELL_ADMIN_PW) is the │
│ │ same as the default pass‐ │
│ │ word. When the user exits │
│ │ dce_config, the value of │
│ │ DEFAULT_PW and │
│ │ CELL_ADMIN_PW are checked. │
│ │ If they are the same and │
│ │ if the CHANGE_PW variable │
│ │ is set Y, dce_config │
│ │ issues the warning message │
│ │ Password must be changed. │
│ │ The default for this vari‐ │
│ │ able is -dce-. If your │
│ │ site has a commonly used │
│ │ and known password, change │
│ │ the DEFAULT_PW variable to │
│ │ that password to help │
│ │ ensure that the cell │
│ │ administrator account is │
│ │ not assigned a commonly │
│ │ known password. │
├─────────────────────┼────────────────────────────┤
│DIR_REPLICATE │ Controls the replication │
│ │ of CDS directories when an │
│ │ additional CDS server is │
│ │ being created at DCE con‐ │
│ │ figuration time. The │
│ │ value y will cause │
│ │ dce_config to prompt for │
│ │ more directories to repli‐ │
│ │ cate; n will not. The │
│ │ default is n. │
├─────────────────────┼────────────────────────────┤
│DO_CHECKS │ Controls the display of │
│ │ three prompts. The first │
│ │ is whether or not the │
│ │ Press <RETURN> to con‐ │
│ │ tinue, CTRL-C to exit: │
│ │ prompt is returned when │
│ │ dce_config encounters a │
│ │ non-fatal error. This │
│ │ prompt forces the user to │
│ │ acknowledge the error and │
│ │ offers a way to exit │
│ │ dce_config. The second │
│ │ and third prompt occur │
│ │ during master Security │
│ │ server configuration. │
│ │ They prompt for a UNIX ID │
│ │ number at which the Secu‐ │
│ │ rity server will start │
│ │ assigning automatically │
│ │ generated group UNIX IDs │
│ │ and principal UNIX IDs. │
│ │ If this prompt is turned │
│ │ off, the default is the │
│ │ default described in the │
│ │ DEFAULT_MAX_ID and GID_GAP │
│ │ variables. For the │
│ │ DO_CHECKS variable, y dis‐ │
│ │ plays the prompt; n does │
│ │ not. The default is y. │
├─────────────────────┼────────────────────────────┤
│EXIT_ON_ERROR │ An indication of whether │
│ │ or not dce_config will │
│ │ exit in the event of a │
│ │ fatal error: y indicates │
│ │ that dce_config exits when │
│ │ it encounters a fatal │
│ │ error; n indicates it will │
│ │ not. The default is n. │
│ │ Setting this variable to y │
│ │ or n can help prevent a │
│ │ "here" file from getting │
│ │ out of sync with dce_con‐ │
│ │ fig. │
├─────────────────────┼────────────────────────────┤
│GID_GAP │ The increment above high‐ │
│ │ est currently used GID at │
│ │ which the Security service │
│ │ will start assigning auto‐ │
│ │ matically generated GIDs. │
│ │ The value of this variable │
│ │ is used with the LOW_GID │
│ │ variable to set the start‐ │
│ │ ing point for UIDs auto‐ │
│ │ matically assigned by the │
│ │ Security server. Default │
│ │ is 100. Used in Security │
│ │ server configuration. │
├─────────────────────┼────────────────────────────┤
│HOST_NAME_IP │ The IP address of node on │
│ │ which dce_config is run‐ │
│ │ ning. │
├─────────────────────┼────────────────────────────┤
│KEYSEED │ A character string used to │
│ │ seed the random key gener‐ │
│ │ ator in order to create │
│ │ the master key for the │
│ │ master and each slave │
│ │ database. Each database │
│ │ has its own master key and │
│ │ thus keyseed. Used in │
│ │ Security server configura‐ │
│ │ tion. │
├─────────────────────┼────────────────────────────┤
│LAN_NAME │ For multiple LAN configu‐ │
│ │ rations, the internal name │
│ │ of the LAN (in the LAN │
│ │ profile). Used in CDS │
│ │ server configuration. │
├─────────────────────┼────────────────────────────┤
│LOW_GID │ The value at which the │
│ │ Security server will start │
│ │ assigning automatically │
│ │ generated group IDs. The │
│ │ default is the value of │
│ │ the highest group ID cur‐ │
│ │ rently used on the machine │
│ │ being configured, incre‐ │
│ │ mented by the value of │
│ │ GID_GAP. Although there │
│ │ is no restriction that the │
│ │ value of LOW_GID must be │
│ │ higher than the machine's │
│ │ highest group ID, if you │
│ │ supply a LOW_GID that is │
