[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP TCP/IP Services for OpenVMS
Release Notes


Previous Contents

4.21.56 Weak password and system-dictionary checking does not happen

Problem:

During a forced password change, the SSH server does not perform weak password checking or system-dictionary checking on the proposed new password.

Solution:

This problem is corrected in this release.

4.21.57 SSH login via public key authentication may fail

Problem:

Although the expired password is not used, an SSH login via public key authentication may fail, if the target user has the DISFORCE_PWD_CHANGE flag set or improperly set the PWD_EXPIRED or PWD_EXPIRED2 flag.

Solution:

This problem is corrected in this release.

4.21.58 LCD command in SFTP fails with "CD failed"

Problem:

The LCD command in SFTP fails with a CD failed error if not connected to a remote SFTP server, although it should have been possible to change the local directory. Also, the CD command returns the same error when an OpenVMS-style directory specification is used while connecting to a non-OpenVMS server.

Solution:

This problem is corrected in this release.

4.21.59 error and command messages to stderr (SYS$ERROR) and stdout (SYS$OUTPUT)

Problem:

The SFTP client fails to properly direct error and command messages to stderr (SYS$ERROR) and stdout (SYS$OUTPUT) as appropriate.

Solution:

This problem is corrected in this release.

4.21.60 Data appears to be truncated on the remote end

Problem:

The SFTP and SCP utilities are not properly "put"ing fixed record format files to non-VMS systems. The data appears to be truncated on the remote end.

Solution:

This problem is corrected in this release.

4.21.61 Spurious debug messages at the end of an SFTP log file

Problem:

Spurious debug messages appear at the end of an SFTP log file.

Solution:

This problem is corrected in this release.

4.21.62 Authentication failure when trying to connect to HP ProLiant iLO mpSSH Server

Problem:

Authentication fails when attempting to use the OpenVMS SSH client to connect to an HP ProLiant iLO mpSSH Server.

Solution:

This problem is corrected in this release.

4.21.63 Only the first 3 IdKeys are processed

Problem:

When using SSH with public key authentication, only the first 3 IdKeys are processed from the IDENTIFICATION file.

Solution:

This problem is corrected in this release.

4.21.64 lcd to logical name specification restrictions

Problem:

  • When SFTPed to a UNIX system, lcd to a logical name specification works for the first time, but subsequent attempts to lcd to any logical name may fail.
  • When SFTPed to an OpenVMS or UNIX system, lcd to a logical name specification followed by an lcd to a directory specification in OpenVMS syntax (For example, [.tmp]) may fail with the following error:


    Warning: chdir(/sys$login/./tmp) errno = 2  PWD failed. 
    

Solution:

This problem is corrected in this release.

4.21.65 Port forwarding fails if ResolveClientHostName is set to "no"

Problem:

SSH port forwarding fails if the SSHD2_CONFIG. option ResolveClientHostName is set to "no".

Solution:

This problem is corrected in this release.

4.21.66 Transferring large number of files using SFTP

Problem:

Transferring a very large number of files using SFTP can result in a memory allocation error and displays the following error:


"Not enough memory" 
or 
TCPIP-F-SSH_ALLOC_ERROR
due to a memory leak. 

Solution:

This problem is corrected in this release.

4.21.67 SSH connection requests are handled as NETWORK access

Problem:

All the various types of SSH connection requests (For example, SSH interactive sessions, single command mode, SFTP) are handled as NETWORK access, instead of differentiating by session type.

Solution:

This problem is corrected in this release.

4.21.68 UAF account expiry is not notified

Problem:

If an UAF account has "expired", SSH does not properly notify the user. It also logs an inappropriate intrusion record when a valid but expired password is presented.

Solution:

This problem is corrected in this release.

4.21.69 Characters from extended character set are allowed

Problem:

Although the UAF flag PWDMIX is not set, SSH allows characters from the extended character set to be used when creating a password during an expired password change event.

Solution:

This problem is corrected in this release.

