HP OpenVMS Systems Documentation

V1.2

The DECwindows server requires specific tuning for graphics-intensive and 3D applications because of greater demand for system resources. You need to make adjustments for server quotas on 3D accelerated systems. These are minimum values suggested for a system with as little as 64 MB of physical memory and for running complex clients.

Use the AUTHORIZE utility to set the following SYSTEM account quotas to the minimum values shown in Table 3-2.

The server has its own quotas that are set in SYS$COMMON:[SYSMGR]DECW$PRIVATE_SERVER_SETUP.COM. If this file does not exist, copy the file SYS$MANAGER:DECW$PRIVATE_SERVER_SETUP.TEMPLATE to SYS$MANAGER:DECW$PRIVATE_SERVER_SETUP.COM and edit the file to include the following values:

If you use larger values, you must also modify the corresponding SYSTEM account quotas that you set with the AUTHORIZE utility.

Tuning for Animation Applications

If your application involves lengthy animation sequences of large models or assemblies, performance may be improved by setting the following working set quotas and values:

You need to set the corresponding server quotas as follows:

Determining Tuning Needs

To determine whether you need to set larger parameters, monitor the server process during the heaviest display usage. If the working set use approaches the maximum WSEXTENT, then you need to adjust the values. However, do not set large values unless it is necessary. If you set these values too high, performance may be degraded. Optimal DECwindows server performance depends on application demands.

MIN_WSMAX must be at least as large as the largest WSEXTENT value set from among your accounts. Please refer to the OpenVMS System Manager's Manual for more information. Do not exceed what AUTOGEN gives for WSMAX. See the warning in the AUTOGEN report.

The next time you run AUTOGEN and reboot, the new values will take effect. In addition, you need to increase the size of the page file to accommodate the pagefile quotas of both the server and your clients. Note that pagefile quota for the server is derived from system page files.

If, after initial tuning and considerable use, the server is failing or is unnecessarily unresponsive, the server may have run out of memory or memory may have become fragmented. A particularly demanding application may require that you give the server even larger PGFLQUO value.

If the server error log SYS$MANAGER:DECW$SERVER_0_ERROR.LOG contains the statement xxx: Out of memory, increase the pagefile quota for the server. Set this by modifying both system quota PGFLQUO and DECW$PRIVATE_SERVER_SETUP.COM.

Note that, in multiheaded configurations (for example, ZLX--E1 and ZLX--E2), the PGFLQUO and the DECW$SERVER_PAGE_FILE parameters should be increased to meet your system requirements.

3.2.5 Enhancing Startup Performance

V1.1

Extensive SYLOGIN.COM or LOGIN.COM command procedures slow down application startup. Many of the operations performed in a SYLOGIN.COM or LOGIN.COM are meaningless for DECwindows application startup. Therefore, the SYLOGIN.COM and LOGIN.COM files should be conditionalized for DECwindows application startup performance. When starting a DECwindows application, a minimum of SYLOGIN.COM and LOGIN.COM commands should be executed.

Typically, the commands that should be executed are the redefinition of DECW$USER_DEFAULTS (if present), and other logical name definitions if the user will be referencing them from within the context of a DECwindows application. The following code segment can be inserted into SYLOGIN.COM and LOGIN.COM immediately following the commands necessary for DECwindows:

$ mode = f$mode()
$ tt_devname = f$trnlnm("TT")
$ session_mgr_login = (mode .eqs. "INTERACTIVE") .and.  -
      (f$locate("WSA",tt_devname) .ne. f$len(tt_devname))
$ session_detached_process = (mode .eqs. "INTERACTIVE") .and. -
      (f$locate("MBA",tt_devname) .ne. f$len(tt_devname))
$ if session_mgr_login .or. session_detached_process then exit

Applications continue to run even if these lines are not added to the SYLOGIN.COM and LOGIN.COM files.

3.3 Security and Authorization

This section describes important issues and considerations related to system security.

3.3.1 Kerberos No Longer Requires SECURITY Extension

V1.3--1

With DECwindows Motif for OpenVMS Alpha Version 1.3--1, the SECURITY extension is no longer required to establish Kerberos authentication on DECwindows Motif systems.

Enabling this extension was previously documented as a prerequisite to setting up Kerberos (both inside or outside of a DECwindows Motif session) in the HP DECwindows Motif for OpenVMS Alpha New Features manual. This prerequisite can now be ignored.

3.3.2 Refreshing Client Security Options During a Session

V1.3

In some cases, you may want to specify an alternate X authority file for the current session. However, changing security options during a session can prevent client applications from subsequently accessing the X server. This condition occurs when performing the following sequence of tasks while a DECwindows Motif session is in progress:

1. Change or reset the client access control method to token-based access control.
2. Specify an alternate X authority file for the current display device used by the session.

Once you specify an alternate X authority file, the original settings used to grant access during the session no longer apply, and the new settings are not available to clients.

To refresh the security options and synchronize the client and server authorization entries:

1. Choose Security... from the Session Manager's (Traditional DECwindows Desktop) or the Style Manager's (New Desktop) Options menu.
2. From the Security Options dialog box, do one of the following:
   • For Magic Cookie access control, click on Create Cookie.
   • For Kerberos access control, deselect the Kerberos option under Client Access Control, and click on Apply. Then reselect the option, and click on Apply.
   
   Both actions create a new X authority entry in both the server and the alternate X authority file.

If you cannot access the Session Manager or Style Manager, exit and restart your DECwindows Motif session. Exiting the current session restores the server to its default state.

3.3.3 Unknown Code Error Displayed When Enabling Kerberos

V1.3

If the Kerberos logical (KRB$ROOT) has not been set properly, the following error is displayed when you attempt to enable Kerberos from either the DECwindows Motif desktop or the DCL command line using KINIT:

"Unknown code 6 while initializing krb5"

To correct this problem, reconfigure the Kerberos for OpenVMS Security Client software as described in the Kerberos for OpenVMS Installation Guide and Release Notes available from the OpenVMS web site (http://www.hp.com/go/openvms).

3.3.4 Bad Atom Error Displayed When Running Applications Over an Untrusted Connection

V1.3

Any DECwindows Motif application that attempts to run over an untrusted connection without a security policy defined will either not start or will exit after starting. An untrusted connection is created when access is granted to an X server using a cookie generated by SET DISPLAY/GENERATE or XAUTH GENERATE.

In most cases where this problem occurs, the following error message is displayed:

X Error of failed request
BadAtom (invalid Atom parameter)

To reduce the likelihood of application errors over untrusted connections, start the server with the default security policy file by setting the symbol DECW$SECURITY_POLICY to DECW$EXAMPLES:DECW$SECURITY_POLICY.TXT.

Note however, that the following applications do not run cleanly over an untrusted connection, even with a security policy file in place:

• Bookreader
• CDA Viewer
• DECterm
• DTPAD
• OpenVMS Debugger
• Paint
• Print Screen
• Style Manager

V1.3

Applications connected to the X server using an untrusted, generated cookie may not work when the XC-APPGROUP, SECURITY, and XINERAMA server extensions are both loaded. The problem is caused by the order in which these extensions are initialized when the server is started.

To avoid the problem, always define DECW$SERVER_EXTENSIONS in DECW$PRIVATE_SERVER_SETUP.COM so that if both XINERAMA and SEC_XAG (combined SECURITY and XC-APPGROUP image) are loaded, XINERAMA is listed before SEC_XAG.

For example, define:

$ decw$server_extensions == "XINERAMA,SEC_XAG"

instead of:

$ decw$server_extensions == "SEC_XAG,XINERAMA"

V1.3

When using Kerberos with TCP/IP, providing a node name of 0 (to indicate the local host) does not work correctly. The problem occurs only if Kerberos is initialized from the server authority file. For example:

$ SET DISPLAY/TRANSPORT=TCPIP/NODE=0
$ RUN DECW$EXAMPLES:ICO

  Xlib: krb5_sname_to_principal failed: Hostname cannot be canonicalized
  Cannot open display
  : non-translatable vms error code: 0x182B2
  %rms-e-rnf, record not found

Instead, provide the TCP/IP address of the local host explicitly:

$ SET DISPLAY/TRANSPORT=TCPIP/NODE=11.22.33.44

V1.3

When initializing the Kerberos setup using the server X authority file, the DECwindows Motif login cannot be used. The reason for this is that DECwindows login is a privileged image and the Kerberos runtime image is not an installed image. Moreover, the clients run by login manipulate the Kerberos setup. Therefore, session management is not supported in this configuration.