│ │ less than or equal to the │
│ │ highest currently used │
│ │ group ID, dce_config │
│ │ issues a warning message │
│ │ and prompts the user to │
│ │ reenter LOW_GID. Used in │
│ │ master Security server │
│ │ configuration. │
├─────────────────────┼────────────────────────────┤
│LOW_UID │ The value at which the │
│ │ Security Server will start │
│ │ assigning automatically │
│ │ generated UNIX IDs. The │
│ │ default is the value of │
│ │ the highest UNIX ID cur‐ │
│ │ rently used on the machine │
│ │ being configured, incre‐ │
│ │ mented by the value of │
│ │ UID_GAP. Although there │
│ │ is no restriction that the │
│ │ value of LOW_UID must be │
│ │ higher than the machine's │
│ │ highest UNIX ID, if you │
│ │ supply a LOW_UID that is │
│ │ less than or equal to the │
│ │ highest currently used │
│ │ UNIX ID, dce_config issues │
│ │ a warning message and │
│ │ prompts the user to reen‐ │
│ │ ter LOW_UID. Used in mas‐ │
│ │ ter Security server con‐ │
│ │ figuration. │
├─────────────────────┼────────────────────────────┤
│MULTIPLE_LAN │ An indication of whether │
│ │ or not to configure the │
│ │ node with multiple LAN │
│ │ capabilities: y indicates │
│ │ configure with multiple │
│ │ LAN capabilities, n indi‐ │
│ │ cates do not. Used in CDS │
│ │ configuration │
├─────────────────────┼────────────────────────────┤
│NTP_HOST │ The name of the host on │
│ │ which the NTP time │
│ │ provider server is run‐ │
│ │ ning. Used in DTS Time │
│ │ Provider configuration. │
├─────────────────────┼────────────────────────────┤
│PWD_MGMT_SVR │ The default pathname to │
│ │ the Password Management │
│ │ server, which is $DCELO‐ │
│ │ CAL/bin/pwd_strength. │
│ │ Used in Password Manage‐ │
│ │ ment server configuration. │
├─────────────────────┼────────────────────────────┤
│PWD_MGMT_SVR_OPTIONS │ The default option or │
│ │ options for the Password │
│ │ Management server │
│ │ (pwd_strength). The │
│ │ value of the variable is │
│ │ set to -v (verbose) at │
│ │ server configuration. │
├─────────────────────┼────────────────────────────┤
│REMOVE_PREV_CONFIG │ An indication of whether │
│ │ or not to remove all rem‐ │
│ │ nants of previous configu‐ │
│ │ rations before performing │
│ │ the new configuration: y │
│ │ indicates remove all rem‐ │
│ │ nants; n indicates do not. │
│ │ Be aware that if you set │
│ │ this variable to y, │
│ │ dce_config will stop and │
│ │ remove all configured com‐ │
│ │ ponents each time you con‐ │
│ │ figure any component, and │
│ │ you must reconfigure them │
│ │ all. Used in all compo‐ │
│ │ nent configurations. │
├─────────────────────┼────────────────────────────┤
│REP_CLEARINGHOUSE │ The name for new clearing‐ │
│ │ house. Used in additional │
│ │ CDS server configuration. │
├─────────────────────┼────────────────────────────┤
│SEC_SERVER │ The name of the machine on │
│ │ the the cell's master │
│ │ Security server runs. │
│ │ Used in security client │
│ │ configuration. │
├─────────────────────┼────────────────────────────┤
│SEC_SERVER_IP │ The IP address for server │
│ │ named in SEC_SERVER. │
├─────────────────────┼────────────────────────────┤
│SYNC_CLOCKS │ An indication of whether │
│ │ or not to synchronize all │
│ │ client clocks with the │
│ │ Security server clock: y │
│ │ indicates that client and │
│ │ server clocks will be syn‐ │
│ │ chronized; n indicates │
│ │ they will not. If this │
│ │ variable is set to n, and │
│ │ clocks are out of sync by │
│ │ more than the value speci‐ │
│ │ fied in the TOLERANCE_SEC │
│ │ variable, the user is │
│ │ prompted for whether or │
│ │ not to synchronize them. │
│ │ This variable is valid │
│ │ only if the CHECK_TIME │
│ │ variable is set to y. For │
│ │ DFS machine configura‐ │
│ │ tions, this variable │
│ │ should be set to y. │
├─────────────────────┼────────────────────────────┤
│TIME_SERVER │ Specifies the host that │
│ │ the Security client will │
│ │ try to synchronize its │
│ │ clock against. This host │
│ │ must have a DTS server │
│ │ (dtsd) running on it. The │
│ │ recommended choice for the │
