Patch Name: PHSS_14850 Patch Description: s700_800 10.20 Authorization Server A.03.00 patch bundle #1 Creation Date: 98/04/14 Post Date: 98/07/23 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: Authorization Server A.03.00 Filesets: PrAS-AuthServer.ASSVR-RUN,A.03.00 PrAS-Core.ASCO-ENG-A-MSG,A.03.00 PrAS-Core.ASCORE-RUN,A.03.00 Automatic Reboot?: No Status: General Superseded Critical: Yes PHSS_14850: OTHER Refer to SR# 4701387738 Inquiries against Pr/AS runtime database fail or return false information when the Engine is on an HP-UX multiprocessor system. Path Name: /hp-ux_patches/s700_800/10.X/PHSS_14850 Symptoms: PHSS_14850: WARNING: PLEASE REFER TO THE SPECIAL INSTALLATION INSTRUCTIONS BELOW, BEFORE INSTALLING THIS PATCH. 1. Symptoms for SR # 4701387639 odss*_inq_*() API call incorrectly returns denied and authpd.log reports odss_s_why_denied4 at dm_retrieve_record()2. 2. Symptoms for SR # 4701387019 The nsapi authpif daemon refuses all authorization requests after 10 hours of continuous operation. 3. Symptoms for SR # 4701387654 The tar file /opt/odss/odss_ito.tar that contains files required to configure Pr/AS into IT/Operations is missing two files, "AS_p.sh" and "AS_1.sh". 4. Symptoms for SR # 4701387449 odss_s_why_denied* message filling up authpd.log log file. 5. Symptoms for SR # 4701387456 ODSS_authz_config failed during the initial config in replicated DCE environement. 6. Symptoms for SR # 4701387704 Can not configure a system where hostname is not the same as nodename -a. 7. Symptoms for SR # 4701387217 Create Entitlement does not work with SSL and systems identified by ip addresses. 8. Symptoms for SR # 4701387225 The performance of Authu was increased. 9. Symptoms for SR # 4701387746 Customer needs to monitor authu heap usage so that authu can be stopped and restarted before the authu memory leak (see SR#4701353524) causes authu to abort. 10. Symptoms for SR # 4701387738 When Pr/AS engine is running on a K260 HP 9000 with 4 CPUs, inquiries against the Informix runtime database begin to fail or return false information. The only solution is to shut down the engine and restart. 11. Symptoms for SR # 4701380162 When the Create Puser Callout facility is used in the Administrative GUI Create Principal page to insert a ppid value greater than 117 bytes in length, the Administrative GUI cgi program aborts without creating the principal. 12. Symptoms for SR # 4701380170 In Authorization Server version A.02.00, the odss_inq*() APIs return a 0 (granted) when privilege records are requested by none are returned (count=0). Beginning with Authorization Server version A.02.10, beginning with patch PHSS_12681, the odss_inq* APIs return a nonzero value (denied) when privilege records are requested but none are returned. 13. Symptoms for SR # 4701380154 The hardware and software requirements documented in the version A.02.10 Release Notes (pn B5196-90010) for the Authorization Server Engine are inadequate to support the optimal performance of the Engine in a realistic production environment. Also, the current Informix database created during product configuration is too small to support a realistic production environment. 14. Symptoms for SR # 4701380147 The performance of the Authorization Server Engine administrative functions to create and enable principals decreases as the number of principals in the runtime Informix database increases. 15. Symptoms for SR # 4701380188 The performance of odss*_inq_*() API calls decrease as the number of principals in the runtime Informix database increases. Defect Description: PHSS_14850: 1. Defect description for SR # 4701387639 Occurs when odss*_inq_*() API calls are invoked for a rule consisting of 5 or more priv attrs, and all priv attr values are not explicitly stated in the filter input parameter of the odss*_inq_*() call. Denied may or may not happen depending on the ordering of the priv attrs. Cause is a defect in /opt/odss/lbin/authpd. 2. Defect description for SR # 4701387019 The authpif daemon does not perform a programmatic dce_login in order to renew its authentication ticket; as a consequence, the nsapi plugin API odss-authorize will always return "authorization denied" after the authpif daemon's kerberos ticket has expired. The lab modified the authpif executable to perform a periodic dce_login in order to renew the authentication ticket. 