To prevent the DECwindows login box from coming up, define DECW$MAINAPP in SYS$MANAGER:DECW$PRIVATE_APPS_SETUP.COM as follows:

$ DECW$MAINAPP == " "

V1.3

The online help for Revoke Ticket is incorrect. See the HP DECwindows Motif for OpenVMS Alpha New Features manual for the correct description.

3.3.9 Generating Cookies in the Default X Authority File

V1.3

Inserting cookies in the default X authority file may interfere with the session cookie. It is recommended that users avoid inserting generated cookies into the default X authority file. To avoid inserting a cookie into the default X authority file, do the following. Use the /XAUTH qualifier to specify an X authority file other than the default file.

$ SET DISPLAY/GENERATE=NOTIMEOUT/XAUTH=DISK$:[DIR]MYAUTHORITY.DECW$XAUTH

If a generated cookie is inserted in the default X authority file, you can restore normal operation by ending the current session.

If you insert a generated cookie into a user's default X authority file, outside of a DECwindows session, you may need to delete the X authority file before that user can login.

3.3.10 Enabling and Disabling Access Control

V1.0

DECwindows Motif does not enable access control by default. Instead, the product uses access control set by the server. The DECwindows X11 display server enables access control at startup time.

To force the DECwindows Session Manager to enable or disable access control explicitly at login time, you can define one of the following logical names:

$ DEFINE/SYSTEM/EXECUTIVE DECW$LOGIN_ACCESS_CONTROL ENABLE
$ DEFINE/SYSTEM/EXECUTIVE DECW$LOGIN_ACCESS_CONTROL DISABLE

If the logical name is not defined or if it is defined to some other value, such as "SERVER", DECwindows login neither enables nor disables access control.

In most cases, it should not be necessary to define the logical name.

3.4 Desktop Management

This section describes important issues and considerations related to managing desktop applications.

3.4.1 Define DECW$UTILS Global Symbol When Moving DECW$EXAMPLES Global Symbol

V1.2

DECwindows Motif for OpenVMS Version 1.2 introduced a new symbol, DECW$UTILS. Normally, this symbol points to a subdirectory of DECW$EXAMPLES. If you define a DECW$EXAMPLES global symbol in the DECW$PRIVATE_APPS_SETUP.COM command procedure to change the directory for DECwindows example programs, you must also define DECW$UTILS to change the directory for utilities.

For example, to redefine both DECW$EXAMPLES and DECW$UTILS, add the following lines to the SYS$MANAGER:DECW$PRIVATE_APPS_SETUP.COM procedure:

$ DECW$EXAMPLES == "SYS$SYSROOT:[DECWEXAMPLES]
$ DECW$UTILS == "SYS$SYSROOT:[DECWEXAMPLES.UTILS]

Then, restart DECwindows Motif with the following command:

$  @SYS$MANAGER:DECW$STARTUP RESTART

V1.2

A problem may occur on systems that have a customized DECW$LOGIN.DAT file. The Start Session dialog box is the color blue instead of tan. If this condition exists, look for a customized DECW$LOGIN.DAT file in the directory SYS$COMMON:[DECW$DEFAULTS.USER] and move it to SYS$MANAGER. A DECW$LOGIN.DAT file in SYS$COMMON:[DECW$DEFAULTS.USER] prevents the "*background:" resource from being defined; thus, it will default to the color blue.

HP provides a copy of the DECW$LOGIN.DAT file in the SYS$COMMON:[DECW$DEFAULTS.SYSTEM] directory. Any customized versions of this file should reside only in SYS$MANAGER.

