IBM(R) DISTRIBUTED COMPUTING ENVIRONMENT (DCE) VERSION 3.2 FOR AIX(R) README ======================================================== Note: Translated versions of this README file are available in the following languages: o Japanese: - /usr/lpp/dce/README.ja_JP - /usr/lpp/dce/README.Ja_JP - /usr/lpp/dce/README.JA_JP o Korean: - /usr/lpp/dce/README.ko_KR - /usr/lpp/dce/README.KO_KR o Brazilian Portuguese: - /usr/lpp/dce/README.pt_BR - /usr/lpp/dce/README.PT_BR o Traditional Chinese: - /usr/lpp/dce/README.zh_TW - /usr/lpp/dce/README.Zh_TW - /usr/lpp/dce/README.ZH_TW ======================================================== Releases prior to DCE V3.1 of DCE for AIX included the Distributed File System (DFS(TM)) product. Beginning with the DCE 3.1 release, the packaging changed and DFS is no longer included. DFS Version 2.2 or prior will not run on machines with IBM DCE V3.1 for AIX or DCE V3.2 for AIX. ======================================================== 1.0 SYSTEM REQUIREMENTS 1.1 Prerequisite software 1.2 Disk space requirements 2.0 INSTALLATION, UNINSTALLATION, MIGRATION, AND CONFIGURATION 2.1 Installation prerequisites 2.2 Consult the "IBM DCE 3.2 for AIX: Quick Beginnings" before migrating DCE Web Secure to the current version of DCE for AIX 2.3 DCE Web Secure and 'dceback' or upgrading Netscape 2.4 Consult the "IBM DCE 3.2 for AIX: Quick Beginnings" before migrating CDS cached servers 2.5 dceweb migration and invalid /opt/dcelocal/web/etc/servers file entries 2.6 dceweb configuration same server name limitation 2.7 Duplicate and obsolete filesets listed on system management interface tool (SMIT) installation menus 3.0 IMPORTANT NOTES AND KNOWN LIMITATIONS 3.1 Configuration notes and limitations 3.1.1 Do not route NOTICES to STDOUT or STDERR during configuration 3.1.2 'config.dce' command 3.1.2.1 -ldap_auth parameter documented incorrectly 3.1.2.2 -ldap_keyring parameter documented incorrectly 3.1.2.3 Command line length limits 3.2 'dcecp registry migrate' command notes and limitations 3.2.1 -auth_type parameter documented incorrectly 3.2.2 -keyring parameter documented incorrectly 3.2.3 'dcecp registry ldapdelete' command not documented in "DCE 3.2 for AIX and Solaris: Administration Commands Reference" 3.3 Security notes and limitations 3.3.1 Principal name caching 3.3.2 Entrust products required for public key certificate login 3.4 Changing the IP addresses and hostnames of machines in a split cell configuration 3.5 Automatic updates of the /opt/dcelocal/etc/security/pe_site file has changed 3.6 'cdsli' and 'cdsdel' unsupported flags 3.7 Debug serviceability restrictions 3.8 Cset 3.1.4 is not supported on AIX 4.3.x. 3.9 Behavior of DCE 3.2 applications running on an MP AIX Machine 3.10 dceback support 3.11 Internationalization notes and limitations 3.11.1 DCE control programs and commands 3.11.2 ERA internationalization_data encoding 3.11.3 DCE Web Administration and Web Secure internationalization notes and limitations 3.11.3.1 Running DCE Web Admin in code page 850 with Netscape 3.11.3.2 Starting Web Secure from the command line 3.11.3.3 Changing the active locale for DCE Web Administration 4.0 IBM DCE WEB SITE 5.0 NOTICES AND TRADEMARKS 5.1 Notices 5.2 Trademarks ======================================================== 1.0 SYSTEM REQUIREMENTS ======================================================== 1.1 Prerequisite software All contents in the IBM DCE V3.2 for AIX product require IBM AIX Version 4.3.3 or IBM AIX Version 5.1 32-bit Power Architecture. ======================================================== 1.2 Disk space requirements o Base Services - dce.client - 23.1 Mb - dce.msg.en_US - 1.4 Mb - dce.msg.es_ES - 1.6 Mb - dce.msg.Es_ES - 1.6 Mb - dce.msg.ES_ES - 1.6 Mb - dce.msg.ja_JP - 1.5 Mb - dce.msg.Ja_JP - 1.5 Mb - dce.msg.JA_JP - 1.8 Mb - dce.msg.ko_KR - 1.4 Mb - dce.msg.KO_KR - 1.6 Mb - dce.msg.pt_BR - 1.5 Mb - dce.msg.PT_BR - 1.6 Mb - dce.msg.zh_TW - 1.2 Mb - dce.msg.Zh_TW - 1.2 Mb - dce.msg.ZH_TW - 1.3 Mb - dce.sysmgmt - 6.61 Mb - dce.tools - 5.7 Mb - dce.xdsxom - .9 Mb - dce.doc dce.doc.rte.ascii - .1 Mb dce.doc.en_US.ascii - 11.8 Mb dce.doc.en_US.html - 25.1 Mb dce.doc.en_US.pdf - 16.42 