HP OpenVMS Systems Documentation
HP TCP/IP Services for OpenVMS
The SMTP receiver process is made persistent so that it does not die
after receiving each mail. Prior to Version 5.7, for each new mail, a
new SMTP receiver process was created and it died after receiving the
mail. Starting with Version 5.7, each receiver process services
multiple incoming mails as configured.
22.214.171.124 Configurable parameters
Following are the configurable parameters used in SMTP persistent receiver:
HP TCP/IP Services for OpenVMS, Version 5.7 supports all the POP configurable fields through the TCPIP$POP.CONF file, except the POP tracing logical names.
The existing configuration based on logical names is obsolete. The POP
rollover tool, TCPIP$POP_V57_ROLLOVER.EXE, can be used to upgrade the
TCP/IP software to Version 5.7. Up on upgrade, the POP startup
procedure will automatically change over to new ASCII file-based
configuration method. It will create TCPIP$POP.CONF file in
SYS$SYSDEVICE:[TCPIP$POP] directory. Up on successful rollover,
SYS$MANAGER:TCPIP$POP_V57_ROLLOVER.FLG will be created.
Include the appropriate POP configuration parameters in this file. The
configuration template file, TCPIP$POP.CONF_TEMPLATE, contains the
description of all the POP configurable parameters and its usage.
1.2.8 POP server support for external authentication
POP Server support for external authentication adds the capability to POP clients to authenticate an user on an OpenVMS system. The POP server uses the SYS$ACM system service that provides this capability.
OpenVMS Authentication and Credentials Management Extensions (ACME) subsystem provides the authentication services.
The new configuration parameter, No-SYSACM-User-Pass, is added to support the Username and Password authentication on the ACME agents. The ACME agents can be VMS native authentication extensions or any other Agents such as LDAP, which can authenticate the VMS user externally. When you configure the POP to make use of POP external authentication, you must ensure that the ACME agents are up and running.
No-SYSACM-User-Pass can be assigned with 0 or 1 as follows:
No-SYSACM-User-Pass: <Boolean Value>
Where: <Boolean Value> is either:
By default, the No-SYSACM-User-Pass is set to TRUE, that is, the POP server is configured to use the native VMS authentication using SYS$GETUAI.
The external authentication using $ACM support for APOP shared secret string authentication is not provided.
This chapter includes notes and changes made to the installation and
configuration of TCP/IP Services, as well as startup and shutdown
procedures. Use this chapter in conjunction with the HP TCP/IP Services for OpenVMS Installation and Configuration
2.1 Installing Over V5.3 Early Adopter's Kits (EAKs)
If you have installed one or more of the following V5.3 EAKs, you must use the PCSI REMOVE command to remove the EAKs before you install TCP/IP Services V5.7:
If you install the current TCP/IP Services version after removing the failSAFE IP EAK, you must run TCPIP$CONFIG.COM to reestablish your target and home interfaces.
Upgrading from versions prior to V5.0 has not been qualified for this
2.3 Adding a system to an OpenVMS Cluster
The TCPIP$CONFIG.COM configuration procedure for TCP/IP Services Version 5.6 creates OpenVMS accounts using larger system parameter values than in previous versions. Only new accounts get these larger values. These values are useful on OpenVMS Alpha systems but essential on OpenVMS I64 systems.
To have your OpenVMS I64 system join an OpenVMS Cluster as a TCP/IP host, HP recommends adding the system to the cluster before you configure TCP/IP Services. The guidelines in Section 2.3.1 assume you have followed this recommendation.
If you configure TCP/IP Services before you add the system to a cluster,
see Section 2.3.2.
2.3.1 Running a newly configured host on the Cluster
The following recommendations assume you are configuring TCP/IP Services on the system after having added the system to the OpenVMS Cluster.
If TCP/IP Services has previously been installed on the cluster and you encounter problems running a TCP/IP component on the system, modify the cluster System Authorization File (SYSUAF) to raise the parameter values for the account used by the affected component. The minimum recommended values are listed in Table 2-1.
The IMAP, DHCP, and XDM components can exhibit account parameter
problems if the value assigned to PGFLQUOTA or to any of the other
listed parameters is too low. Use the OpenVMS AUTHORIZE utility to
modify SYSUAF parameters. For more information, see HP OpenVMS System Management Utilities Reference Manual: A-L.
2.3.2 Configuring TCP/IP Services before adding the system to the Cluster
If you configure TCP/IP Services before you add the system to a cluster,
when you add the system to the cluster the owning UIC for each of the
TCP/IP service SYS$LOGIN directories (TCPIP$service-name,
where service-name is the name of the service) may be
incorrect. Use the OpenVMS AUTHORIZE utility to correct these UICs.
2.3.3 Disabling or enabling SSH server
When you use the TCPIP$CONFIG.COM configuration procedure to disable or enable the SSH server, the following prompt is displayed:
* Create a new default Server host key? [YES]:
Unless you have a specific reason for creating a new default server
host key, you should enter "N" at this prompt. If you accept the
default, clients with the old key will need to obtain the new key. For
more information, see Section 3.15.6.
2.4 SSH configuration files must be updated
Note that this section refers to upgrades from a version prior to V5.4 ECO.
The SSH client and server on this version of TCP/IP Services cannot use configuration files from previous versions of SSH.
If the SSH client and server detect systemwide configuration files from an older version of SSH, the client and server will fail to start. The client will display the following warning message, and the server will write the following warning message to the SSH_RUN.LOG file:
You may have an old style configuration file. Please follow the instructions in the release notes to use the new configuration files.
If the SSH client detects a user-specific configuration file from an older version of SSH, the SSH client will display the warning and will allow the user to proceed.
To preserve the modifications made to the SSH server configuration file and the SSH client configuration file, you must edit the templates provided with the new version of SSH, as follows:
$ LIBRARY/EXTRACT=SSH2_CONFIG SYS$LIBRARY:TCPIP$TEMPLATES.TLB - _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG. $ LIBRARY/EXTRACT=SSHD2_CONFIG SYS$LIBRARY:TCPIP$TEMPLATES.TLB - _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG.
$ @SYS$STARTUP:SSH_STARTUP.COM $ @SYS$STARTUP:SSH_CLIENT_STARTUP.COM
If SMTP or LPD shutdown generates errors indicating that the queue manager is not running, check your site-specific shutdown command procedure (VMS_SYSHUTDOWN.COM). If this procedure contains the command to stop the queue manager (STOP/QUEUE/MANAGER), make sure this command is after the command that runs the TCPIP$SHUTDOWN.COM command procedure.
You do not have to stop the queue manager explicitly. The queue manager is automatically stopped and started when you restart the system.
This chapter provides information about problems and restrictions in
the current version of TCP/IP Services, and also includes other
information specific to a particular command or service, such as
changes in command syntax or messages.
3.1 IP Security
The IP Security (IPSec) feature that is included with this kit is not
currently supported. HP recommends that you must not use IPSec in a
3.2 Dnssec_signzone utility may hang
utility may hang when invoked from a foreign symbol. The utility will
neither exhibit this behavior when it is executed from the command line
using a foreign symbol or MCR, nor when the
option is used to specify a source of entropy.
3.3 COPY /FTP restriction
COPY /FTP does not properly support ODS-5 filesystem files.
3.4 OpenVMS Mails
OpenVMS mails sent to a distribution list, to an invalid remote
addresses does not get bounced. However, the mail to an invalid local
address gets bounced.
3.5 Netstat utility
An IP address added to a tunnel interface cannot be seen with ifconfig.
The new address cannot be seen unless you execute
3.6 SMTP configured for cluster awareness
If SMTP is configured for cluster awareness, the disk on which the SMTP
configuration files are saved must be mounted before the TCP/IP
software is started. The system will hang up on TCP/IP startup, if the
disk is not mounted.
3.7 Manually configuring an interface as DHCP leads to startup problems
Manually configuring an interface to be managed via DHCP may lead to an
error, TCPIP-E-DEFINTE, when starting TCP/IP. This causes TCP/IP to not
start properly. To work around this problem, shutdown TCP/IP, then on
the interface that was manually configured as DHCP, issue the following
$ tcpip set config inter ifname/PRIMARY
Now restart TCP/IP.
3.8 SLIP restrictions
The serial line IP protocol (SLIP) is not supported in this release.
3.9 Advanced Programming Environment restrictions and guidelines
The header files provided in TCPIP$EXAMPLES are provided as part of the advanced TCP/IP programming environment. The following list describes restrictions and guidelines for using them:
BIND Version 9 has the following restrictions:
BIND_CHECKCONF BIND_CHECKZONE DIG DNSSEC_KEYGEN DNSSEC_SIGNZONE HOST NSUPDATE RNDC_CONFGEN
The following sections describe restrictions in the use of IPv6.
3.11.1 Mobile IPv6 restrictions
Mobile IPv6 is not supported in this release.
3.11.2 IPv6 requires the BIND Resolver
If you are using IPv6, you must enable the BIND resolver. To enable the BIND resolver, use the TCPIP$CONFIG.COM command procedure. From the Core environment menu, select BIND Resolver.
You must specify the BIND server to enable the BIND resolver. If you do not have access to a BIND server, specify the node address 127.0.0.1 as your BIND server.
The following restrictions apply to the NFS server:
%TCPIP-E-NFS_BFSCAL, operation MOUNT_POINT failed on file /dev/dir
%TCPIP-S-NFS_MNTSUC, mounted file system /dev/dir
$ TCPIP MOUNT DNFS4:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE
Execute the mount commands such that the device numbers are sequential.
For example, instead of the following set of commands:
$ TCPIP MOUNT DNFS3:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE $ TCPIP MOUNT DNFS2:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE $ TCPIP MOUNT DNFS1:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE
$ TCPIP MOUNT DNFS1:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE $ TCPIP MOUNT DNFS2:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE $ TCPIP MOUNT DNFS3:[<directory>]/HOST=<host-name> /PATH=<path-name>/SUPER/PROCESSOR=UNIQUE
The NTP server has a stratum limit of 15. The server does not synchronize to any time server that reports a stratum of 15 or greater. This may cause problems if you try to synchronize to a server running the UCX NTP server, if that server has been designated as "free running" (with the local-master command). For proper operation, the local-master designation must be specified with a stratum no greater than 14.