3.5 Font and Keymap Management

The following sections contain release notes pertaining to font and keymap support.

3.5.1 Euro Currency Symbol Restrictions

V1.3

The following limitations exist with DECwindows Motif and its support for the euro currency symbol:

• When the euro symbol is pasted or sent to another X window application on a different platform (such as UNIX) using Compound Text format, the character may not be recognized as the euro symbol on the other platform.
• The euro currency symbol is not included as part of the scalable font sets available with DECwindows Motif. Applications using scalable fonts cannot display the euro symbol.
• Although you can use EDT to type the euro character into a file, the symbol may not display correctly on the screen. For example, typing Compose o x displays the A4 character code.

V1.3

When using a traditional DECwindows Motif keymap that implements the Mode_switch modifier, make sure that you first adjust the default Window Manager resource settings to enable window grabbing. Otherwise, you may be prevented from using the mouse to grab the handles of open windows on the desktop.

For example, the AUSTRIAN_GERMAN_LK401AG_TW keymap implements the compose key as a one-shot lockdown modifier. The first time a user presses the compose key with this keymap loaded, the Mode_switch modifier is activated, which prevents the user from grabbing the handles of any application windows currently open on the desktop.

To prevent this from occurring, redefine the default Window Manager resources as follows; then exit and restart your DECwindows Motif session:

• For New Desktop systems:
  Edit the file CDE$USER_DEFAULTS:[APP-DEFAULTS.C]DTWM.DAT, and set the value of Dtwm*ignoreModKeys and Dtwm*ignoreAllModKeys to TRUE. If this file and directory do not already exist, create the directory and copy the DTWM.DAT file from CDE$SYSTEM_COMMON:[APP-DEFAULTS.C] to the directory.
• For Traditional DECwindows Desktop systems:
  Edit the file DECW$SYSCOMMOM:[DECW$DEFAULTS.USER]DECW$MWM.DAT, and set the value of Mwm*ignoreModKeys and Mwm*ignoreAllModKeys to TRUE. If this file does not already exist, copy the DECW$MWM.DAT file from DECW$SYSTEM_DEFAULTS to the directory.

V1.2--5

There is a performance problem when using the Austrian-German keymap (AUSTRIAN_GERMAN_LK401AG_TW). The problem can also occur with other keyboard and/or language changes, when the user selects a sequence of keyboard maps/languages which force the Mode_switch modifier into the mod4 or mod5 entry in the keyboard modifier map. This happens in response to the user selecting a keyboard map in the Keyboard Options popup window that uses the Mode_switch modifier.

To verify the position of the Mode_switch modifier in the keyboard modifier map, use the following commands:

$ XMODMAP :== $DECW$UTILS:XMODMAP.EXE
$ XMODMAP
xmodmap:  up to 3 keys per modifier, (keycodes in parentheses):

shift       Shift_R (0xab),  Shift_L (0xae)
lock        Caps_Lock (0xb0)
control     Control_L (0xaf)
mod1        Alt_L (0xac),  Alt_R (0xb2)
mod2        Mode_switch (0xb1)
mod3        Multi_key (0xad)
mod4        Mode_switch (0x7a)
mod5        Help (0x7c)

As a workaround, change the modifier mapping after selecting the keyboard map by using the DECW$UTILS:XMODMAP.EXE utility.

1. Create a file, which when passed to XMODMAP, clears the keyboard modifier map and remaps the Mode_switch to a lower entry in the keyboard modifier map:

   clear shift clear lock clear control clear mod1 clear mod2 clear mod3 clear mod4 clear mod5 add shift = Shift_R Shift_L add lock = Caps_Lock add control = Control_L add mod1 = Alt_R Alt_L add mod2 = Multi_key add mod3 = Mode_switch add mod5 = Help

2. Pass the file to XMODMAP using the following commands:

   $ XMODMAP :== $DECW$UTILS:XMODMAP.EXE $ XMODMAP XMODMAPRC.DAT

The following sections contain release notes pertaining to the management of the Low-Bandwidth X (LBX) proxy server and related proxy applications.