│ │ host is the one running │
│ │ the master Security server │
│ │ (the name specified in the │
│ │ SEC_SERVER variable). │
├─────────────────────┼────────────────────────────┤
│TOLERANCE_SEC │ The number of seconds a │
│ │ client system clock can │
│ │ differ from the Security │
│ │ server system clock before │
│ │ either the user prompted │
│ │ to synchronize clocks or │
│ │ clocks are synchronized │
│ │ automatically. The │
│ │ default is 120 seconds. │
│ │ Both the Security service │
│ │ and the CDS service │
│ │ require that be no more │
│ │ than a 5-minute difference │
│ │ between the clocks on any │
│ │ two nodes in a cell. For │
│ │ a DFS File Location Data‐ │
│ │ base Server, the variable │
│ │ should not be set to less │
│ │ than 90 seconds. │
├─────────────────────┼────────────────────────────┤
│UID_GAP │ The increment above high‐ │
│ │ est currently used UID at │
│ │ which the Security service │
│ │ will start assigning auto‐ │
│ │ matically generated UIDs. │
│ │ The value of this variable │
│ │ is used with the LOW_UID │
│ │ variable to set the start‐ │
│ │ ing point for UIDs auto‐ │
│ │ matically assigned by the │
│ │ Security server. Default │
│ │ is 100. Used in Security │
│ │ server configuration. │
├─────────────────────┼────────────────────────────┤
│UNCONFIG_HOST_PRESET │ The name of the node to be │
│ │ unconfigured. Used with │
│ │ the unconfigure option. │
└─────────────────────┴────────────────────────────┘
┌───────────────────┬────────────────────────────┐
│Variable │ Value │
├───────────────────┼────────────────────────────┤
│AGG_FS_TYPE │ The type of filesystem for │
│ │ the aggregate to be │
│ │ exported. Possible values │
│ │ are native meaning the │
│ │ native file system (e.g. │
│ │ UFS, JFS) or episode mean‐ │
│ │ ing the Episode (LFS) file │
│ │ system. │
├───────────────────┼────────────────────────────┤
│AGG_DEV_NAME │ The device name of the │
│ │ aggregate to be exported, │
├───────────────────┼────────────────────────────┤
│AGG_MOUNT_PATH │ The mount path for the │
│ │ aggregate (e.g. │
│ │ /usr/users). │
├───────────────────┼────────────────────────────┤
│AGG_NAME │ The name to be used for │
│ │ the aggregate to be │
│ │ exported (e.g. user.jlw). │
├───────────────────┼────────────────────────────┤
│AGG_ID │ The unique numerical │
│ │ aggregate ID for the │
│ │ exported aggregate. │
├───────────────────┼────────────────────────────┤
│CACHE_SIZE_RAM │ The number of bytes to use │
│ │ for an in-memory cache. │
├───────────────────┼────────────────────────────┤
│CACHE_SIZE_DISK │ The number of bytes to use │
│ │ for a local disk cache. │
├───────────────────┼────────────────────────────┤
│CACHE_DIR_DISK │ The pathname of the direc‐ │
│ │ tory to use for a local │
│ │ disk cache. │
├───────────────────┼────────────────────────────┤
│CLIENT_CACHE_LOC │ An indication of whether │
│ │ the cache is stored in │
│ │ memory or on disk. │
│ │ machine values are mem │
│ │ meaning the cache is │
│ │ stored in memory or disk │
│ │ meaning the cache is │
│ │ stored on the local disk. │
├───────────────────┼────────────────────────────┤
│CONFIG_NFS_GATEWAY │ An indication of whether │
│ │ or not to configure the │
│ │ DFS client as an NFS gate‐ │
│ │ way. Possible values are │
│ │ y and n; n is the default. │
├───────────────────┼────────────────────────────┤
│EPI_FORMAT_PART │ An indication of whether │
│ │ or not to format a disk │
│ │ partition as an Episode │
│ │ aggregate. Possible val‐ │
│ │ ues are y to format the │
│ │ partition or n to not. │
├───────────────────┼────────────────────────────┤
│EPI_FORCE_INIT │ An indication of whether │
│ │ or not to force the ini‐ │
│ │ tialization of a partition │
│ │ as an Episode aggregate, │
│ │ possibly losing data. │
│ │ Possible values are y or │
│ │ the initialization or n to │
│ │ not. │
├───────────────────┼────────────────────────────┤
│INIT_LFS │ An indication of whether │
│ │ or not to initialize the │
│ │ LFS (using epiinit). Pos‐ │
│ │ sible values are y to ini‐ │
│ │ tialize or n to not. │
├───────────────────┼────────────────────────────┤