4.21.70 Accessing files via SFTP causes excessive Security alarms

Problem:

Accessing files via SFTP causes excessive Security alarms in the Audit log complaining that EXECUTE access is required for the SYSUAF.DAT file.

Solution:

This problem is corrected in this release.

4.21.71 SYS$ANNOUNCE message displayed after login

Problem:

The SYS$ANNOUNCE message is displayed after login, and display of the SYS$WELCOME message is not implemented.

Solution:

This problem is corrected in this release.

4.21.72 "ls -l" and the "rename" command with wildcards fails

Problem:

Using the SFTP ls -l and the rename command with wildcards (*) fails when the specified name was a directory.

Solution:

This problem is corrected in this release.

4.21.73 Opening a second Tectia SSH client

Problem:

Attempts to open a second Tectia SSH client session may result in both sessions getting disconnected.

Solution:

This problem is corrected in this release.

4.21.74 Server process crashes while listing files

Problem:

The SFTP Server process crashes while listing files, if any one the listed file owner name is equal to greater than the OpenVMS maximum allowable length, that is, 12 characters.

Solution:

This problem is corrected in this release.

4.22 SYSCONFIG problems fixed in this release

The following section describes SYSCONFIG problems fixed in this release.

4.22.1 Sysconfigdb generates incorrect error message

Problem:

The sysconfigdb command generates a %SYSTEM-F-SSFAIL, system service failure exception instead of exiting gracefully upon detecting an error.

Solution:

This problem is corrected in this release.

4.23 TCPDUMP problems fixed in this release

The following section describes TCPDUMP problems fixed in this release.

4.23.1 TCPDUMP exits with a success status when invalid arguments are passed

Problem:

Although, invalid command line arguments are passed, TCPDUMP may exit with a success status. It must exit with something more descriptive, such as %SYSTEM-E-ABORT (condition code 42).

Solution:

This problem is corrected in this release.

4.24 TELNET problems fixed in this release

The following section describes TELNET problems fixed in this release.

4.24.1 Arbitrary characters received on the TELNET server

Problem:

Arbitrary characters are received on TELNET server when used in binary mode.

Solution:

This problem is fixed in this release.

4.24.2 Quoted character gets dropped

Problem:

Binary telnet session occasionally drops quoted character.

Solution:

This problem is corrected in this release.

4.24.3 User authorization failure

Problem:

When you establish a telnet session in a binary mode to an OpenVMSvms host by entering Ctrl-U+Username followed by Ctrl-U+password, it results in a user authorization failure.

Solution:

This problem is corrected in this release.

4.24.4 Destination address is not set correctly

Problem:

The destination address associated with an outbound TN device is not always set correctly.

Solution:

This problem is corrected in this release.

4.24.5 Allocating a freshly-created outbound TN device

Problem:

Allocating a freshly-created outbound TN device is not possible because the device is initially marked as mounted. The message SYSTEM-F-DEVMOUNT, device is already mounted may result from an attempt to use the DCL ALLOCATE command.

Solution:

This problem is corrected in this release.

4.24.6 "INVEXCEPTN @SMP$ACQUIRE_C + 00034" error displayed

Problem:

The system crashes with the following message:


 INVEXCEPTN @SMP$ACQUIRE_C + 00034. 

Solution:

This problem is corrected in this release.

4.24.7 Logins blocked after the seed for TN devices exceeding 9999

Problem:

Further logins are blocked after the seed for TN devices exceeds 9999.

Solution:

This problem is corrected in this release.

4.24.8 TN3270 users receive an error message

Problem:

TN3270 users receive an error message while attempting to load the translation table file.

Solution:

This problem is corrected in this release.

4.24.9 OpenVMS telnet client echoes the password

Problem:

OpenVMS telnet client echoes the password, when you try to login to a Linux busybox telnet server from an OpenVMS system.

Solution:

This problem is corrected in this release.

4.25 TFTP problems fixed in this release

The following section describes TFTP problems fixed in this release.