3. Defect description for SR # 4701387654 The tar file /opt/odss/odss_ito.tar that contains files required to configure Pr/AS into IT/Operations is missing two files, "AS_p.sh" and "AS_1.sh". The tar file has been rebuilt to include these two files. 4. Defect description for SR # 4701387449 odss_s_why_denied[1-5]: WHY DENIED? ... messages are filling up the authpd.log. The fix eliminates the above messages from appearing in the authpd.log during normal processing. The messages are still available through the product trace facility. 5. Defect description for SR # 4701387456 ODSS_authz_config may fail in initial config but OK after doing an ODSS_authz_config -unconfig in a replicated DCE setup. The fix should reduce the chance of ODSS_authz_config from failing due to delay caused by DCE replication overhead. 6. Defect description for SR # 4701387704 Hostname and uname -a were used interchangeably in the configuration scripts. 7. Defect description for SR # 4701387217 The codebase statment in Create Entitlement needed to be changed to the default. 8. Defect description for SR # 4701387225 The performance of Authu was increased. 9. Defect description for SR # 4701387746 A utility is provided that enables a customer to monitor authu heap usage so that authu can be stopped and restarted before the authu memory leak (see SR#4701353524) causes authu to abort. 10. Defect description for SR # 4701387738 On a multiprocessor (MP) system, the Engine runtime database requires HP-UX patch PHKL_14569, requires that two onconfig.odss database configuration parms be set to indicate an MP system, and HP-UX kernel parms need to be set for a "monolithic" environment. Authpd and authpa must be modified to handle Informix errors returned on an MP system. 11. Defect description for SR # 4701380162 String handling characteristics of the Create Puser Callout facility have been modified to allow a user to insert a ppid value of up to 1023 bytes in length (the max allowed size of a ppid value element). 12. Defect description for SR # 4701380170 This is an enhancement for a customer 13. Defect description for SR # 4701380154 With performance enhancements introduced in this patch, a minimum of 200 Mb of disk space is required under /var/opt/odss for the successful creation of an enlarged Informix database. The number of buffers used by the Informix runtime database has been increased to increase runtime performance. For this reason, at least 256 Mb o RAM is recommended for optimal performance of the Engine. 14. Defect description for SR # 4701380147 4701380188 An index was added to the database to increase performance of creating/enabling principals and calls to odss*_inq* API calls. SR: 4701380162 4701380170 4701380154 4701380147 4701380188 4701387639 4701387019 4701387654 4701387449 4701387456 4701387704 4701387217 4701387225 4701387746 4701387738 Patch Files: /opt/odss/bin/authu_batch /opt/odss/bin/authu_maint /opt/odss/bin/odss_cgi_authz /opt/odss/bin/odss_cgi_inq /opt/odss/gui/odss/cgi-bin/odss_admin_gui.cgi /opt/odss/lbin/ODSS_authz_cds_entry /opt/odss/lbin/ODSS_authz_raima_create /opt/odss/lbin/ODSS_informix_config /opt/odss/lbin/authpa.informix /opt/odss/lbin/authpd.informix /opt/odss/lbin/authpif /opt/odss/lbin/authu /opt/odss/lbin/initdb.informix /opt/odss/lbin/odss_conf_maint /opt/odss/lbin/onconfig.odss /opt/odss/lib/adm_authu.dbd /opt/odss/lib/libecallout.sl /opt/odss/lib/libodssd.sl /opt/odss/lib/libodssnsapi.sl /opt/odss/lib/nls/msg/C/Hplibodss.cat /opt/odss/lib/qdm_authu.dbd /opt/odss/odss_ito.tar /opt/odss/sbin/ODSS_authz_add_runtime_space /opt/odss/sbin/ODSS_authz_chkdsize /opt/odss/sbin/ODSS_authz_config /opt/odss/sbin/ODSS_authz_startup /opt/odss/sbin/ODSS_authz_status /opt/odss/sbin/ODSS_authz_unconfig what(1) Output: /opt/odss/bin/authu_batch: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/bin/authu_maint: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/bin/odss_cgi_authz: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/bin/odss_cgi_inq: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/gui/odss/cgi-bin/odss_admin_gui.cgi: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/lbin/ODSS_authz_cds_entry: None /opt/odss/lbin/ODSS_authz_raima_create: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ yaccpar 1.6 88/02/08 SMI /opt/odss/lbin/ODSS_informix_config: None /opt/odss/lbin/authpa.