Mb dce.doc.ja_JP.ascii - 3.9 Mb dce.doc.ja_JP.html - 8.9 Mb dce.doc.ja_JP.pdf - 14.2 Mb dce.doc.Ja_JP.ascii - 3.9 Mb dce.doc.Ja_JP.html - 8.9 Mb dce.doc.Ja_JP.pdf - 14.2 Mb dce.doc.JA_JP.ascii - 5.1 Mb dce.doc.JA_JP.html - 8.9 Mb dce.doc.JA_JP.pdf - 14.2 Mb dce.doc.ko_KR.ascii - .6 Mb dce.doc.ko_KR.html - 1.7 Mb dce.doc.ko_KR.pdf - 4.3 Mb dce.doc.KO_KR.ascii - .7 Mb dce.doc.KO_KR.html - 1.7 Mb dce.doc.KO_KR.pdf - 4.3 Mb dce.doc.pt_BR.ascii - .3 Mb dce.doc.pt_BR.html - .8 Mb dce.doc.pt_BR.pdf -.6 Mb dce.doc.PT_BR.ascii - .3 Mb dce.doc.PT_BR.html - .8 Mb dce.doc.PT_BR.pdf - .6 Mb dce.doc.zh_TW.ascii - .5 Mb dce.doc.zh_TW.html - 2.5 Mb dce.doc.zh_TW.pdf - 4.5 Mb dce.doc.Zh_TW.ascii - .5 Mb dce.doc.Zh_TW.html - 2.5 Mb dce.doc.Zh_TW.pdf - 4.5 Mb dce.doc.ZH_TW.ascii -.6 Mb dce.doc.ZH_TW.html - 2.5 Mb dce.doc.ZH_TW.pdf - 4.5 Mb o Security Services - dce.security - 5.8 Mb o Cell Directory Services - dce.cds - 1.4 Mb o Data Encryption Services - dce.priv - .3 Mb o DCE Web Secure Upgrades - dce.web - .1 Mb o DCE Bundles - dce.bundles - .1 Mb o DCE Upgrade Package - dce.compat - .1 Mb ======================================================= 2.0 INSTALLATION, UNINSTALLATION, MIGRATION, AND CONFIGURATION ======================================================== 2.1 Installation prerequisites In addition to the base operating system requirements, additional AIX software updates might be required. The following describes the AIX software updates that the following DCE filesets require: o dce.client.rte.pthreads requires: - On AIX 4.3.3 systems: bos.rte.libpthreads 4.3.3.0 bos.rte 4.3.3.0 bos.rte.libc 4.3.3.0 - On AIX 5.1 systems: bos.rte.libpthreads 5.1.0.0 bos.rte 5.1.0.0 bos.rte.libc 5.1.0.0 o dce.client.rte requires: - On AIX 4.3.3 systems: xlC.rte 4.0.2.0 bos.net.tcp.client 4.3.3.0 bos.adt.lib 4.3.3.0 - On AIX 5.1 systems: xlC.rte 5.0.2.0 bos.net.tcp.client 5.1.0.0 bos.adt.lib 5.1.0.0 o dce.tools.appdev.adt requires: - On AIX 4.3.3 systems: bos.adt.syscalls 4.3.3.0 bos.adt.include 4.3.3.0 - On AIX 5.1 systems: bos.adt.syscalls 5.1.0.0 bos.adt.include 5.1.0.0 Notes: 1. Only the 32-bit kernel mode of the AIX 5.1 operating system is supported by DCE 3.2. 2. On an AIX 4.3.3 machine, installation of the dce.client.rte fileset might fail with a prerequisite of xlC.rte 5.0.2.0. This a known AIX problem. To fix this problem, install xlc.rte.4.0.2.0. 3. After you install any of the updates, you must reboot your system. This reboot must occur before you configure or restart DFS. ======================================================== 2.2 Consult the "IBM DCE 3.2 for AIX: Quick Beginnings" before migrating DCE Web Secure to the current version of DCE for AIX If you had DCE Web Secure configured for a release prior to DCE 3.1, then you must migrate your Web server to the current release before it is functional. Also, there is a situation where a DCE WebSecure/Admin server is configured and working, but all the information pertaining to the server was not stored in the /opt/dcelocal/web/etc/servers file. Because of this, some previously configured DCE WebSecure/Admin servers might not be migrated up to the IBM DCE V3.2 for AIX level. Consult the "IBM DCE 3.2 for AIX: Quick Beginnings" for important migration information before migrating DCE Web Secure to the current version of DCE. ======================================================== 2.3 DCE Web Secure and 'dceback' or upgrading Netscape If you have DCE Web Secure Netscape servers configured, you must first unconfigure (rmdceweb) DCE Web Secure before doing any of the following: o Upgrading Netscape Before upgrading Netscape, run 'rmdceweb' to unconfigure DCE Web Secure for the Netscape server you are upgrading. After upgrading Netscape, you can reconfigure DCE Web Secure using 'mkdceweb' or 'dwconfig'. This is necessary because the DCE Web Secure configuration program might need to make different updates to your Netscape obj.conf file for the new version. If you do not run 'rmdceweb' prior to upgrading your Netscape server, DCE Web Secure unconfiguration can fail. If 'mkdceweb' or 'dwconfig' isn't run, DCE Web Secure might not work properly. o dceback Run 'rmdceweb' to unconfigure DCE Web Secure for each Netscape server before running 'dceback dumpmisc'. This is necessary because part of the DCE Web Secure configuration information is in the Netscape configuration files and cannot be backed up with 'dceback'. If you ran 'dceback dumpmisc' and configured the new DCE Web Secure servers before running 'dceback restoremisc', you must unconfigure the added DCE WebSecure servers before running 'dceback restoremisc'. If you do not unconfigure, the DCE Web Secure configuration for these servers will be lost, and you will not be able to remove the DCE Web Secure entries in your Netscape servers obj.conf file with 'rmdceweb'. ======================================================== 2.4 Consult the "IBM DCE 3.2 for AIX: Quick Beginnings" before migrating cell directory service (CDS) cached servers When migrating a previous DCE version of an AIX DCE system that has an intercell connection established by use of the 'cdscp define cached server' command, the 'config.dce -cds_replica_list ' command must be used after installing the new level of DCE and before using 'start.dce' in order to preserve knowledge of the cached server. Before migrating CDS cached servers, consult the "IBM DCE 3.2 for AIX: Quick Beginnings" for additional information. ======================================================== 2.5 dceweb migration and invalid /opt/dcelocal/web/etc/servers file entries If the dceweb 2.2 configuration program put an "invalid" (meaning there was a /n in the Netscape version field) entry in the servers file for a server, then that server was unconfigured with the dceweb 2.2 configuration program; it will leave "bad" data in the file that migrate.dceweb can't process. Because of this, even though all of the dceweb servers that are configured have been migrated, the migration program continues to run every time DCE is started or stopped. To fix this problem, either remove the incorrect line from the servers file, or erase /opt/dcelocal/web/etc/mig.loc ======================================================== 2.6 dceweb configuration same server name limitation When two or more Netscape server versions are installed (for example, Enterprise and FastTrack) and the same server name is used with more than one Netscape version (for example, server1), DCE can only configure one of the servers. ======================================================== 2.7 Duplicate and obsolete filesets listed on system management interface tool (SMIT) installation menus Several DCE filesets were renamed in the IBM DCE V3.1 for AIX release. When an upgrade installation is done, filesets are installed based on what is currently installed. Since the filesets were renamed, filesets with the new names are not found on the system. To allow upgrades, dummy filesets with the old names were created. These filesets corequisite the filesets with the new names. They do not install any files. For more information about the dummy filesets and a list of these filesets, consult the "IBM DCE 3.2 for AIX: Quick Beginnings". ======================================================== 3.0 IMPORTANT NOTES AND KNOWN LIMITATIONS ======================================================== 3.1 Configuration notes and limitations ======================================================== 3.1.1 Do not route NOTICES to STDOUT or STDERR during configuration Do not route informational messages to STDOUT or STDERR during DCE configuration because the configuration code might misinterpret them as errors. During configuration, discard these messages or route them to another file. In the routing file, the designation lines for both NOTICE and NOTICE_VERBOSE must not have STDOUT or STDERR in them. ======================================================== 3.1.2 'config.dce' command ======================================================== 3.1.2.1 -ldap_auth parameter documented incorrectly In the "IBM DCE 3.2 for AIX and Solaris: Administration Commands Reference", the -ldap_auth option on the 'config.dce' command is documented incorrectly. Change all instances of -ldap_auth {none | ssl | cram-md5} to -ldap_auth {simple | ssl | cram-md5} The default value for -ldap_auth is 