│LOAD_LFS_KEXT │ An indication of whether │
│ │ or not to load the LFS │
│ │ kernel extensions. Possi‐ │
│ │ ble values are y to load │
│ │ or n to not. │
├───────────────────┼────────────────────────────┤
│ROOT_FILESET_NM │ The name of the DFS root │
│ │ fileset. │
├───────────────────┼────────────────────────────┤
│SCM_NAME │ The name of the system │
│ │ control machine to be used │
│ │ during configuration. │
├───────────────────┼────────────────────────────┤
└───────────────────┴────────────────────────────┘
Component Scripts
The dce_config script calls component scripts that reside in the
/opt/dcelocal/etc directory (or in the etc directory of the install
area) with symbolic links to /etc. In a custom configuration script,
you can call the component scripts directly and supply the required
input via the environment variables. The names and functions of the
component scripts follows: dce_shutdown—Shuts down all DCE server pro‐
cesses (auditd, dtsd, cdsadv, cdsd, and secd), except for DFS processes
(dfsd) via the dcecp or other control programs. This script must be
run on the machine running the daemon processes. You must be root or
another privileged user to run the script. You should always run the
script before reconfiguring DCE.
If the dce_shutdown script cannot shut down a daemon gently, it sends a
kill signal to all the DCE daemons. If for any reason you do not want
to use a control program, you can execute the script manually. The
dce_shutdown script run with its -f option will find and kill the DCE
daemons. This behavior is the same as that of the dce.clean script,
which was included in DCE R1.0.3 and previous releases. DCE R1.1 does
not include the dce.clean script, but provides the name as a symbolic
link to the dce_shutdown script for the user's convenience. dfs.clean—
Kills DFS server processes. This script must be run on the machine
running the processes. It should be run before reconfiguring DCE.
(Note that some DFS daemon processes cannot be killed by dfs.clean.)
dce.rm [install]—Removes all data and configuration files created by
DCE servers after initial configuration except for data and files cre‐
ated by DFS servers. This script must be run on the machine running the
processes. It should be run before reconfiguring DCE. If you invoke
the script with the install parameter, the script removes the binary
files added during installation. dfs.rm [install]—Removes data and
configuration files created by DFS servers after initial configuration.
This script must be run on the machine running the processes, and dced
must be running on that machine. The dfs.rm script should be run
before reconfiguring DCE. If you invoke the script with the install
parameter, the script removes the binary files added during installa‐
tion. Note that this script invokes the dce.clean script. dce.uncon‐
fig hostname—Removes all DCE clients on hostname from the Security and
Directory service databases. It should be run before reconfiguring a
client machine. dfs.unconfig hostname—Removes the DFS client on host‐
name from the Security and Directory service databases. It should be
run before reconfiguring a client machine. dce_com_env—Sets environ‐
ment variables. dce_config_env—Calls the dce_com_env script that sets
the environment variables. dce_com_utils—Contains common functions
used by dce_config and dfs_config. dce_config_utils—Contains internal
routines used by dce_config scripts. dfs_config—Configures a machine
as a DFS server or client. rc.dce—Starts DCE daemons. This script
cannot be run remotely; it must be run on the machine on which the dae‐
mons are being started. rc.dfs—Starts DCE daemons. This script cannot
be run remotely; it must be run on the machine on which the daemons are
being started.
Privilege Required
You must have root authority to run the dce_config command.
EXIT VALUES
In case of an error, this command repeats requests for correct input.
The user can exit the program from any menu.
RELATED INFORMATION
Books: OSF DCE Administration Guide
dce_config(1m)