4.25.1 TFTP server randomly exits in between a file transfer

Problem:

To boot diskless systems, the TFTP server is used to fetch the boot files from the server. When an OpenVMS system tries to boot by first fetching the files from the TFTP server, it works as expected. But when this same operation is performed by multiple systems, random failures are observed in the file transfer.

Solution:

This problem is corrected in this release.

4.26 User Control Program problems fixed in this release

The following section describes User Control Program problems fixed in this release.

4.26.1 Enabling the 128th service using CONFIG ENABLE SERVICE

Problem:

A maximum of 127 new services can be created using TCPIP> CONFIG ENABLE SERVICE On enabling the 128th service, the following error message is displayed:


 %TCPIP-E-CONFIGERROR,   error processing configuration request 
 %TCPIP-E-TOOMANYSERV, database already has maximum number of 

Solution:

This problem is fixed in this release.

4.26.2 Entering a long domain name may trigger a failure while configuring TCPIP

Problem:

While executing TCPIP$CONFIG.COM in an attempt to initially configure TCPIP, entering a very long domain name may trigger a failure, making it impossible to configure the system. The underlying cause was a failing TCPIP SHOW CONFIGURATION COMMUNICATION /OUTPUT=filename command, which had an 80-character line length limitation.

Solution:

This problem is corrected in this release.

4.26.3 TCPIP SHOW COMMUNICATION truncates its output

Problem:

The TCPIP SHOW COMMUNICATION command truncates its output when the domain name is more than 29 characters long.

Solution:

This problem is corrected in this release.

4.26.4 SET NAME_SERVICE /INITIALIZE /CLUSTER fails to find TCPIP$BIND_RUNNING_*.DAT;*

Problem:

The SET NAME_SERVICE /INITIALIZE /CLUSTER command attempts to find the file TCPIP$BIND_RUNNING_*.DAT;* but fails because the semantics of the TCPIP$BIND_COMMON logical name have changed.

Solution:

This problem is corrected in this release.

4.26.5 TCPIP SHOW DEVICE_SOCKET output is not properly formatted

Problem:

When used with the DCL command PIPE , the output from a TCPIP SHOW DEVICE_SOCKET command is not properly formatted.

Solution:

This problem is corrected in this release.


Chapter 5
Documentation Update

This chapter describes updates to the information in the TCP/IP Services product documentation.

This information will be supplied in the final release of TCP/IP Services.

5.1 Documentation Not Being Updated for This Release

The following manuals are not updated for TCP/IP Services Version 5.7. Documentation changes planned for these manuals are indicated:

  • TCP/IP Services for OpenVMS Installation and Configuration
  • TCP/IP Services for OpenVMS Management Guide
  • TCP/IP Services for OpenVMS Guide to SSH
  • TCP/IP Services for OpenVMS Concepts and Planning
  • TCP/IP Services for OpenVMS Management Command Reference
  • TCP/IP Services for OpenVMS Management Command Quick Reference Card
  • TCP/IP Services for OpenVMS ONC RPC Programming
  • TCP/IP Services for OpenVMS Sockets API and System Services Programming
  • TCP/IP Services for OpenVMS Tuning and Troubleshooting
  • TCP/IP Services for OpenVMS User's Guide

5.2 Documentation Errata

The following section describes the documentation updates and errata for TCP/IP documentation set:

  • Point-to-Point Protocol Support
    The HP TCP/IP Services for OpenVMS Management manual specifies that Point-to-Point Protocol (PPP) is supported only on Alpha systems. This feature is now supported on both OpenVMS Integrity servers and Alpha systems.
  • REPLY /ENABLE=NETWORK command
    In the HP TCP/IP Services for OpenVMS Management manual (page 24-13), Section 24.10, Receiving LPR/LPD OPCOM Messages, the following command used to receive the notifications:


    $ TCPIP SET SERVICE LPD /LOG=option 
    $ REPLY /ENABLE=OPCOM 
    

    stands corrected as


    $ TCPIP SET SERVICE LPD /LOG=option 
    $ REPLY /ENABLE=NETWORK 
    
  • Default value for TCP_KEEPIDLE
    In the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming manual (page A-3) and TCP/IP Help, the /PROBE_IDLE setting corresponds to three different sysconfig parameters: TCP_KEEPINIT, TCP_KEEPINTVL, and TCP_KEEPIDLE. The default value for TCP_KEEPIDLE was mentioned as 75 seconds. The default value for TCP_KEEPIDLE is now increased to 2 hrs, which is on par with the RFC requirement, and the default value for TCP_KEEPINIT and TCP_KEEPINTVL remains same, which is 75 seconds.
  • SSH_KEYGEN -e Command Option Converts OpenSSH-based Public Key to OpenVMS Format
    If you want to enable public-key authentication on an OpenVMS system by copying the public key generated from a Linux (or other OpenSSH-based) system instead of generating the pair of keys using the OpenVMS ssh-keygen utility, use the -e qualifier to convert the public key before you transfer it to the OpenVMS system. OpenSSH-based systems, such as the typical Linux system, use their own file format for SSH keys.
    For example:


    % ssh_keygen -e -f public-key > openvms-format-public-key 
    

    The -e qualifier has been inadvertently omitted from the HP TCP/IP Services for OpenVMS Guide to SSH Section, Using the SSH_KEYGEN Utility (page 46).


Appendix A
LPD/LPR Configuration

This appendix illustrates how to configure LPD/LPR jobs from a local host to a remote system.

A.1 Configuring LPD job from local host to the remote system

The print jobs must be submitted from local host, "HOSTA", to the remote system, "HOSTB".

To configure the LPD jobs from a local host to the remote system, where the LPD server is not listening on default port (515), complete the following steps:

  1. On "HOSTA", setup the printcap entry for the printer in the TCPIP$PRINTCAP.DAT file as follows:


    LOOP_BOGUS_P_1|loop_bogus_p_1:\
            :lf=/TCPIP$LPD_ROOT/000000/LOOP_BOGUS_P_1.LOG:\
            :lp=LOOP_BOGUS_P_1:\
            :rm=hostb.hp.com:\
            :rp=bogus_p_1:\
            :rt=1234:\
            :sd=/TCPIP$LPD_ROOT/LOOP_BOGUS_P_1: 
    
  2. On "HOSTB", configure the LPD receiver to listen on port 1234. Manually define another service database entry that is same as LPD. Use the standard procedure to set and enable the service.

A.2 Configuring LPD job from local host to the remote system over the SSH tunnel

The print jobs are submitted from "HOSTA" to the remote system, "HOSTB". The LPD receiver is running on HOSTB listening to default port or any other configured port. The encrypting SSH tunnel is established between HOSTA's port (rt) and HOSTB's port on which the LPD receiver is listening.

To configure LPD jobs from a local host to a remote system over the SSH tunnel, complete the following steps:

  1. On "HOSTA", setup the printcap entry for the printer in the TCPIP$PRINTCAP.DAT file as follows:


    LOOP_BOGUS_P_1|loop_bogus_p_1:\
            :lf=/TCPIP$LPD_ROOT/000000/LOOP_BOGUS_P_1.LOG:\
            :lp=LOOP_BOGUS_P_1:\
            :rm=localhost:\
            :rp=bogus_p_1:\
            :rt=1234:\
            :sd=/TCPIP$LPD_ROOT/LOOP_BOGUS_P_1: 
    

    Note that the rm field is set to "localhost".
  2. On "HOSTB", using the standard LPD configuration procedure, configure the LPD receiver listening on port 515.
    Or
    If the you want to configure LPD on a port other than the default port, manually define another service database entry that is the same as LPD.
  3. Run the SSH command on "HOSTA" to establish the SSH tunnel between the local port and remote port. For example, if the rt is 1234 on the local host and the remote port is "515" on which the LPD server is listening, use the following command to establish the SSH tunnel:


    SSH -"L"1234:localhost:515 hostb.hp.com 
    

Previous Contents Contents