'simple', not 'none'. This option is documented correctly in the "IBM DCE 3.2 for AIX and Solaris: DCE Security Registry and LDAP Integration Guide". ======================================================== 3.1.2.2 -ldap_keyring parameter documented incorrectly In the "IBM DCE 3.2 for AIX and Solaris: Administration Commands Reference", the -ldap_keyring option on the 'config.dce' command is documented incorrectly. Change all instances of [-ldap_keyring ldap_keyring_file] to [-ldap_keyring ldap_keyring_file[:entry]] The description of the -ldap_keyring option should read: "Identifies the pathname of the key ring file, and optionally an entry in the file, to be used for Secure Socket Layer (SSL) authentication. This parameter is optional. If it is left unspecified, a default keyring file (/$LDAPHOME/lib/ldapkey/.kdb) is used." This option is documented correctly in the "IBM DCE 3.2 for AIX and Solaris: DCE Security Registry and LDAP Integration Guide". ======================================================== 3.1.2.3 Command line length limits The 'config.dce' command takes many parameters, and some of these parameters are long. Because of this, you might exceed the maximum command line length that UNIX(R) supports. If you exceed the maximum command line length, you can use one of the following options to overcome this limit: o If you exceed the maximum length by only a few characters, you can shorten the option names. For example, instead of specifying -cell_name, you can specify -cell_n, or instead of specifying -cds_replica_list, you can specify -cds_r. o If you need more characters than the previous suggestion allows, use a response file to configure DCE. Refer to the Configuration Response Files chapter in the "IBM DCE 3.2 for AIX and Solaris: Administration Guide--Introduction" for more information. o Put the command in a shell script and execute the shell script. ======================================================== 3.2. 'dcecp registry migrate' command notes and limitations ======================================================== 3.2.1 -auth_type parameter documented incorrectly In the "IBM DCE 3.2 for AIX and Solaris: Administration Commands Reference", the -auth_type option on the 'dcecp registry migrate' command is documented incorrectly. Change all instances of -auth_type {none | ssl | cram-md5} to -auth_type {simple | ssl | cram-md5} The default value for -auth_type is 'simple', not 'none'. This option is documented correctly in the "IBM DCE 3.2 for AIX and Solaris: DCE Security Registry and LDAP Integration Guide". ======================================================== 3.2.2 -keyring parameter documented incorrectly In the "IBM DCE 3.2 for AIX and Solaris" Administration Commands Reference", the -keyring option on the 'dcecp registry migrate' command is documented incorrectly. Change all instances of [-keyring ldap_keyring_file] to [-keyring ldap_keyring_file[:entry]] The description of the -keyring option should read: "Specifies the name of a key database file (with .kdb extension), and optionally an entry in the keyring file, to be used for SSL authentication. If left unspecified, the default keyring file, as installed with LDAP support, is be used. The default keyring file (ldapkey.kdb) and associated stash file (ldapkey.sth) are installed in the /lib directory under LDAPHOME, where LDAPHOME is the path to the installed LDAP support. LDAPHOME varies by operating system platform." This option is documented correctly in the "IBM DCE 3.2 for AIX and Solaris DCE Security Registry and LDAP Integration Guide". ======================================================== 3.2.3 'dcecp registry ldapdelete' command not documented in "IBM DCE 3.2 for AIX and Solaris Administration Commands Reference" The 'dcecp registry ldapdelete' command deletes DCE data from LDAP. This was not documented in the "IBM DCE 3.2 for AIX and Solaris Administration Commands Reference". Consult the "IBM DCE 3.2 for AIX and Solaris DCE Security Registry and LDAP Integration Guide" for information about this command. ======================================================== 3.3 Security notes and limitations ======================================================== 3.3.1 Principal name caching The DCE Security client runtime maintains a cache of mappings between principal names and Universal Unique Identifiers (UUIDs) for each authenticated process. This mapping can cause confusion for long-running programs if a principal is deleted and then recreated with the same name during the life of the process. Because of this cache, such a process might obtain the old UUID for the principal, which can cause unexpected results. The cache can be cleared by stopping and restarting the authenticated process. ======================================================== 3.3.2 Entrust products required for public key certificate login If you plan to use the DCE 3.2 Public Key Certificate (PKC) login enhancement, you must install the following Entrust products: o EntrustFile/Toolkit, Version 5.0.2 on each DCE Client, security server system and identity mapping server(IDMS) to allow PKC login. o Entrust/PKI, Version 5.0 and an X.500 directory such as Entrust Peerlogic i500 directory or a third-party LDAP-compliant directory service. For example, IBM SecureWay LDAP v3. The Entrust Public Key infrastructure is not required on DCE systems, but must be available to issue certificates to users. The recommended level of Entrust/PKI is Version 5.0. ======================================================== 3.4 Changing the IP addresses and hostnames of machines in a split cell configuration The "IBM DCE 3.2 for AIX and Solaris: Administration Guide--Core Components" provides steps for changing the IP address and hostname of a DCE server. These steps work only if the CDS server and security server are configured on the same machine. If your CDS server and security server are configured on different machines, use the following steps to change the IP addresses and hostnames. 1. Stop any DFS servers or DCE applications that are running in the cell, and disable auto-restart for DCE, DFS and DCE applications. Auto-restart is configured in /etc/inittab. 2. Remove knowledge of the clearinghouse on the CDS machine by issuing the following commands on the CDS server: dce_login dcecp -c clearinghouse disable /.:/ Knowledge of the clearinghouse is reinstated after you change the IP address. If you do not know the clearinghouse name, use the 'dcecp -c clearinghouse catalog' command to obtain it. 3. Stop all DCE daemons on both machines by issuing the 'stop.dce' command. 4. Remove the endpoint database, the clerk cache, and the credentials files on the CDS server and security server by issuing the 'clean_up.dce' command. NOTE: Before you remove any files, back up the cdscache.wan file so it can be restored later. You can remove the files individually with the following commands: o the endpoint database: rm /opt/dcelocal/var/dced/Ep.db o the clerk cache: cd /opt/dcelocal/var/adm/directory/cds rm cds_cache.* cdsclerk_* o credentials: rm /opt/dcelocal/var/security/creds/* The removed files are recreated at restart and login 5. On both machines, edit the /opt/dcelocal/etc/security/pe_site file to set the new IP address of the security server for all protocols, so security can start. 6. The following file might exist on the security server machine, /opt/dcelocal/var/dced/cdscache.inf, If it exists, edit it to set the new IP address of the CDS server so the cdsadv can find the CDS server. 7. On both machines, save a backup copy of the /opt/dcelocal/etc/cfgarg.dat file. Set the -t option on the dced daemon to 0 by editing the original cfgarg.dat file. To do this find the line in the file that looks similar to: dced: -b -t 1440 and change it to: dced: -b -t 0 Setting the -t option to 0 prevents dced from periodically updating the pe_site file with the old Master Security Server IP address. If you have IBM DCE version 3.1 with PTF set 4, or IBM DCE version 3.2 installed, then you must add a -n flag to the above line in the file. You do not have to change the -t value. The line looks like this: dced: -b -t 1440 -n At DCE 3.1 PTF 4 or DCE 3.2, setting -t 0 still updates the pe_site file once at DCE startup. The -n flag prevents that update, and causes -t to be ignored. 8. Change the IP addresses and hostnames on both machines and reboot. 9. Use the following sequence to initialize DCE: A. On the Security server issue the 'start.dce sec_srv' command. B. On the CDS server issue the 'start.dce cds_srv' command. o After the "Waiting up to 60 minutes for dced..." message is displayed, type to break the START process. o Use the following commands to identify to CDS the clearinghouse it is to manage (ensure that you use the same name you used in the previous clearinghouse disable command): export BIND_PE_SITE=1 dce_login dcecp -c clearinghouse create /.:/ 10. The CDS server and the cdsadv were not aware of the clearinghouse when they were started, so issue the following command on both machines: 'stop.dce' 'clean_up.dce' A. Restore the cfgarg.dat file from the backup copy you created in step 7. B. Restore the auto-start that was disabled in Step 1. C. Issue the 'start.dce sec_srv' command on the security server. D. Issue the following commands on the CDS server: unset BIND_PE_SITE start.dce cds_srv E. Issue the 'start.dce' command on both machines. 11. The security and CDS servers are now configured to use the new IP addresses. Issue the following command to verify that you can now successfully login: dce_login Verify that you can access the namespace by issuing the 'cdsli -0' command. The output looks similar to this: /.:/cell-profile /.:/fs /.:/lan-profile /.:/sec /.:/sec-v1 ======================================================== 3.5 Automatic updates of the /opt/dcelocal/etc/security/pe_site file has changed A change has been made to dced in DCE 3.1 PTF 4 and DCE 3.2, so that it automatically updates the /opt/dcelocal/etc/security pe_site file when the daemon starts. The "IBM DCE 3.2 for AIX and Solaris: Administration Commands Reference" states that specifying 0 for the -t option keeps the current contents of the /opt/dcelocal/etc/security/pe_site file intact. As of DCE 3.1 PTF 4 the -t 0 option causes the pe_site file to be updated once only when dced is started. To update the pe_site file again, it must either be changed manually, or dced must be stopped and restarted. A new option, the -n option, has been added to the dced daemon. If it is specified, the -n option prevents the /opt/dcelocal/etc/security/pe_site file from being updated when dced is restarted. The -n option completely eliminates automatic updates by dced to the pe_site file. If -n is specified, the -t option is unnecessary and is ignored if it is specified. If periodic updates are required, specify only the -t option with a nonzero value corresponding to the number of minutes between updates. If only one automatic update at startup is required, then specify -t 0. If no automatic updates are required, then specify -n and omit the -t option. ======================================================== 3.6 'cdsli' and 'cdsdel' unsupported flags Although the usage and help for 'cdsli' and 'cdsdel' describes new function for these two commands, only the flags documented for these commands in the "IBM DCE Version 3.2 for AIX and Solaris: Administration Commands Reference" are supported. ======================================================== 3.7 Debug serviceability restrictions dce_svc_debug_set_levels() does not work correctly and should not be used. Instead, set debug levels in the routing string. Use dce_svc_printf() for production messages only. For debug messages, use DCE_SVC_LOG or DCE_SVC_DEBUG. ======================================================== 3.8 Cset 3.1.4 is not supported on AIX 4.3.x. AIX 4.3.x does not support Cset 3.1.4. If you are compiling a C++ application on AIX 4.3.x, you need to use the IBM C and C++ compiler for AIX V3.6 or 5.0, which supports AIX 4.1.4, 4.2.x, and 4.3.x. ======================================================== 3.9 Behavior of DCE 3.2 applications running on an MP AIX Machine Due to the significant throughput increase in thread processing on a 6-way or 12-way multiprocessor AIX machine, thread-intensive applications written to DCE 3.2 might experience hangs or failures. ======================================================== 3.10 dceback support dceback is a utility that you can use to back up DCE data. Starting in the DCE 3.2 release, dceback is included on the DCE CD. Before migrating to DCE 3.2, dceback can be used from the CD to back up DCE data. dceback is also installed with DCE 3.2 and can be used for periodic backups. The dceback utility is supported on the following AIX platforms: AIX 5.1 AIX 4.3.x AIX 4.2.x AIX 4.1.5 and above ======================================================== 3.11 Internationalization notes and limitations ======================================================== 3.11.1 DCE control programs and commands dcecp is the standard control program for DCE, and it is designed to support a variety of language environments. As noted in the DCE documentation, dcecp replaces several older control programs (cdscp, dtscp, rpccp, acl_edit, rgy_edit, sec_admin). These older programs were not designed for international use, and they might give unexpected or undesirable results when used in non-English environments. While dcecp supports non-English data, there are some restrictions. The dcecp string handling commands, such as string range, have byte-based, not character-based, semantics. They might give undesired results when used on characters outside of the DCE Portable Character Set. ======================================================== 3.11.2 ERA internationalization_data encoding While some implementations of DCE enforce the validity of the tag field for this data type, IBM DCE V3.2 for AIX does not. ======================================================== 3.11.3 DCE Web Administration and Web Secure internationalization notes and limitations ======================================================== 3.11.3.1 Running DCE Web Admin in code page 850 with Netscape Perform the following steps to change the Netscape browser font to code page 850: o From Edit, Preferences, Appearance, Fonts, select User-Defined for the Encoding and ibm-850 for the fonts. o From View, Character Set, select User-Defined. ======================================================== 3.11.3.2 Starting Web Secure from the command line For some Asian locales, you can not start a Netscape Web server, such as DCE Web Secure, from the command line in an aixterm. If you plan to configure or start DCE Web Secure from the command line, use a dtterm, not an aixterm. Alternatively, use the Netscape Server Administration page, rather than the command line, to manage DCE Web Secure. ======================================================== 3.11.3.3 Changing the active locale for DCE Web Administration First stop Web Secure, change its locale, and restart it. For example, from the command line, you might use commands similar to these: >/usr/netscape/server4/httpd-/stop >export LC_ALL= >/usr/netscape/server4/httpd-/start Next, stop and start the Netscape Browser and access DCE Web Administration. ======================================================== 4.0 IBM DCE WEB SITE ======================================================== Additional DCE information is available at the IBM Web site at the following url: http://www.ibm.com/software/network/dce/ ======================================================== 5.0 NOTICES AND TRADEMARKS ======================================================== 5.1 Notices This information was developed for products and services offered in the U.S.A. IBM might not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country, or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106, Japan THE FOLLOWING PARAGRAPH DOES NOT APPLY TO THE UNITED KINGDOM OR ANY OTHER COUNTRY WHERE SUCH PROVISIONS ARE INCONSISTENT WITH LOCAL LAW: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the information. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this information at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Department LZKS 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces. ======================================================== 5.2 Trademarks The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DFS IBM SecureWay UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others. THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS. (C) Copyright IBM Corporation 2001. All rights reserved.