Archive-Date: Fri, 19 Nov 2004 11:46:13 -0400 Date: Fri, 19 Nov 2004 11:45:55 -0400 From: bryant@PROCESS.COM Reply-To: Info-TCPware@process.com To: TCPware-Announce@PROCESS.COM Message-ID: <00A3B1B5.CAE571FF.35@triton.process.com> Subject: TCPware ECO kit available: NFSDV3_V562P050 TCPware ECO kit announcement The following ECO kit is now available for TCPware: ECO: NFSDV3_V562P050 Description: Fix ODS-2 access to ODS-5 served disl; fix for i/o error with Linux Release date: 19-NOV-2004 Ranking: 3 Max ranking: 2 Versions: 5.6-2 ftp://ftp.process.com/support/56_2/nfsdv3_v562p050.zip To search the TCPware ECO database, please visit the following URL: http://vms.process.com/eco.html For more information, contact Process Software via: E-mail: support@process.com Phone: 1-800-394-8700 The ECO kit README contents are below. ----------------------------------------------------------- ----------------------------------------------------------------------------- NFSD V3 Patch kit (rev. 5.0) for TCPware V5.6-2 18-NOV-2004 Copyright (c) 2004 by Process Software, LLC This ECO kit provides a new version of the following file for TCPWare 5.6-2: NFSDV3.EXE This VMS installable saveset corrects problems found in the TCPware for OpenVMS NFS Version 3 server. This patch supports TCPware V5.6-2 for OpenVMS VAX v5.5-2 through v7.3 and OpenVMS Alpha v6.2 through v7.3-2. This kit has an ECO ranking of 3 (Corrects a specific problem). The overall ECO rank of this kit is 2. (Recommended; individual component) Included in this kit are fixes for the following D/Es: o D/E 9809: Corrected a problem with READDIRPLUS handling of dircount/maxcount args when verifying buffer size. This problem was resulting in an I/O error with Linux NFS clients. o D/E 9544: Added support for TCPWare ODS-2 NFS client to access ODS-5 exports Change made in rev 4.0: o D/E 9764: Fixed problem with V3 CREATE procedure, corrected handling of EXCLUSIVE type create functionality. Changes made in rev 3.0: o Added support for ODS-5 filesystem. o D/E 9541: Corrects a problem where parsing of ODS-2 directories could result in a hang. Changes made in rev 2.0: o D/E 9359: Cannot move a file from export after upgrade to V3 server. Fixed a problem with the new V3 procedure ACCESS. Changes made in rev 1.0: o Fixed problem with reading & writing to/from very large files (greater than 4 gigabytes) with variable record formats. Support for 64-bit data types added to attribute handling for variable type files. [D/E 8335] o Fixed problem with FSSTAT response (used by clients to show total disk space, etc). Was not supporting very large exports (greater than 4 gigabytes). [D/E 8335] o Fixed intermittent problem with READDIRPLUS handling of directory cache. After any QIO failures during a directory read (to build the directory cache) entries may have been corrupted. This NFSDV3 Version 3 server supports both NFS V2 and V3, and is designed to meet the specification as defined in RFC 1813. Please refer to RFC 1813 for detailed descriptions of the NFS V3 protocol. The existing NFS Server must be shut down before installation by issuing the command: @TCPWARE:SHUTNET NFS To activate the NFS V3 server, configure it by running "@TCPWARE:CNFNET NFS". Select the V3 server when prompted and complete the configuration. NFS V2 server variables set previously will be retained during the configuration. At the end of the configuration, answer "YES" to "Do you wish to restart the NFS-OpenVMS server?" If for any reason you wish to fall back to the V2 server, run "@TCPWARE:CNFNET NFS" and answer "NO" to the question: "Do you want the NFS V3 Server (NFSDV3) [YES]:". Select the V2 server at the next configuration prompt, and when the configuration is complete then answer "YES" to the "Do you wish to restart the NFS-OpenVMS server?" question. *********************************************************************** * PLEASE NOTE: The V2 server (NFSD.EXE) DOES NOT have ODS-5 support. * * Process Software recommends running the V3 NFS server. * *********************************************************************** [End of ECO announcement] ================================================================================ Archive-Date: Fri, 19 Nov 2004 12:13:11 -0400 Date: Fri, 19 Nov 2004 12:11:57 -0500 From: sjames@lortobco.com Reply-To: Info-TCPware@process.com Subject: Star James is having a great time in Charleston, SC To: info-tcpware@process.com Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii I will be out of the office starting 2004-11-19 and will not return until 2004-11-29. I will respond to your message when I return. ================================================================================ Archive-Date: Tue, 30 Nov 2004 18:04:22 -0400 Date: Tue, 30 Nov 2004 17:49:16 -0500 (EST) From: bryant@process.com Reply-To: Info-TCPware@process.com Subject: TCPware ECO kit available: SSH_V562P050 To: TCPware-Announce@TRITON.PROCESS.COM Message-ID: <01LHURBPLT0I0070WR@DELTA.PROCESS.COM> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Transfer-Encoding: 7BIT TCPware ECO kit announcement The following ECO kit is now available for TCPware: ECO: SSH_V562P050 Description: Assorted fixes Release date: 30-NOV-2004 Ranking: 2 Max ranking: 2 Versions: 5.6-2 Requisites: DRIVERS_V562P051 ftp://ftp.process.com/support/56_2/ssh_v562p050.zip To search the TCPware ECO database, please visit the following URL: http://vms.process.com/eco.html For more information, contact Process Software via: E-mail: support@process.com Phone: 1-800-394-8700 The ECO kit README contents are below. ----------------------------------------------------------- ----------------------------------------------------------------------- SSH patch kit (revision 5.0) for TCPware 5.6 15-Nov-2004 Copyright (c) 2002-2004 by Process Software This VMSinstallable saveset provides a new version of the following SSH components: - SSH client (SSH2.EXE) - SSH1 server (SSHD.EXE) - SSH2 server (SSHD2.EXE) - SSH master control program (SSHD_MASTER.EXE) - SSH identity agent program (SSH-AGENT2.EXE) - SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE) - SSH key signer (SSH-SIGNER2.EXE) - SSH loadable executive image (SSHLEI.EXE, LOAD_SSHLEI.EXE, UNLOAD_SSHLEI.EXE) - SSH agent identity manipulation program (SSH-ADD2.EXE) - SSH file copy client (SCP2.EXE) - SSH SFTP client (SFTP2.EXE) - SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE) - A dummy Kerberos 5 shared library (KRB$RTL32.EXE - AXP V7.x) - SSH certificate enrollment program (SSH-CERTENROLL2.EXE) - SSH server configuration template file (SSHD2_CONFIG.TEMPLATE) - SSH configuration procedure (SSH_CONTROL.COM) - The SSH HELP (either in a standalone library or as part of SYS$HELP:HELPLIB.HLB, as determined by the original TCPware install) - The TCPware command definitions (TCPWARE_COMMANDS.COM and TCPWARE.CLD) The following new SSH components are provided: - SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE) - SSH Public Key Server (PUBLICKEY-SERVER.EXE) - SSH client configuration template (SSH2_CONFIG.TEMPLATE) - A dummy Kerberos 5 shared library for VAX V7 (KRB$RTL.EXE) A new version of the following common TCPware utilities are provided: - NETCU utility (NETCU.EXE) - TCPware command definitions (TCPWARE_COMMANDS.COM) This patch is applicable to TCPware SSH on all supported versions of OpenVMS VAX and OpenVMS Alpha. NOTE: The TCPware ECO DRIVERS_V562P051 or later is required and must be installed in order to run SSH after installing the SSH_V562P040 ECO. A system reboot is requred after installing this ECO, to load the new software features. This ECO has a ranking of 2 - Recommended; individual component may fail. --------------------------------------------------------------------------- New Features Public Key Client/Server ------------------------ This ECO kit provides a public-key subsystem and assistant that can be used to add, remove and list public keys stored on a remote server. The public key assistant and server are based upon a recent IETF draft, so other implementations of SSH may not yet offer this functionality. The Publickey assistant can be started with: $ SSHPKA [qualifiers] [[user@]host[#port[] Publickey Assistant Commands ADD key file_name - Transfers the key file_name to the remote system. The file name specified is expected to be in the SSH2_CONFIG directory from the user's login directory. e.g., ADD ID_DSA_1024_A.PUB will transfer the public key in ID_DSA_1024_A.PUB to the remote system and updates the AUTHORIZATION. file on the remote system to include this key name. CLOSE - Closes the connection to the remote system DEBUG {no | debug_level} - Sets debug level (like in SFTP2) DELETE key finger-print - Deletes the key that matches the fingerprint specified. It is necessary to do a LIST command before this to get a list of the finger prints (and for the program to build its internal database mapping fingerprints to keys). EXIT - Exits the program. HELP - Displays a summary of the commands available LIST - Displays the fingerprint and attributes of keys stored on the remote system. The attributes that are listed will vary with key. OPEN [user@]host[#port] - Opens a connection to a remote publickey subsystem. QUIT - Quits the program. UPLOAD key file name - Synonym for "ADD" VERSION [protocol version] - Displays or sets the protocol version to use. The protocol version can only be set before the OPEN command is used. The default version is 1. * Publickey Assistant Qualifiers /BATCHFILE - Provides file with publickey assistant commands to be executed. Starts SSH2 in batch mode. Authentication must not require user interaction. /CIPHER - Selects encryption algorithm(s). /COMPRESS - Enables SSH data compression. /DEBUG - Sets debug level (0-99). /HELP - Displays a summary of the qualifiers available. /MAC - Selects MAC algorithm(s). /MAC=(mac-1,...,mac-n) /PORT - Tells the Public Key Assistant which port sshd2 listens to on the remote machine. /VERBOSE - Enables verbose mode debugging messages. Equal to "/debug=2". You can disable verbose mode by using "debug disable." /VERSION - Displays version number only. * Other Implementations VanDyke includes this in their SecureFX and VShell products. VanDyke also has a patch available for a server for OpenSSH. New SSHKEYGEN warning --------------------- A new qualifier has been added to SSHKEYGEN. That qualifer is /[NO]WARN. This qualifier is used to warn the system administrator if an SSH2 host key already exists and asks if the file should be overwritten. Using /NOWARN will not announce the file's existance and will overwrite the file. The default behavior now is to warn the system administrator and ask if the existing file should be replaced. SSHKEYGEN in earlier versions of TCPware would overwrite the existing SSH2 host key file. LOGIN/LOGOUT audits ------------------- Login/logout events are now logged via the VMS audit server. The user will see a login record created by TCPware, plus login & logout records for a detached session (the interactive login session). VAX Kerberos 5 Support ---------------------- Support for using Kerberos5 for user authentication for VMS VAX V7 has been added. *** Notes for Kerberos 5 Support *** Support for Kerberos 5 is based on the HP Kerberos V5 for OpenVMS Release 2.0 (http://h71000.www7.hp.com/openvms/products/kerberos/). This kit restricts support for Kerberos to OpenVMS Alpha 7.2-2 and higher, and to OpenVMS VAX 7.2-2 and higher. Prior to installing and configuring the HP Kerberos product, the following TCPware ECO must be installed: - DRIVERS_V562P030 Once the above ECO has been applied, Kerberos may be installed and configured. SSH may be configured and used at any time, either with or without Kerberos; however, Kerberos is required to perform Kerberos authentication in the SSH server. If Kerberos is installed at some later time after SSH is started, restarting SSH will allow it to use Kerberos. --------------------------------------------------------------------------- This ECO kit provides fixes for the following DE's: - In some rare circumstances, the "SSHD MASTER" process would stop accepting new connections. [DE 9778] - Case-insensitive file names are now allowed for file transfers. If MULTINET_SFTP_CASE_INSENSITIVE is defined as TRUE/YES/1, then file- names are treated as case-insensitive. - A problem has been corrected with wildcard SCP copies from UNIX systems using OpenSSH. [DE 9774] - A problem was corrected with handling ACLs returned from a version 4 SFTP server. [DE 9751] - When using certificates for authentication, "certkey" filename entries in the IDENTIFICATION file are not parsed correctly. [DE 9807] --------------------------------------------------------------------------- Post Installation Notes If you have NOT previously installed a TCPware 5.6 SSH patch kit, or are not sure if one was previously installed, you must perform the following procedure: - Save your old SSH2_DIR:SSHD2_CONFIG. file and create a new one from the new SSH2_DIR:SSHD2_CONFIG.TEMPLATE file: $ COPY SSH2_DIR:SSHD2_CONFIG. SSH2_DIR:SSHD2_CONFIG.OLD $ COPY SSH2_DIR:SSHD2_CONFIG.TEMPLATE SSH2_DIR:SSHD2_CONFIG. - If you previously customized your SSH2_DIR:SSHD2_CONFIG file (now renamed to ".OLD"), you must edit the new SSH2_DIR:SSHD2_CONFIG file and add your customizations to it. You MUST use the new file created from the new SSH2_DIR:SSHD2_CONFIG.TEMPLATE file for this. - Note that if you are in a clustered environment with a shared system disk, you must copy the SSH2_DIR:SSHD2_CONFIG.TEMPLATE from the node where the ECO was initially installed to the SSH2_DIR: directory on each of the other nodes in the cluster before making the new SSHD2_CONFIG file and making any changes as noted above. The old version of the replaced SSH components will be renamed to TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD2_CONFIG.TEMPLATE_OLD TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]NETCU.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD TCPWARE_COMMON:[TCPWARE]TCPWARE_COMMANDS.COM_OLD Once installed, you may undo this patch by renaming the files back to their original names, and restarting the SSH component. NOTE: You must reboot your system after installing this ECO, to load the new software features. [End of ECO announcement]