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqcomm.c 9.14 1/25/94 iqconnct.c 9.50 1/13/93 12:18:51 iqdynsql.c 9.4 1/14/93 15:57:25 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 osdshift.c 9.3 8/28/92 18:10:15 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /opt/odss/lbin/authpd.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqcomm.c 9.14 1/25/94 iqconnct.c 9.50 1/13/93 12:18:51 iqdynsql.c 9.4 1/14/93 15:57:25 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 osdshift.c 9.3 8/28/92 18:10:15 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /opt/odss/lbin/authpif: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/lbin/authu: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ $Header: sec_info.c,v 0.5 93/12/29 17:00:13 dibl Exp $ HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/lbin/initdb.informix: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ iqsimple.c 9.11 3/31/93 17:25:36 iqtrans.c 9.4 3/31/93 17:25:41 iqutil.c 9.25 1/11/94 09:33:50 iqconnct.c 9.50 1/13/93 12:18:51 iqcursor.c 9.27 11/9/93 14:30:51 iqdynam.c 9.33 1/17/94 13:51:50 iqfetch.c 9.13 1/24/94 08:28:45 iqinsert.c 9.6 10/27/93 11:05:28 iqreturn.c 9.22 11/9/93 14:33:25 iqsend.c 9.16 11/9/93 14:31:03 iqcomm.c 9.14 1/25/94 iqdynsql.c 9.4 1/14/93 15:57:25 iqinfo.c 9.5 9/16/93 10:22:14 iqsend2.c 9.11 10/26/93 09:34:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osconv.c 8.1 3/2/91 13:54:13 osctype.c 9.27 10/26/93 11:48:26 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.ospip e.c 8.4 4/18/91 13:49:42 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutil.c 8.1 3/2/91 13:55:15 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osstore.c 8.1 3/2/91 13:55:08 /net/grizzly/sccs/rd/engines/oslib/SCCS/s.osutilb.c 8.1 3/2/91 13:55:18 osfutil.c 9.4 1/17/94 17:54:49 asfapi.c 9.55 10/23/93 11:59:20 al.c 9.70 10/23/93 11:59:11 asfutil.c 9.49 10/14/93 09:08:55 driver.c 9.23 8/5/93 15:05:35 cm.c 9.63 11/19/93 18:21:49 asfns.c 9.62 9/20/93 15:42:39 asfpfsqi.c 9.57 1/14/94 15:09:31 asf_shm.c 9.84 1/13/94 14:30:35 tlispx.c 9.8 12/22/93 16:00:09 asfutil2.c 9.7 10/14/93 09:09:38 asfpfutl.c 9.13 1/14/94 15:09:38 asfslsqi.c 9.37 10/28/93 09:42:32 nwsap.c 9.10 11/22/93 13:25:30 rfnmanip.c 7.1 1/4/90 rvaldata.c 9.15 1/14/94 17:20:11 ghash.c 9.3 5/1/92 18:03:41 gvalid.c 9.4 10/22/93 14:15:09 decconv.c 9.23 1/14/94 17:19:32 gchkname.c 9.3 11/4/93 10:40:16 decmath.c 9.4 10/22/93 14:15:21 rstrip.c 9.4 7/7/92 13:47:08 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osbas enm.c 8.1 3/2/91 14:46:49 osdshift.c 9.3 8/28/92 18:10:15 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.osfta b.c 8.1 3/2/91 14:46:54 /net/grizzly/sccs/rd/engines/oslib/sysv/SCCS/s.oshos tnm.c 8.1 3/2/91 14:47:00 osdnet.c 9.12 12/20/93 13:23:29 osauth.c 9.14 11/8/93 16:10:11 ic12_r10dav_gs libc.a_ID@@/main/r10dav/libc_dav/bvd_ dav/1 /ux/libc/libs/libc/archive_pa1/libc.a_ID May 1 1996 11:43:41 /opt/odss/lbin/odss_conf_maint: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ /opt/odss/lbin/onconfig.odss: None /opt/odss/lib/adm_authu.dbd: None /opt/odss/lib/libecallout.sl: None /opt/odss/lib/libodssd.sl: HP PRAESIDIUM/AS version A.03.00 (PHSS_14850) Fri Apr 17 16:50:38 PDT 1998 /opt/odss/lib/libodssnsapi.sl: Version 1 odss_nsapi.slFeb 24 1998 /opt/odss/lib/nls/msg/C/Hplibodss.cat: None /opt/odss/lib/qdm_authu.dbd: None /opt/odss/odss_ito.tar: HP Authorization Server Registration File /opt/odss/sbin/ODSS_authz_add_runtime_space: None /opt/odss/sbin/ODSS_authz_chkdsize: None /opt/odss/sbin/ODSS_authz_config: None /opt/odss/sbin/ODSS_authz_startup: None /opt/odss/sbin/ODSS_authz_status: None /opt/odss/sbin/ODSS_authz_unconfig: None cksum(1) Output: 1533197261 1042104 /opt/odss/bin/authu_batch 2600895828 911484 /opt/odss/bin/authu_maint 2419231727 103492 /opt/odss/bin/odss_cgi_authz 3698239699 103676 /opt/odss/bin/odss_cgi_inq 1681649128 1257084 /opt/odss/gui/odss/cgi-bin/ odss_admin_gui.cgi 809718558 16032 /opt/odss/lbin/ODSS_authz_cds_entry 4166110361 1668176 /opt/odss/lbin/ODSS_authz_raima_create 3286641768 3650 /opt/odss/lbin/ODSS_informix_config 2754428010 1773096 /opt/odss/lbin/authpa.informix 2101059603 2671436 /opt/odss/lbin/authpd.informix 447706937 185484 /opt/odss/lbin/authpif 3727221345 6960960 /opt/odss/lbin/authu 493638849 996060 /opt/odss/lbin/initdb.informix 3452597012 123376 /opt/odss/lbin/odss_conf_maint 