TCPware V5.7-2 Release Notes December 2005 This document contains a list of new features and bug fixes that have been made since TCPware V5.6-2 and TCPware 5.7-1. Revision/Update Information: This document supersedes the TCP- ware V5.6-2 Release Notes Operating System and Version: VAX/VMS V5.5-2 or later, OpenVMS VAX V6.0 or later; OpenVMS Alpha V6.1 or later; OpenVMS I64 V8.2 or later; __________ Copyright ©2005 Process Software, LLC. Unpublished - all rights reserved under the copyright laws of the United States No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means electronic, mechanical, magnetic, optical, or otherwise without the prior written permission of: Process Software, LLC 959 Concord Street Framingham, MA 01701-4682 USA Voice: +1 508 879 6994; FAX: +1 508 879 0042 info@process.com Process Software, LLC ("Process") makes no representations or warranties with respect to the contents hereof and specifi- cally disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Process Soft- ware reserves the right to revise this publication and to make changes from time to time in the content hereof without obliga- tion of Process Software to notify any person of such revision or changes. Alpha AXP, AXP, MicroVAX, OpenVMS, OpenVMS I64, VAX, VAX Notes, VMScluster, and VMS are registered trademarks of Hewlett-Packard Corporation. Intel and Itanium are trademarks or registered trademarks of Intel Corporation. Kerberos. Copyright © 1989, DES.C and PCBC_ENCRYPT.C Copy- right © 1985, 1986, 1987, 1988 by Massachusetts Institute of Technology. Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permis- sion to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this per- mission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. MultiNet is a registered trademark of Process Software. Secure Shell (SSH). Copyright © 2000. This License agreement, including the Exhibits (Agreement), effective as of the lat- ter date of execution (Effective Date), is hereby made by and between Data Fellows, Inc., a California corporation, hav- ing principal offices at 675 N. First Street, 8th floor, San Jose, CA 95112170 (Data Fellows) and Process Software, LLC, having a place of business at 959 Concord Street, Framingham, MA 01701 (OEM). TCPware is a registered trademark of Process Software. UNIX is a trademark of UNIX System Laboratories, Inc. All other trademarks, service marks, registered trademarks, or registered service marks mentioned in this document are the property of their respective holders. Copyright ©1997, 1998, 1999, 2000 Process Software Corpora- tion. All rights reserved. Printed in USA. Copyright ©2000, 2001, 2002, 2004, 2005 Process Soft- ware, LLC. All rights reserved. Printed in USA. If the examples of URLs, domain names, internet addresses, and web sites we use in this documentation reflect any that actually exist, it is not intentional and should not be considered an endorsement, approval, or recommendation of the actual site, or any products or services located at any such site by Process Software. Any resemblance or duplication is strictly coincidental. iii CONTENTS Chapter 1 INTRODUCTION................................... 1 1.1 Typographical Conventions.......................... 1 1.2 Obtaining Technical Support........................ 2 1.2.1 Before Contacting Technical Support............. 2 1.2.2 Sending Electronic Mail......................... 3 1.2.3 Calling Technical Support....................... 3 1.2.4 Contacting Technical Support by Fax............. 4 1.3 Obtaining Online Help.............................. 4 1.4 TCPware Frequently Asked Questions (FAQs) List..... 4 1.5 Accessing the TCPware Public Mailing List.......... 5 1.6 Process Software World Wide Web Server............. 5 1.7 Obtaining Software Patches over the Internet....... 5 1.8 Documentation Comments............................. 6 1.9 CD-ROM Contents.................................... 7 1.9.1 Online Documentation............................ 7 1.9.1.1 PDF Format................................... 7 1.9.1.2 Using Acrobat Reader......................... 8 1.9.1.3 Using XPDF................................... 8 Chapter 2 CHANGES AND ENHANCEMENTS....................... 11 2.1 New Features....................................... 11 2.2 Note Concerning Kerberos V5........................ 11 2.3 Note Concerning NETware............................ 11 2.4 Notes Concerning SSH............................... 12 2.5 XNTP/NTP Changes................................... 12 2.6 Disk Space Requirements............................ 12 2.7 Disabled Services.................................. 13 2.8 Converted Services................................. 13 2.9 Note Concerning FTP Changes........................ 13 2.10 Enhancements...................................... 13 2.11 Fixed Problems.................................... 17 iii Chapter 3 DOCUMENTATION UPDATES.......................... 33 3.1 TCPware V5.7....................................... 33 TABLES 1 Typographical Conventions......................... 1 2 System Information................................ 3 3 Disk Space Requirements........................... 12 iv CHAPTER 1 INTRODUCTION These Release Notes describe the changes and enhancements made to the TCPware product in version 5.7-1 and version 5.7-2. This chapter describes conventions used in the TCPware docu- mentation set and the various methods to contact and receive technical support. o For information about product changes and enhancements in the TCPware V5.7 TCPware Consolidated Distribution, refer to Chapter 2 of these Release Notes. o For information about changes to the documentation set, refer to Chapter 3 of these Release Notes. 1.1 Typographical Conventions Examples in these Release Notes use the following conventions: ________________________________________________________________ Table_1:__Typographical_Conventions_____________________________ Convention_________Example____________Meaning___________________ Angle brackets Represents a key on your keyboard. Angle brackets Indicates that you hold with a slash down the key labeled or while simultaneously pressing another key; in this example, the A key. Square brackets [FULL] Indicates optional choices; you can enter none of the choices, or as many as you like. When shown as part of an ex- ample, square brackets are actual characters you should type. Underscore or file_name or Between words in commands, hyphen file-name indicates the item is a ______________________________________single_element.___________ Introduction 1 1.2 Obtaining Technical Support Process Software provides technical support if you have a cur- rent Maintenance Service Agreement. If you obtained TCPware from an authorized distributor or partner, you receive your technical support directly from them. You can contact Technical Support by: o Sending electronic mail (Section 1.2.2) o Calling Technical Support (Section 1.2.3) o Faxing a description of your problem to the Technical Support Group (Section 1.2.4) 1.2.1 Before Contacting Technical Support Before you call, or send email or a fax: 1. Verify that your Maintenance Service Agreement is current. 2. Read the online Release Notes completely. 3. Have the following information available: o Your name o Your company name o Your email address o Your voice and fax telephone numbers o Your Maintenance Contract Number o OpenVMS architecture o OpenVMS version o TCPware layered products and versions 4. Have complete information about your configuration, error messages that appeared, and problem specifics. 5. Be prepared to let a development engineer connect to your system, either with TELNET or by dialing in using a modem. Be prepared to give the engineer access to a privileged account to diagnose your problem. You can obtain information about your OpenVMS architecture, OpenVMS version, TCPware version, and layered products with the NETCU SHOW VERSION command. Execute the following command on a fully loaded system and email the output to support@process.com: $ NETCU SHOW VERSION TCPware(R) V5.7-2 Copyright (c) 2005 Process Software OpenVMS version V8.2 booted on 28-NOV-2005 21:03:30.00, running on a HP rx2600 (1.30GHz/3.0MB). MAS number: 12345 2 Introduction In this example: The machine or system architecture is I64. The OpenVMS version is V8.2. The TCPware version is V5.7. Use the following table as a template to record the relevant information about your system: ________________________________________________________________ Table_2:__System_Information____________________________________ Required_Information_________________Your_System_Information____ Your name Company name Your email address Your voice and fax telephone numbers System architecture VAX or Alpha OpenVMS version TCPware_version_________________________________________________ Please provide information about installed TCPware applications and patch kits, by sending a copy of TCPWARE:TCPWARE_VERSION.; file. 1.2.2 Sending Electronic Mail For many questions, electronic mail is the preferred communica- tion method. Technical Support via electronic mail is available to customers with a current support contract. Send electronic mail to support@process.com. At the beginning of your mail message, include the information listed in Section 1.2.1. Continue with the description of your situation and problem specifics. Include all relevant information to help your Techni- cal Support Specialist process and track your electronic support request. Electronic mail is answered within the desired goal of two hours, during our normal business hours, Monday through Friday from 8:30 a.m. to 5:00 p.m., United States Eastern Time. 1.2.3 Calling Technical Support For regular support issues, call 800-394-8700 or 508-628-5074 for support Monday through Friday from 8:30 a.m. to 7:00 p.m., United States Eastern Time. Introduction 3 For our customers in North America with critical problems, an option for support 7 days per week, 24 hours per day is available at an additional charge. Please contact your Account Representative for further details. Before calling, have available the information described in Sec- tion 1.2.1. When you call, you will be connected to a Technical Support Specialist. Be prepared to discuss problem specifics with your Technical Support Specialist and to let that person connect to your sys- tem. If our Support Specialists are assisting other customers and you are put on hold, please stay on the line. Most calls are answered in less than five minutes. If you cannot wait for a Specialist to take your call, please take advantage of our automatic call logging feature by sending email to sup- port@process.com (see the Section on Sending Electronic Mail). 1.2.4 Contacting Technical Support by Fax You can send transmissions directly to Technical Support at 508-879-0042. Before faxing comments or questions, complete the steps in Section 1.2.1 and include all your system information at the beginning of your fax message. Continue with the description of your situation and problem specifics. Include all relevant information to help your Technical Support Specialist process and track your fax support request. Faxed questions are answered Monday through Friday from 8:30 a.m. to 7:00 p.m., United States Eastern Time. 1.3 Obtaining Online Help Extensive information about TCPware is provided in the TCPware help library. For more information, enter the following command: $ HELP TCPWARE 1.4 TCPware Frequently Asked Questions (FAQs) List You can obtain an updated list of frequently asked questions (FAQs) and answers about Process Software products from the Process Software home page located at http://www.process.com. Choose the Service & Support link to access useful information on FAQs and patch ECOs. 4 Introduction 1.5 Accessing the TCPware Public Mailing List Process Software maintains two public mailing lists for TCPware customers: o Info-TCPware@process.com o TCPware-Announce@process.com The Info-TCPware@process.com mailing list is a forum for dis- cussion among TCPware system managers and programmers. Ques- tions and problems regarding TCPware can be posted for a re- sponse by any of the subscribers. To subscribe to Info-TCPware, send a mail message with the word SUBSCRIBE in the body to Info-TCPware-request@process.com. The information exchanged over Info-TCPware is also available via the USENET newsgroup vmsnet.networks.tcp-ip.tcpware. You can retrieve the Info-TCPware archives by anonymous FTP to ftp.tcpware.process.com. The archives are located in the directory [MAIL_ARCHIVES.INFO-TCPWARE]. The TCPware-Announce@process.com mailing list is a one-way communication (from Process Software to you) used to post an- nouncements relating to TCPware (patch releases, product re- leases, etc.). To subscribe to TCPware-Announce, send a mail message with the word SUBSCRIBE in the body to TCPware-Announce- request@process.com. 1.6 Process Software World Wide Web Server Electronic support is provided through the Process Software web site which you can access with any World Wide Web browser; the URL is http://www.process.com (select Service & Support). 1.7 Obtaining Software Patches over the Internet Process Software provides software patches in save set and ZIP format on its anonymous FTP server, ftp.tcpware.process.com. For the location of software patches, read the .WELCOME file in the top-level anonymous directory. This file refers you to the directories containing software patches. To retrieve a software patch, enter the following commands: $ FTP FTP.TCPWARE.PROCESS.COM ANONYMOUS password where password is your email address. A message welcoming you to the Process Software FTP directory appears next followed by the FTP prompt. Enter the following at the FTP prompt: FTP>CD [.SUPPORT.xx_x] FTP>GET update_filename Introduction 5 In these commands: xxx is the version of TCPware you want to transfer update_filename is the name of the file you want to transfer To transfer files from Process Software directly to an OpenVMS system, you can use the GET command without any other FTP com- mands. However, if you need to transfer a software patch through an intermediate non-OpenVMS system, use BINARY mode to transfer the files to and from that system. In addition, if you are retrieving the software patch in save set format, make sure the save set record size is 2048 bytes when you transfer the file from the intermediate system to your OpenVMS system. o If you use the GET command to download the file size from the intermediate system, use the FTP RECORD-SIZE 2048 command before transferring the file. o If you use the PUT command to upload the file to your OpenVMS system, log into the intermediate system and use the FTP quote site rms recsize 2048 command before transferring the file. Process Software also supplies UNZIP utilities for OpenVMS VAX, Alpha and I64 for decompressing ZIP archives in the [SUPPORT] directory. To use ZIP format kits, you need a copy of the UNZIP utility. The following example shows how to use UNZIP utility, assuming you have copied the appropriate version of UNZIP.EXE to your current default directory: $ UNZIP := $SYS$DISK:[]UNZIP.EXE $ UNZIP filename.ZIP Use VMSINSTAL to upgrade your TCPware system with the software patch. 1.8 Documentation Comments Your comments about the information in these Release Notes can help us improve the documentation. If you have corrections or suggestion for improvement, please let us know. Be as specific as possible about your comments: include the exact title of the document, version, date, and page refer- ences as appropriate. You can send your comments by email to techpubs@process.com or mail them to: Process Software 959 Concord Street Framingham, MA 01701-4682 Attention: Marketing Director You can also fax your comments to us at 508-879-0042. Your comments about our documentation are appreciated. 6 Introduction 1.9 CD-ROM Contents The directory structure on the CD is as follows: [TCPWARE057] TCPware Kit [Documentation] PDF format (.pdf) HTML format (.htm) Release Notes [XPDF] [XPDF.AXP] for Alpha images [XPDF.VAX] for VAX images [LYNX] [LYNX.AXP] for Alpha images [LYNX.VAX] for VAX images [VAX55_DECC_RTL] 1.9.1 Online Documentation The TCPware documentation set is available on the product CD in HTML and PDF format. The Release Notes are available on the product CD in text format. 1.9.1.1 PDF Format The TCPware documentation set has the following PDF files: o INSTALL.PDF (Installation and Configuration Guide) o MANAGE.PDF (Management Guide) o NETCU.PDF (NETCU Command Reference) o PROGRAM.PDF (Programmer's Guide) o USER.PDF (User's Guide) The PDF format is readable from a PC, a VAX or an Alpha system. There is a PDF reader for the VAX and Alpha platforms on the TCPware CD. o Use Adobe Acrobat to read the PDF files from a PC. Your PC must have 386 architecture or later to use Adobe Acrobat Reader. You can get Acrobat Reader free from Adobe Systems' Website: www.adobe.com. o Use the XPDF Reader (found in the [XPDF] directory) to read the PDF files from a VAX or Alpha system. The [XPDF.AXP] directory contains the Alpha architecture reader, and the [XPDF.VAX] directory contains the VAX architecture reader. NOTE The XPDF Reader does not work on a PC. Introduction 7 PCs running the Windows or NT operating system cannot read Pro- cess Software's CD. You cannot load files from the MultiNet CD directly to a PC. Load them to your VAX, Alpha or I64 machine, then transfer them to your PC. We suggest using FTP to transfer these files. The following is an example using MS-DOS: C:> ftp node ftp> binary ftp> mget cd:*.pdf In addition, Process Software has included LYNX, the character- cell Web browser for VMS. It is in the [LYNX] directory. 1.9.1.2 Using Acrobat Reader To read the PDF files using Acrobat Reader: 1. Double click Acrobat Exchange. 2. Choose Open from the File menu. 3. Select the .pdf file you want to open. 4. Use the menu bar at the top of the screen to navigate the document, or click a Table of Contents entry (on the left) to go directly to that information. NOTE The binocular icon opens search functions. The magnifying glass icon enlarges the text and illustrations. 1.9.1.3 Using XPDF Thanks to Derek B. Noonburg for letting us download his XPDF application. NOTE You need a three-button mouse to use XPDF. At the DCL prompt from the directory in which the VAX or Alpha XPDF.EXE is stored, do the following: 1. Type RUN XPDF.EXE. The XPDF screen appears. 2. Position the arrow on any of the icons (except the ? icon) on the bottom of the screen. 3. Press the right nouse button to display choices. 4. Select OPEN to display the list of PDF files. 5. Select the PDF file you want, and click OPEN to read the file. 6. Use the icons on the bottom of the screen to search for the information you want. 8 Introduction To view the online help for XPDF: 1. Position the cursor on the question mark (?) icon. 2. Press the left mouse button to open the online help. Introduction 9 CHAPTER 2 CHANGES AND ENHANCEMENTS This chapter describes the changes and enhancements made for TCPware V5.7-1 and TCPware V5.7-2 since TCPware V5.6-2. 2.1 New Features The following are new features for the TCPware 5.7-1 and 5.7-2 releases: o Support for VMS V8.2 - TCPware 5.7-1 provides support for OpenVMS V8.2 on both Alpha and Itanium (I64) platforms. It does not support earlier versions of OpenVMS AXP or OpenVMS VAX. o Full Version Support - TCPware 5.7-2 provides support for all supported versions of OpenVMS VAX, OpenVMS AXP and OpenVMS I64. In addition, it contains fixes for problems found in the TCPware 5.7-1 release. o NFS ODS5 Support - Support has been added to the NFS server to support VMS ODS5 disks. o SSH - The SSH code has been updated to V3.2.9. o NTP - NTP has been upgraded to NTP V4. 2.2 Note Concerning Kerberos V5 TCPware now supports Kerberos V5 for SSH (Alpha and I64 only). Kerberos V5 requires Kerberos for HP OpenVMS (version 2.0), which is available on the HP website for systems earlier than 8.2 (and comes native on VMS 8.2 systems). The Kerberos V5 applications can also run with any Kerberos V5 compliant Key Distribution Center (KDC) software. Kerberos V5 applies to OpenVMS VAX V7.3 or higher, and VMS Alpha V7.2-2 or higher. 2.3 Note Concerning NETware If you want to continue to use NETware with TCPware, do not install TCPware V5.7 on your system. NETware and all NETware- related applications, including management/configuration func- tionality, have been removed. NETware was desupported by TGV prior to 1997. Changes and Enhancements 11 2.4 Notes Concerning SSH o The DEC C 6.0 backport library must be installed on all OpenVMS VAX v5.5-2 and v6.0 systems prior to using SSH. This is the AACRT060.A file, and is found on the TCPware CD in the VAX55_DECC_RTL directory. o If installing TCPware 5.7 on a VMScluster with multiple Ita- nium nodes sharing a common system disk, the SSHLEI.EXE file must be copied from SYS$LOADABLE_IMAGES on the Itanium system where TCPware 5.7 was originally installed, to SYS$LOADABLE_ IMAGES on each remaining Itanium system in the cluster that will be running TCPware 5.7. 2.5 XNTP/NTP Changes o NTP V3 has been removed from TCPware V5.7, replaced by NTP v4. o The VMS time logical name SYS$TIMEZONE_DIFFERENTIAL can now be, optionally, maintained by NTPD at DST changes. See the "set_vms_logicals" option for NTP.CONF in the TCPware Management Guide. o The NTP.CONF file can now be placed anywhere through the use of the TCPWARE_NTP_CONFIGFILE logical name. The default location is now "TCPWARE:NTP.CONF". o A new capability to have a command procedure called at NTPD startup and at DST transition times has been added. This is to allow other housekeeping operations to be performed as needed at such times, such as altering other time-related logicals, calling other procedures, or sending out notifica- tions. See the NTP chapter of the Installation & Administra- tor's Guide for details on using this capability. 2.6 Disk Space Requirements The following table shows the amount of disk space (in blocks) required for the installation of TCPware 5.7: ________________________________________________________________ Table_3:__Disk_Space_Requirements_______________________________ Required to Platform___________Install____________Required_to_Run___________ Alpha 410,000 142,000 I64 336,000 245,000 VAX________________194,000____________101,000___________________ 12 Changes and Enhancements 2.7 Disabled Services IP AddressWorks Process Software no longer supports IP AddressWorks. There are no IP AddressWorks components in this kit and IP AddressWorks has not been tested with this version of TCPware. RSA RSA ACE/Agent for OpenVMS is currently not supported by RSA Security. Therefore, Process Software can no longer assist with RSA ACE/Agent for OpenVMS-related problems. Process Software recommends using SSH instead. 2.8 Converted Services NTP Prior to TCPware V5.7, the NTP service represented NTP V3. In TCPware V5.7, NTP v3 has been desupported and removed from the software distribution kit. The NTP service is converted during the installation to be used with NTP v4. 2.9 Note Concerning FTP Changes There have been a number of changes in the FTP client and server to preserve the case of filenames when ODS-5 disks are being used. This has resulted in some changes in the default opera- tion. In particular: o When not operating in UNIX mode, the FTP server no longer makes the filenames returned in an NLST command all lower- case. This can effect MGET operations. To get the old be- havior, define the logical TCPWARE_FTP_LOWERCASE_NLST to be TRUE. When operating in UNIX mode, the SRI encoding is still used. o There are new FTP logicals added to TCPware V5.7. Please check the TCPware Management Guide for more details. TCPWARE_FTP_ONLY_BREAK_ON_CRLF TCPWARE_FTP_SEMANTICS_VARIABLE_IGNORE_CC TCPWARE_FTP_SEMANTICS_FIXED_IGNORE_CC TCPWARE_FTP_STOU_OLDNAME TCPWARE_FTP_MAX_PRE_ALLOCATION 2.10 Enhancements o ODS-5 for NFS Server: This feature allows for long file names and a mixed-case naming convention. Changes and Enhancements 13 o NTP v4.1.1: NTP is a protocol designed to keep the system clock set accurately by comparing it to one or more time servers elsewhere on the network and adjusting as necessary. NTP v4.1.1 improves time synchronization performance for large networks and better handles rogue time servers. This new implementation of NTP (4.1.1) has enhanced support for Daylight Savings Time (DST) adjustments; particularly in terms of time to make the change when set to slewalways mode, or when not set to slewalways mode and there are no time servers available. o FTP Enhancements o The logical TCPWARE_FTP_MAX_PRE_ALLOCATION can be used to limit the size of pre-allocated disk space for a file when the file size information is available at transfer time. This can be important when transferring very large files as it can take a long time to pre-allocate the file at the start of the transfer when timeout routines in FTP and/or filewalls may cause connections to be dropped. This log- ical does not have any effect for STRU OVMS transfers of Indexed, Contiguous, or Contiguous Best Try files; these files need to have accurate allocation size information at the start of the transfer. [DE 7805] o FTP Enhancement - The logical TCPWARE_FTP_LIMITED_FILE_ SHARING when defined to True, Yes, or 1, causes files to be opened with the SHRGET option. This disables the ability to get a file that another program has open for write. [DE 8461] o The /PASSIVE qualifier has been added for use with the VMS COPY/FTP command. [DE 7890] o The FTP client now supports the DELETE/FTP VMS command. [DE 9941] o The FTP client now recognizes the status code 202 as "Not implemented" (as defined in RFC 959), and it will no longer assume that STRU VMS negotiation has completed successfully when it receives this code. [DE 7863] o SMTP Enhancements o A new logical "TCPWARE_SMTP_INCOMING_MSGSIZE_LIMIT" has been added which can be used to reject an oversized incom- ing message. It can be defined as: S "Small" = 1 MB M "Medium" = 10 MB L "Large" = 100 MB X "eXtra large" = 1000 MB The default for this logical is not defined, which means that no size limit checking is performed. If the logical is defined, when the message size is detected to be over the defined limit, the message will be rejected. 14 Changes and Enhancements In the following example, any mail over 10 MB will be rejected: $ DEFINE/SYS/EXE TCPWARE_SMTP_INCOMING_MSGSIZE_LIMIT "M" Please note: The size that the SMTP server checks is the size of the data received in the data channel. It may be different from the actual message size. This is especially true when the message has an attachment. In such cases, the attachment will be encoded and the data size will be the message size plus the encoded attachment data size. [DE 3373] o The System Administrator can use "TCPware configure/mail" to set a value for "SMTP-HOST-NAME", replacing the real host name in the "Received:" lines of the mail header. [DE 7791] o UCX Emulation o The KEEPINIT, KEEPCNT and NODELACK functions have been added. [DE 7004] o The IPv6 functions getnameinfo, getaddrinfo, freeaddrinfo have been added to the UCX support library. These func- tions will return IPv4 addresses in an IPv6 compatible manner for those programs that use these functions to support IPv6 and/or IPv4 connectivity. SSH Enhancements o SSH has been upgraded to code level 3.2.9. o The cryptographic library used is compiled from unaltered source code from F-Secure which is FIPS 140-2 level 2 compli- ant, as determined by the Computer Security Division of the National Institute of Science and Technology (NIST). o Support for performing authentication via certificates. o Support for authentication via Kerberos V5 and V7 and later systems. o The CERTENROLL client has been included to enroll certifi- cates with a Certification Authority (CA) via the CMPv2 protocol. o The CERTVIEW utility has been provided, to allow viewing and validation of certificate contents. o A public key server and assistant have been added to make it easier to manage keys for SSH public key authentication. o SFTP Server and Client: SFTP allows for secure file trans- fers. This feature was released in a patch for TCPware V5.6. SFTP is now included in the TCPware V5.7 release. Changes and Enhancements 15 o SSHKEYGEN now has a /[NO]WARN qualifier to warn the system administrator if an SSH2 host key already exists and asks if the file should be overwritten. Using /NOWARN will not announce the file's existance and will overwrite the file. The default behavior now is to warn the system administrator and ask if the existing file should be replaced. o OpenSSH-format keys may now be converted to SSH2 format using SSHKEYGEN. o SSH2 server configuration files now support "subconfigura- tions" based on the client's hostname or desired username on the server. o Login/logout events are now logged via the VMS audit server. The user will see a login record created by TCPware, plus lo- gin & logout records for a detached session (the interactive login session). o SSH2 server configuration files now support "subconfigura- tions" based on the client's hostname or desired username on the server. o The SSH2 server now supports the UAI$M_PWDMIX flag. [DE 10020] o The SSHD_MASTER.LOG file now includes a date stamp as well as a time stamp for messages. [DE 9953] o The location of the SSH server log files may now be set by defining the logical TCPWARE_SSH_LOG_FILE to the default filespec desired. Any part of the filespec may be defined (.e.g, the complete filespec, the device/directory only, the filename, the file type). [DE 9884] o The logical TCPWARE_SFTP_FILE_ESTIMATE_THRESHOLD can be used to set the minimum size (in blocks) for a text file to report an estimated size. When a file is smaller than the specified value the file will be read to determine the exact size that would result in a transfer. Files larger than the specified value will continue to get an estimated size. [DE 9889] o SFTP2 GET and PUT (and MGET and MPUT) now support -p or -preserve-attributes as an option as the first parameter for the command. This option will cause SFTP to attempt to preserve timestamps and access rights when transferring a file. [DE 9888] o SFTP2 now has the CHMOD and LCHMOD commands for changing the protection of files. o SFTP2 now supports conversion of VMS record formatted files to flat files with the RECORD command. o SCP2 now supports ASCII-mode file transfers. o The VMS accounting record for SSH sessions will have the REMOTE NODE field loaded with the value "SSH", "SCP" or "SFTP" as appropriate, and the REMOTE ID field will be loaded with the client's IP address and port number in hex as 16 Changes and Enhancements "xxxxxxx:xxxx". This will allow system managers to display all SSH sessions for a given timeframe, by using the /NODE= qualifier on the ACCOUNTING command line. [DE 7048] o For OpenVMS AXP 7.2 and higher systems, enable support to al- low transfers of files greater than 2GB in size. All OpenVMS AXP V7.1.x and lower, and all OpenVMS VAX systems, will still be restricted to a maximum file size of 2GB. o SCP has two new qualifiers. These two qualifiers, plus a relaxation in the synchronization of read & writes between the source and destination are aimed at providing improved performance over slow links. /BUFFER_SIZE=integer Number of bytes of data to transfer in a buffer. De- fault=7500, min=512. /CONCURRENT_REQUEST=integer Number of concurrent read requests to post to the source file. Default = 4. o TCPWARE_SSH_SFTP_SERVER_DEBUG n - sets the debug level for the SFTP server debug. This logical may be set at any point in the user's default logical search list to set the amount of debugging information to include in SYS$LOGIN:SFTP- SERVER.LOG (this file is only written when the logical is defined). o TCPWARE_SSH_SCP_SERVER_DEBUG n - similar to the logical TCPWARE_SSH_SFTP_SERVER_DEBUG, but for the SCP1 server; the file written in SYS$LOGIN:SCP-SERVER.LOG. o Setting the logical TCPWARE_SFTP_VMS_ALL_VERSIONS to TRUE will now return all versions of files whether or not the SFTP server is communicating with our SFTP client. [DE 9830] o The logical TCPWARE_SFTP_ODS2_SRI_ENCODING can be defined to FALSE, NO or 0 (zero) to disable SRI encoding of files with uppercase letters and special characters on ODS 2 disks. [DE 9829] 2.11 Fixed Problems Drivers o Provide support to IPDRIVER and BGDRIVER for BSD 4.4 SIOCGIF- BRDADDR so that Insight Manager Agents V3.3 can work cor- rectly. [DE 10192] o Support has been added to all drivers for ioctls SIOCGIFINDEX and the BSD 4.4 version of SIOCGIFCONF. [DE 8939] o For all drivers, Added support for LLA devices as known devices. [DE 9821] Changes and Enhancements 17 o Corrected a problem in BGDRIVER in an error path that would cause a system crash in 64-bit environments. [DE 8746] o For IPDRIVER, added NETCU SET/SHOW XMIT_QUEUE_LIMIT to allow the transmit queue length limit to be set/shown. The default value is 100. [DE 8606] o Corrected a problem in IPDRIVER, TCPDRIVER and UDPDRIVER that could cause a SPINWAIT crash and improve performance for systems with many connections. [DE 9599] o In TCPDRIVER, corrected the status returned on end of file to resolve problems with SWS 2.0 (Apache) and cgi. [DE 9645] o UCX emulation: o A number of routines have been added to support new routines in the DEC C RTL for BSD 4.4, IPv6 (for IPv4 compatability), etc. [DE 9067] o Entry points were provided which are needed by HP Kerberos v5. [DE 9109] o Modified getnameinfo to allow Python to work. [DE 9591] o Support has been added for the socketpair funtion. [DE 9788] o Include Files for programmers; NAMESER.H referenced an in- clude file NAMESER_COMPAT.H which was not provided. This has been fixed. [DE 9245] DHCP o Corrects a problem where DHCP server crashed under certain circumstances (such as using a bogus router name in the configure file). [DE 9719] o A problem in STARTNET.COM has been corrected. This prob- lem could cause TCPware not to start after using "@CNFNET DHCLIENT" to configure the host. [DE 9794] FTP o Corrected a problem with the PWD command returning an incor- rect value if "< >" is used in the default login location in the UAF. [DE 7972] o Corrected an issue where some long reply messages in the pre- login phase of some FTP servers could hang the TCPware FTP client. [DE 8010,9022] o Corrected a problem where using a file for tcpware_ftp_230_ reply message could potentially generate an ACCVIO if there is no carriage-return in the file. [DE 8237] o Corrected a problem with 150 reply messages returning an incorrect value when in Unix mode and with "< >" as part of the default directory specification. [DE 8252] 18 Changes and Enhancements o Corrected a problem with the "DIR" command in Unix mode returning an incorrect value on file size when the file size is more than 2GB. [DE 8279,8382] o Support for the /NOSTRUVMS qualifier was added for COPY/FTP. [DE 8391] o Corrected a problem with FTP server 226 reply which gave inaccurate bytes transferred with very large files. [DE 8462] o The routine FTP_SET_KEEPALIVES(CCB, STATE) has been added to the FTP programming library. This routine should be called between allocating the CCB and opening the connection with the desired state of KEEPALIVES (TRUE = ON, FALSE = OFF). The default value is ON. [DE 8575] o TCPware FTP has changed the output from an NLST command to retain the case of the filenames when not operating in Unix mode. (When operating in Unix mode the SRI encoding governs the case of the filenames.) This change allows MGETs for case-sensitive filenames to work correctly on ODS-5 disks on VMS V7.3-1 and later. The logical TCPWARE_FTP_LOWERCASE_NLST has been added to make the old behavior available. When TCPWARE_FTP_LOWERCASE_NLST is defined to True, Yes, or 1 (the number one) then the file names will be set to lowercase as they have been in the past. [DE 8660] o Corrected a problem where the TCPware_FTP process entered a "MUTEX" state when a system resource limit set by the pro- cess was reached. This problem could occur at a heavily used ftp site when there are multiple users trying to log on to the FTP server simultaneously. To resolve the problem, some limits set in the FTP_CONTROL.COM have been increased. In addition, new code was added in the TCPware FTP server to check if the running process is close to consuming all of the resources when serving the client connection attempts. In that case, the client will receive the message "The server is busy, try again later". Please note: this "busy" situa- tion will automatically disappear when other clients finish their initial login phase and release the resource. If this situation is still found happening frequently at the site, the site administrator should review user log on pattern and take measures accordingly. For example: 1. Increase the TQELM (Timer Queue Limit) of the process. 2. Reduce login idle time by using the logical TCPWARE_FTP_IDLE_TIMEOUT. [DE 8663] o Corrected a problem where the NETCU command "netcu set log/ftp/new" created a new log file with name "." (".;1" for example) in the user's default directory. A file name is now required with the command "netcu set log/ftp/new". [DE 8670] o FTP login attempts now observe LGI parameters. [DE 8768] Changes and Enhancements 19 o The TCPware FTP client will no longer insert a carriage return when processing long reply messages from the server. The old behavior was inserting a carriage return every 132 characters. [DE 8888] o TCPware_FTP has been modified to use SYS$GETUAI instead of reading the system authorization file to reduce access contention problems. [DE 8963] o A change has been made to the STOU command to resolve file naming behavior that was removed from the FTP server in TCPware v5.4. The change introduced in v5.4 causes the STOU command to create a new file name on the server system. Before v5.4, the STOU would preserve the file name. A new logical "TCPWARE_FTP_STOU_OLDNAME" has been created to make the pre-v5.4 behavior available. An example of this logical name usage: $ define/sys/exe TCPWARE_FTP_STOU_OLDNAME "anything" The logical is not defined by default. [DE 9369] o Corrected a problem with the FTP server that it might crash when receiving an unusually long argument with some commands. [DE 9477] o Corrected a problem with the FTP_SERVER that would cause it to keep files open after MDTM operations and use up re- sources. This would generally only be noticed in sessions that involve lots of MDTM operations. [DE 9486] o If the SYSTEM logicals TCPWARE_FTP_ACCESS or TCPWARE_FTP_ _ACCESS (to specify a particular username) is de- fined to any combination of NOLIST, NOWRITE, NOREAD, NOSPAWN or NODELETE, then the FTP server will not allow the specified actions. [DE 9598] o The TCPware FTP client can now be started independantly of the FTP server. @TCPWARE:CNFNET FTP will now ask about both the FTP server and the FTP Client with the default answer for the client being the answer for the server if it has not been configured in the past. [DE 9779] o Corrected FTP server handling of filenames with multiple dots on ODS-5 disks. [DE 10068] o If the logical TCPWARE_FTP_MAXIMUM_CONNECTION_WAIT is defined as a VMS delta time, then the FTP client will wait up to that amount of time for the FTP server to respond on connection. This prevents automated processes from hanging when the server accepts the connection but never responds with the banner. [DE 10185] IMAP o Corrected a problem where the IMAP server responded incor- rectly to a request for the INTERNALDATE message attribute. [DE 8447] 20 Changes and Enhancements o A new logical "TCPWARE_IMAPD_GREETING_MESSAGE" has been added that can be used to stop displaying version and host information for the IMAP service or define a user specific message (which is limited to 128 bytes). The example below will cause no version or host information to be displayed by the IMAP server: $ define/sys/exe TCPWARE_IMAPD_GREETING_MESSAGE " " This next example will cause the string "Hi there!" to be displayed instead of the usual version and host information: $ define/sys/exe TCPWARE_IMAPD_GREETING_MESSAGE "Hi there!" [DE 9629] o Corrected a problem with the IMAP option "set case- insensitive-folders true" which could cause some IMAP clients to wait forever when trying to initially subscribe to a non- existent folder on the server. [DE 9634] o Corrected a problem with the IMAP option "set case- insensitive-folders true" which could cause some IMAP clients to timeout when attempting to delete a folder. [DE 9635] o Corrected a problem where IMAP showed some messages with the header as part of body when "smtp%" was used to send mail. [DE 9636] LPD o The LPD server now supports a logical name to allow specifi- cation of a valid range of remote ports to accept connections from, or to specify accepting connections from any port at all. The logical name is TCPWARE_LPD_PORT_RANGE. It should be defined in the system table, in executive mode. The value may be in one of these valid formats: "NONE", "OFF" or "N" = turn off port range checking. Accept connections from any port on a valid host. "n,m" = the range of ports to accept connections from, where "n" is the lowest valid port number, and "m" is the highest valid port number. Both "n" and "m" must be in the range 1 to 65535, with "m" being greater than "n". The default, if the logical does not exist, or has an invalid format, is any port number less than 1024, which is the range used in previous releases of the TCPware LPD server. Examples: $ DEFINE/SYSTEM/EXECUTIVE_MODE TCPWARE_LPD_PORT_RANGE "OFF" This allows any port on a valid host to connect. $ DEFINE/SYSTEM/EXECUTIVE_MODE TCPWARE_LPD_PORT_RANGE "1,2048" This allows any port in the range 1 to 2048 (inclusive) on a valid host to connect. Changes and Enhancements 21 $ DEFINE/SYSTEM/EXECUTIVE_MODE TCPWARE_LPD_PORT_RANGE "0,1023" This is equivalent to the default setting when there is no logical found. [DE 3196, 9757] o Changed the max length of a remote queue name from 64 to 128 bytes. [DE 9163] LPS o Corrected a problem when trying to add a "/description=" field in the "additional qualifier" field in CNFNET. [DE 8712] o The code has been modified to resolve an issue between TCP- ware and HP JetDirect printing servers. The issue is that under certain circumstances, when a file is printed on a HP printer from a TCPware LPR queue, the last line of the printout is being over-written by the file name prefixed with a "N". An example of when this might happen is described below: o The file must be printed through the queue using the TCPware_LPRSMB or TCPware_VMSLPRSMB print symbiont. o The problem has been seen on HP printers with an HP JetDi- rect Firmware Rev. G.08.49 or below (the latest version of the JetDirect firmware at the time of this writing). o The TCPware host must have a fully qualified domain name length of x characters. For example "123456.process.com" has 18 characters. o The file name being printed must have a length of x- 1 characters. For example "1234567890123.txt" has 17 characters. The problem may happen in other combinations of x and x-1. You must define one or both of the logicals below to enable the changes, depending on which print symbionts are in use on your system. The behavior will not be changed if the logicals are not defined. If you use TCPWARE_VMSLPRSMB, then do $ define/sys/exe TCPWARE_VMSLPRSMB__HPJETDIRECT_COMPENSATE If you use TCPWARE_LPRSMB, then do $ define/sys/exe TCPWARE_LPRSMB__HPJETDIRECT_COMPENSATE where is the queue name, or a "*" wildcard character which means it applies to all queues. The is any value. For example: $ define/sys/exe TCPWARE_LPRSMB_HPQUEUE1_HPJETDIRECT_COMPENSATE true [DE 9342] NAMED o Corrected memory leak issues. [DE 7112,7684] 22 Changes and Enhancements o Corrected a problem where the nameserver could crash when it accidentally used the memory that had been freed. [DE 7691] NFS Server o Corrected a problem with reading & writing to/from very large files (greater than 4 gigabytes) with variable record formats. Support for 64-bit data types added to attribute handling for variable type files. [DE 8335] o Corrected an NLM issue identified by Cybercop. [DE 8673] o Corrected a problem with the new V3 procedure ACCESS, which would make it so that you could not move a file from export after upgrading to the V3 server. [DE 9359] o Corrected a problem where parsing of ODS-2 directories could result in a hang. [DE 9541] o Added support for TCPware ODS-2 NFS client to access ODS-5 exports [DE 9544] o Fixed a problem with V3 CREATE procedure; corrected handling of EXCLUSIVE type create functionality. [DE 9764] o Corrected a problem with READDIRPLUS handling of dircount/maxcount args when verifying buffer size. This problem was resulting in an I/O error with Linux NFS clients. [DE 9809] o Corrected ODS-5 to ODS-2 mapping scheme when using the TCP- ware NFS client. The leading '$' is no longer displayed when listing filenames. [DE 9823] o Fixed a problem which manifested itself as a SYSTEM-F-EXQUOTA error when multiple TCP connections are sending RPC requests simultaneously. [DE 8940] o Corrected a problem with corrupted writes within newly cre- ated files [DE 9986] o Improved performance/response times of directory listings and lookups within very large directories. [DE 9987] NTP o Callouts are supported for startup and DST changes. [DE 6897] o Updated a number of timezone rules. [DE 8399] o The NTP.DRIFT temporary file would hit the file version limit. The file version is reset to 1 after old versions are purged to avoid this issue. [DE 9463] POP3 o Corrected a problem where POP3 failed when decc$argv_parse_ style is set to enable. [DE 8702] Changes and Enhancements 23 RSH o A new logical TCPWARE_RSH_532_COMPATIBLE has been added which can be used to back out a change made in RSH client since TCPware 5.3-3 or ECO kit RSH_V532P010. The change may cause some old customized application scripts unusable for some users. If you want to back out this change, you can define the logical as shown below: $ define TCPWARE_RSH_532_COMPATIBLE "true" The logical is not defined by default. [DE 8759] SNMPD o Host Resources MIB (RFC 1514) names were added so they are listed out on a NETCU SHOW SNMP and also can be used in the /MIB. [DE 7670] o Corrected an error condition in the SNMP Agent that could cause it to enter RWAST state. [DE 8330] o Corrected an error in the way that Object ID values returned from SNMP Agent X subagents are returned to SNMP get re- quests. [DE 8363] o Corrected a problem with returning the full contents of Agent X octet strings. This corrects problems with the NIC MIB of the Insight Management agents on VMS V7 on AXP. [DE 8655] o Corrected a errors which could cause the SNMP Agent to ACCVIO when setting an object id value in an Agent X subagent. [DE 8664,8763] o Corrected an error in SNMP Agent X GetBulk handling that could cause subagents to get fatal errors. [DE 9928,9639] SSH o SSH Server o After applying the SSH_V562P050 ECO, SSH would stop ac- cepting connections and/or would occasionally hang. [DE 9862, 9870] o If an invalid username is used during authentication, the fact that an error occurs is recorded, but not the username being attempted. [DE 9973] o The JPI$M_PASSWORD_EXPIRED flag is not set for LOGIN_ FLAGS when a user with an expired password is successfully authenticated using a method other than PASSWORD (e.g., PUBLICKEY). [DE 9991] o After applying the SSH-080_A044 ECO, @TCPWARE:RESTART SSH may fail to restart the SSHD_MASTER process. [DE 9902] o The SSH1 server can ACCVIO if Kerberos is installed but not configured on a system. [DE 9872] o If the SYSTEM account is disabled, other users can't log in. [DE 9239] 24 Changes and Enhancements o If a client system disconnects with a malformed SSH_MSG_ DISCONNECT protocol message, the server process may enter a loop, exiting after serveral minutes. This scenario can typically occur when a PC system is infected with the MYDOOM virus (it attempts to break into SSH-enabled systems). [DE 9661] o The CERT Vulnerability Note VU#333980 is addressed. This addresses a possible DOS vulnerability when decoding digital certificates using BER or DER encoding. [DE 9672] o If the SYSTEM account is disabled, the server will incor- rectly report the desired user account is disabled. [DE 9216] o If a user's [.SSH2] directory is in a search path SSH lookups in that directory may fail. For example: $ sho log sys$manager "SYS$MANAGER" ="SYS$SYSROOT:[SYSMGR]" (LNM$SYSTEM_TABLE) $ sho log sys$sysroot "SYS$SYSROOT" ="RAPTOR$DRA0:[SYS0.]" (LNM$SYSTEM_TABLE) = "SYS$COMMON:" 1 "SYS$COMMON" ="RAPTOR$DRA0:[SYS0.SYSCOMMON.]" (LNM$SYSTEM_TABLE) [DE 9258] o If a reverse address lookup fails, the server labels the client system as UNKNOWN in the TT_ACCPORNAM field, instead of loading it with the simple client IP address. [DE 8796] o AllowGroups/DenyGroups may occasionally fail to work properly. [DE 9286] o If the logical name TCPWARE_SSH_ACCESS_USE_LOCAL is de- fined, the LOCAL field in SYSUAF for the user rather than the REMOTE field will be used to determine if a user may log in. [DE 9291] o Captive accounts are incorrectly allowed to execute remote SSH commands. [DE 9262] o If the argument to BannerMessageFile in the SSHD2_CONFIG file contains lowercase characters, it might not be dis- played at login time. [DE 9460] o The SSH1 server (SSHD.EXE) will continually do I/O when it should be idle during a session. [DE 8880] o The SSH server process is owned by the logged-in user, when it should be owned by SYSTEM. [DE 8692] o The user keys are required to be in STREAM-LF format. This is now not a restriction; they may exist in VAR format as well. [DE 7747] o After applying ECO SSH-030-A044 and later, SSH1 sessions will have their terminal geometry arbitrarily set to 24x80. [DE 8514] Changes and Enhancements 25 o When a new user account is created and and the first login to it is from an SSH2 session, the SSH2 server may ACCVIO. [DE 8735] o The process login_flags are not being updated correctly to reflect, for example, new mail. They are now updated to correctly reflect new mail, an expired password, or a password about to expire. These flags are accessed via, for example, F$GETJPI(0, "LOGIN_FLAGS"). [DE 8714] o When an expired password is being changed and the new password is in the history list, the session was imme- diately disconnected. This is inconsistent with the way telnet or a normal login works. This has now been changed to work in that way. [DE 8453] o An interactive session could sometimes have a mode of "OTHER" rather than "INTERACTIVE". [DE 8729] o When logging in to an SSH2 session and logins are disabled or the maximum number of interactive logins is exceeded, the server would not notify the client of the reason (e.g., "Logins are currently disabled - try again later"). [DE 8069] o A cipher specified by /OPTION=(CIPHER=ciphername) was case-sensitive when it should not be. [DE 8842] o If logins are disabled, a login attempt may not result in an OPCOM message being logged. [DE 7982] o If logins are disabled, a login attempt will cause an intrusion attempt to be logged. [DE 8066] o CERT advisory CA-2002-36, "Multiple Vulnerabilities in SSH Implementations", is addressed. [DE 8682] o If an account is marked CAPTIVE or RESTRICTED in its UAF record and an expired password is encountered, the LGICMD command procedure could enter an infinite loop and the password could not be changed. This has been changed such that when an expired password is encountered, the logical name SSH_EXPIRED_PWD_ will be defined in the LNM$SSH_LOGICALS table, where is the PID of the user process. The captive command procedure must be modified to look for this logical name, and if it's encountered, it may then do whatever the user desires for changing the account's password. [DE 8677] o The TT_ACCPORNAM string set for an SSH session has been modified so that it's prefaced with "ssh/", in order to allow a user command procedure or program to determine that it's running as an SSH session. For example, the TT_ ACCPORNAM string will now look like: $ write sys$output f$getjpi("", "TT_ACCPORNAM") ssh/foo.bar.com:10333 [DE 8679] 26 Changes and Enhancements o By default, the BannerMessageFile keyword is set to dis- play the contents of SYS$ANNOUNCE. If the default for BannerMessageFile isn't changed and the SYS$ANNOUNCE log- ical is deleted from the system, the text "sys$announce" will display during the login session. The proper behavior is to display nothing. [DE 8587] o The VMS accounting record for SSH sessions will have the REMOTE NODE field loaded with the value "SSH", "SCP" or "SFTP" as appropriate, and the REMOTE ID field will be loaded with the client's IP address and port number in hex as "xxxxxxx:xxxx". This will allow system managers to display all SSH sessions for a given timeframe, by using the /NODE= qualifier on the ACCCOUNTING command line. [DE 8688] o The SSHD server process would retain its identity as belonging to the SSH user. It should take the identity under which SSHD_MASTER runs. [DE 8695] o The SSH2 server process will occasionally exit prematurely when attempting to copy a file via SCP or SFTP to the server system, so the copy attempt would fail. [DE 8701] o Not all clients could handle expired passwords. Changed the way they are handled to do a VMS SET PASSWORD command, then log the user out. The user may then log in using the new password. This is consistent with UNIX implementa- tions. [DE 8301] o The server doesn't time out on connection attempts will wait forever for a valid ID string, blocking all future connection attempts. [DE 8306] o The SSH server could hang if the child process it creates terminates within a few seconds of instantiation. [DE 8432] o When a remote command was executed and DCL VERIFY was enabled after the SYLOGIN.COM and LOGIN.COM files were executed, "$ SET NOON" would appear in the command output. [DE 8424] o Correct some grammar errors in the SSHD2_CONFIG template file. [DE 8228] o The SSHD MASTER process didn't check to see if the SSH2 host key existed if SSH2 sessions are enabled. [DE 8125] o SSH CLient o If an SSH session is performed with a VMS batch job, the /LOG qualifier will not record anything, although the output from the SSH command is written to the VMS batch log file. [DE 10193] Changes and Enhancements 27 o The following comand will cause the client to terminate with an error of "%SYSTEM-F-FILNOTACC, file not accessed on channel": $ ssh foo.bar ssh foo.bar [DE 8218] o If the keyword TryEmptyPassword is used in the SSH2_CONFIG file, the SSH client will exit. [DE 8311] o SSH File Transfer o ASCII (text) file creates are now done such that the version number is maximized. This will allow a specific version of a file to be transferred, and for it to always end up as the most recent version of the file. [DE 9386] o Improved logical name handling to correct some problems with translating the logical name on the client rather than the server. [DE 9373] o Improved identification methods for regular files/directories to fix some problems caused by errors. o Put a limit (5) on the number of devices returned for the LSROOTS command. This limit can be adjusted via the logical TCPWARE_SFTP_MAXIMUM_DEVICES. The number has been limited due to startup hangs, and the information that is causing it having limited use. [DE 9289] o Correct a problem with computing the file size that pre- vented files greater than 4GB from being copied. [DE 9162] o Correct a parsing problems that resulted if a directory name started with a period ("."). [DE 9114] o Correct some potential ACCVIOs due to lack of an error callback routine where one was expected. [DE 9104] o A problem with the SFTP client that would cause it to not fully close the mailbox that is used to SSH and hence consume process resources when there are successive OPEN commands has been fixed. [DE 9097] o Security Express for Windows by ByteFusion no longer has problems getting directories with our SFTP server. o Attempting to use SCP1 to copy the contents of a directory results in a failure. [DE 9690] o Problems preserving VMS file attributes with an SCP2 command specifying a remote system as the source with wildcards have been corrected. [DE 9579 (9596)] o Corrected a problem with recursive SCP copies initiated from systems that use OpenSSH. [DE 9969] o When attempting to access a file that does not include a dot in the name a .DIR was tacked onto the name as if the file was a directory file. When the logical TCPWARE_ SFTP_DEFAULT_FILE_TYPE_REGULAR is defined to TRUE, YES or 28 Changes and Enhancements 1, then open operations will use a default file type of REGULAR instead of UNKNOWN. [DE 10012] o Improved file parsing code to handle extraneous the /. that some clients are now including at the end of direc- tory specifications. [DE 9933 (9952)] o When doing an ASCII transfer of a large file that is already in STREAM-LF format to a non-vms system it is possible for the file to get truncated. Though a BINARY transfer might yield the correct results there have been some instances were errors in the C RTL prevent that from being done. The problem is due to character counting code which does not account for the line separator changing from to . To provide a work around for this problem the logical TCPWARE_SFTP_NEWLINE_STYLE has been added. The following values can be used: UNIX VMS MAC UNIX and VMS result in a being used for the newline sequence. MAC results in a being used for the newline sequence. For all other values (or if the logical is not defined) will be used for the newline sequence for ASCII transfers. [DE 9978] o When performing an SCP command and the target account has an expired password, the session will terminate and the SSH_LOG:SSHD.LOG file will contain the following lines: Command: "set password" Attempting to find command "set" WARNING: SSHD2: Subsystem set password not defined [DE 8519] o When performing an SCP2 copy using the /TRANSLATE switch, an ACCVIO could be encountered. [DE 8879] o When using SecureFX V2.1 from VanDyke Technologies, the transfer would fail with Invalid SFTP request ID in server response. Closed SFTP channel. [DE 8524] o For OpenVMS AXP 7.2 and higher systems, enable support to allow transfers of files greater than 2GB in size. All OpenVMS AXP V7.1.x and lower, and all OpenVMS VAX systems, will still be restricted to a maximum file size of 2GB. [DE 8672] o Correct a problem with SCP commands issued from a system using OpenSSH that did not preserve uppercase letters in filenames. Changes and Enhancements 29 The SCP servers use SRI encoding to preserve the case of filenames. The $ character is the escape character that signifies that there is a change in how the following character(s) should be interpreted. If the following char- acter is an alphabetic character, then the case changes. (The initial case is lower, so the first $ changes it to upper, then next to lower, etc.) If the following char- acter is a $, then the result is a $ (with no change in case). International characters in the range of octal 200 to 377 are translated to $ followed by the three-digit octal value for the character. The dot (.) character is treated as a special case. The first occurence in a file name is interpreted explicitly as a dot; later occurences are translated to the sequence "$5N". $4 followed by a letter is equivalent to the control value for that letter (hex values 1 through 1A for $4A to $4Z). $5 followed by a letter yields hex values 21 to 3A ($5A to $5Z). $7A is space. [DE 8648] o When transferring a file via SCP, some line feeds could be missing from the data, destroying the formatting. [DE 8410] o When transferring a file from a UNIX system running SSH 3.2.0, the following error could be encountered: "FATAL: filexfer_client: bad STATUS (ver 3)" [DE 8421] o When a "quit" command was executed from OpenSSH SFTP after transferring a file, the session would appear to hang for up to five minutes. [DE 8370] o SSH Utilities o When running SSHADD on a VMS system and the user's {.SSH2] directory is on an ODS-5 disk, and the process is case- sensitive, SSHADD may fail to find some keys if the keys listed in the AUTHORIZATION file are not in lowercase. [DE 8288] o The directory information used by the UserConfigDirectory keyword in the SSH2_DIR:SSH2_CONFIG configuration file is ignored by SSHKEYGEN. [DE 8149] o If the SSHAGENT is terminated by a CTRL-C, the following message may be output: SSH-AGENT exiting... ssh_io_unregister_fd: file descriptor 1179010630 was not found. then the agent may hang. [DE 8720] o The NETCU SHOW SSH command would sometimes return an incorrect process name for an SSH child process. [DE 8058] o A non-privileged user who performs a NETCU SHOW SSH com- mand would not see his own SSH1 server processes. [DE 8255] 30 Changes and Enhancements o An "@TCPWARE:SHUTNET SSH" command doesn't remove all SSH images. [DE 8082] o Mixed case can't be used when generating keys with a passphrase. [DE 9813] o File names in SSHADD were case-sensitive, resulting in some identity files not being found. [DE 8288] o The TCPWARE_SSH_AGENT_ logical wasn't destroyed when the agent terminated, which could cause future login attempts using publickey authentication to fail. [DE 8298] TCPDUMP o TCPDUMP decodes more known packet types. [DE 6966] TELNET o The file TCPWARE:TELNET_CONTROL.COM can be edited to set various values for TELNETD_FLAGS to control telnet. A new flag with a value of 4 has been added to restore the TCPware version 5.3 and earlier behavior where NT devices were not flagged as MOUNT/FOREIGN. Note that if you set this option, and the NT device is no longer flagged as mount/foreign then the behavior reported in D/E 1095 will be restored. In this case if a user Telnets into a system and issues a REPLY/ENABLE without /TEMPORARY, then logs out, if another user logs in and gets the same NT device, their terminal will be enabled as an operator terminal. [DE 8745] TFTP o The TFTP server and client now support a maximum upper limit of 32MB for the size of the file being transferred. Prior to the change, the limit was 16 MB. [DE 9603] TSSYM o TCPWARE_TSSYM print symbiont has a new logical name: TCPWARE_ TSSYM_MAXSTREAMS - Allows setting the maximum number of streams each TCPWARE_TSSYM symbiont process will support. Value is an integer in the range 1 to 16. Other values will be ignored. The default if the logical is not present, or has an invalid value, is 16. The logical is looked for in the system logical name table. Example: $ DEFINE/SYSTEM/EXECUTIVE_MODE TCPWARE_TSSYM_MAXSTREAMS "5" This will set the maximum number of streams per TCPWARE_ TSSYM symbiont process to 5. That is, each TCPWARE_TSSYM symbiont process on the system will support up to 5 active print queues, rather than the default of 16. [DE 270] Changes and Enhancements 31 XDM o Corrected a problem where XDM sometimes reports "Cannot convert Internet address" error even when the address can be resolved by using "NETCU show host". [DE 8378] o A problem was corrected where the session was terminated before it had a chance to get completely started with DECWin- dows 1.3-1. [DE 9520] 32 Changes and Enhancements CHAPTER 3 DOCUMENTATION UPDATES This chapter contains a summary of changes to the documentation for TCPware V5.7. 3.1 TCPware V5.7 o Changed the TCPware version number to read V5.7. o Deleted references to NETware. o Chapter 10 of the TCPware Management Guide has been replaced by the NTP V4 documentation. o Information about SSH2 was added to the TCPware Management Guide. o The chapter in the User's Guide on Secure File Transfers has been updated to add SFTP and new SCP information. o Information about the SSH Public Key assistant, CERTENROLL and CERTVIEW has been added to the TCPware User's Guide. o The disk space requirements that were previously in the TCPware Installation and Configuration Guide have been moved to the Release Notes. