home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 29 Fixes_o
/
29-Fixes_o.zip
/
ub10971.zip
/
UB109713.DSK
/
README.TXT
< prev
next >
Wrap
Text File
|
1994-07-12
|
13KB
|
363 lines
UB10971 - README
_________________
This readme file contains some hints
for problems found during our testing and updated information
that did not make our printed publications.
It is divided into the following topics:
o Configuring the APPC Communications More Easily
o Deinstalling DCAF Version 1.0 Automatically
o Deinstalling DCAF 1.1 Automatically
o Enhancements for DCAF Security
o Installing the CSD Fixes on a DOS Target
o Installing DCAF CSD with Corrective Service Facility
o Installing DCAF Components Directly and Using the
Packager on the Same Workstation
o Personalization for Secure Gateways
o Personalization Utilities
o Listing Fixes Included in this CSD
CONFIGURING THE APPC COMMUNICATIONS MORE EASILY
You do not have to define the
CNOS entry in the .NDF configuration file
for the Communications Manager.
Therefore, the paragraph "Updating the CNOS Definitions
Profile" on page 108 of the DCAF Installing
and Using manual (S68G-6824) is superfluous.
DEINSTALLING THE DCAF VERSION 1.0 AUTOMATICALLY
o When you use the DCAF Packager to upgrade
from DCAF Version 1.0 to DCAF 1.1 remotely,
you must first deinstall DCAF Version 1.0
from the workstation.
To optimize this process, this CSD enables
you to deinstall DCAF 1.0 automatically
with two OS/2 executable files,
EQNDST10.EXE and EQNINDST.EXE.
Note: This program does NOT deinstall the DCAF
Version 1.1.
To start deinstallation, do the following:
1. Copy the two OS/2 executable files,
EQNDST10.EXE and EQNINDST.EXE, onto the
workstation where you want to deinstall DCAF.
2. At the command prompt or in a command
file (.cmd), type:
EQNDST10.EXE.
Note: If you have the DCAF 1.03 French
version installed, type:
EQNDST10.EXE /F
3. When the program stops running,
restart the workstation.
4. To erase all trace of DCAF,
delete the EQNINDST.EXE file from the
boot drive of the workstation and
restart the workstation again.
EQNDST10.EXE detects DCAF Version 1.0, deletes the DCAF
group, updates the CONFIG.SYS file and deletes all
the DCAF files except the ones in use.
It also installs EQNINDST.EXE on the workstation.
EQNINDST.EXE, which runs automatically when
the workstation is restarted,
deletes the remaining DCAF files.
DEINSTALLING DCAF 1.1 AUTOMATICALLY
o The DCAF 1.1 deinstallation component has been improved so that
it can be run remotely without requiring any user intervention.
The new deinstallation procedure must be started with parameter
/n to run without prompting the user for confirmation.
If no parameter is specified, the deinstallation requires user
intervention to proceed.
ENHANCEMENTS FOR DCAF SECURITY
o Some utilities are provided for the security components:
1. Key-encrypting Key Update Utility
---------------------------------
This utility allows to update one or more Authenticators'
Key-encrypting keys at the Administrator and the Authenticators
workstations from the command line.
The utility consists of two modules: one is run on the
Administrator workstation, the another on the Authenticator
workstation.
Administrator module: EQNUTAD1.EXE
This utility takes as parameters the name of a text file which maps
authenticator names to new KEKs specified as 32 hexadecimal
characters (default eqnutad1.txt) , the column position of an
authenticator name in each line of the file (1-9999, default 1), the
size of the authenticator name (1-9999, default 12), and the column
position of a new KEK in each line of the file (1-9999, default 13).
The length of the new KEK must be 32 characters.
If a longer key is specified in the file, only the first 32 chars
are taken into account, the others being ignored. If the keys
specified are shorter than 32 chars, an error will be displayed.
The utility reads the information in the file, searches for the
authenticator name in the administrators authenticator's database,
and if found updates the KEK for the authenticator to the specified
new KEK.
Authenticator workstation (for workstations with an IBM 4755
cryptographic card):
When executed at the authenticator, this part of the utility
indicates to the authenticator that the KEK has been changed and
that it can be found in the 4755 crypto card key label DCAFKEK.NEW.
This needs to be executed at the authenticator's workstation AFTER
the KEK has been stored in the DCAFKEK.NEW label by the customer
through whatever means he chooses.
2. Change Retry Limit for Password
-------------------------------
This utility EQNUTAU2.EXE updates the retry limit on a security
Authenticator from the command line. The retry limit is the maximum
number of attempts to be authenticated with an invalid pass phrase
before the UserID is revoked. The utility takes the new retry limit
as a parameter, the valid range is 1-255. No default is provided.
INSTALLING DCAF CSD WITH CORRECTIVE SERVICE FACILITY
The Corrective Service Facility can be installed one of two ways. For
the customer who wants to install the CSD using the standard defaults,
a default response file has been created allowing the customer to
boot diskette one and install the CSD.
For the customer who wants to change the default set of products or
the default set of directories, insert CSD diskette one in the
A: drive and type A:\SERVICE from an OS/2 command prompt. The main
window contains a list of products that are found on the system
which are eligible for service. Select those products you want to be
serviced by highlighting the appropriate entries in the Products list.
All eligible products are initially selected.
NOTE: Prior to service the DCAF, the user MUST close the existing
processes of it in order to avoid that some files will remain
locked by them(i.e. LAN Directory, etc.).
To view the currect level(s) of the products on your system, select CURRENT
from the LEVELS menu. To view the new level(s) of the products on the
corrective service diskettes, select NEW from the LEVELS menu.
The service utility updates files in a set of directories associated with
each selected product. To view and/or change the set of directories,
choose SELECT DIRECTORIES from the OPTIONS menu.
Once all selections have been made, select SERVICE to start the service
process.
You WILL NOT be able to terminate the service process after it is started.
After Service process terminate, reboot the workstation.
A service log is provided for installation verification:
<BOOTDRIVE>:\OS2\INSTALL\SERVICE.LOG
where <BOOTDRIVE> is the partition from which you IPLed
Subsequent installs will be appended to the service log.
LIMITATIONS: IBM model 9557, 9556 and Thinkpad are serviceable only
via command line with the command A:\SERVICE
INSTALLING THE CORRECTIVE SERVICE DISKETTE FIXES ON A DOS TARGET
o The CSD diskettes update all DCAF modules installed on any
OS/2 workstation automatically.
To update a DOS workstation, do the following:
1. Run the CSD on the OS/2 workstation where the
DCAF packager component is installed.
2. Make a package for a DOS Target.
3. Install the package on a DOS workstation.
INSTALLING DCAF COMPONENTS DIRECTLY AND USING THE PACKAGER ON THE
SAME WORKSTATION
o When you install DCAF directly and, subsequently, install
DCAF components using the packager on the same workstation,
any original DCAF personalization options
can be substituted by the personalization options
in the DCAF package. This problem most likely occurs when
you install a security authenticator directly
and, subsequently, other components using the packager
on the same workstation.
To avoid this problem, install the components in the
following order:
1. Create a DCAF package with all the desired components.
2. Unpack the package on the workstation.
3. Restart the workstation.
4. Install the Authenticator component from the DCAF diskettes.
5. Restart the workstation.
6. Apply the DCAF CSD to the workstation.
PERSONALIZATION FOR SECURE GATEWAYS
o The Authenticator name in the personalization for a secure Gateway
is now case insensitive, while the DCAF Installing and Using manual
(S68G-6824) says it is case sensitive.
PERSONALIZATION UTILITIES
o The new DCAF contains some utilities to update some personalization
parameters from the command line. The utilities are the following:
1. Utility for updating the Authenticator name
-------------------------------------------
This utility EQNRPLAN.EXE updates the Authenticator name for
the following DCAF components:
- Secure Gateway
- Authenticator
Since the Authenticator name cannot be longer than 12 chars, if
a longer name is specified, it is truncated to 12 chars.
The string is case sensitive.
Invoke this program from the directory where the DCAF is installed.
When complete, remember to restart the workstation.
Example:
========
to change the Authenticator name to AUTHNEW, type:
<drive>:\<directory>\EQNRPLAN AUTHNEW
2. Utility for updating the LAN Directory name
-------------------------------------------
This utility EQNRPLLD.EXE updates the LAN Directory name for the
following components:
- Gateway
- Target for OS2
- LAN Directory
Since the LAN Directory name cannot be longer than 12 chars, if
a longer string is passed to the program, it is truncated to 12
chars. The string is case sensitive.
Invoke this utility from the directory where the DCAF is installed.
When complete, remember to restart the workstation.
Example:
========
to change the LAN Directory name to LANNEW, type:
<drive>:\<directory>\EQNRPLLD LANNEW
3. Utility for updating the Authenticator Adapter Addresses
on a secure OS2 target workstation
--------------------------------------------------------
This utility EQNRPLAA.EXE updates the Authenticator UAA
for a secure OS2 Target workstation.
This program updates two parameters, the primary and secondary
UAA on the secure Target.
The first parameter is required, the second is optional;
if you specify only the first parameter, then the program
assumes that the second parameter matches the first.
If you include more than two parameters, the program takes
only the first two.
Parameters must be exactly 12 hexadecimal characters long.
if you enter a longer string, the program truncates it
to the 12th character.
The string(s) must be valid UAA(s).
In order to be able to run this utility successfully, you
must type "***" for both the primary and secondary authenticator
UAA when installing the Target or when creating the package
for it.
Notes:
======
- Make sure that the Target component is not running when you
run the utility
- Invoke the utility from the directory where the DCAF is installed
- This utility can be successfully run on the same target only
once.
Example:
========
to change the Authenticator UAA to:
Primary AA: 10005AAE9167
Secondary AA: 10005AAE4355
type:
<drive>:\<directory>\EQNRPLAA 10005AAE9167 10005AAE4355
LISTING OF FIXES INCLUDED IN THIS CSD (UB10971)
o The list of the fixes included in this CSD is contained in
FIXES.TXT.