1267676275 7051 /opt/odss/lbin/onconfig.odss 968330237 5250 /opt/odss/lib/adm_authu.dbd 2558556053 146756 /opt/odss/lib/libecallout.sl 291676593 876948 /opt/odss/lib/libodssd.sl 3760345342 191324 /opt/odss/lib/libodssnsapi.sl 1316961932 119794 /opt/odss/lib/nls/msg/C/Hplibodss.cat 1649490436 2845 /opt/odss/lib/qdm_authu.dbd 347191032 163840 /opt/odss/odss_ito.tar 570855360 1635 /opt/odss/sbin/ODSS_authz_add_runtime_space 64333343 474 /opt/odss/sbin/ODSS_authz_chkdsize 463030279 36414 /opt/odss/sbin/ODSS_authz_config 2787125060 28199 /opt/odss/sbin/ODSS_authz_startup 3068157361 45167 /opt/odss/sbin/ODSS_authz_status 4191417391 15814 /opt/odss/sbin/ODSS_authz_unconfig Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 19100 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_14850 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_14850.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_14850.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_14850. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_14850.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_14850.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If you are installing this patch on a system that contains an Authorization Server Engine (Master or Replica) The Authorization Server Engine must be unconfigured prior to installing this patch, then reconfigured after this patch is installed. If you have implemented an Authorization Server Master/Replica Engine strategy, you must first perform steps 1 through 5 and 7 to unconfigure each Replica Engine before you perform steps 1 through 7 to unconfigure the Master Engine. 1. Prior to reconfiguring the Authorization Server Engine, you must ensure that /var/opt/odss has at least 200 MB of disk space available. (Prior to this patch, the requirement was 100 MB.) 2. Prior to reconfiguring the Authorization Server Engine, you should consider increasing the amount of RAM on your HP 9000 computer to at least 256 MB for optimal performance of the Authorization Server Engine with the performance enhancements introduced in this patch. (The minimum requirement for RAM is currently 128 Mb). 3. Login as a root user. 4. Login to DCE (or Pr/SS) as cell_admin. 5. Ensure that all three Authorization Server Engine processes (authpa, authpd, authu) are running. Enter: ODSS_authz_status -b If one or more of the processes are not currently running, start the Authorization Server Engine. Enter: ODSS_authz_startup 6. On the Master Engine system, Use the authu_batch utility to create a backup file of the administrative database. Enter: authu_batch -d > database_backup_file 7. Unconfigure the Authorization Server Engine. Enter: ODSS_authz_unconfig For more information, refer to "Unconfiguring an Authorization Server Engine" in chapter 5 of the "Authorization Server Administrator's Guide" (B5196-90008). 8. Install this patch following instructions provided elsewhere in this document. 9. Carefully compare the new version of the Informix configuration file /opt/odss/lbin/onconfig.odss to the copy of the file /opt/odss/lbin/onconfig.odss.old that was created during patch installation. Compare parameter values in the new version of onconfig.odss against the corresponding values in the copy onconfig.odss.old. For every parameter value in onconfig.odss.old that is greater than the corresponding parameter value found in the new file onconfig.odss, modify the parameter value in the new version of onconfig.odss to match the greater value of the corresponding parameter value in the older copy. 10. While logged in as a root user and logged in to DCE (or Pr/SS) as cell_admin, configure the Authorization Server Master Engine. Enter: ODSS_authz_config 11. Ensure that all three Authorization Server Master Engine processes (authpa, authpd, authu) are running. Enter: ODSS_authz_status -b If one or more of the processes are not currently running, start the Authorization Server Engine. Enter: ODSS_authz_startup 12. If you have implemented a Master/Replica Engine strategy, please perform additional steps described in the section "Installing and Configuring a Replica Engine" located in the "Authorization Server Administrator's Guide". 13. On your Master Engine system, restore your administrative database from the backup file you created prior to installing this patch. Enter: authu_batch -r < database_backup_file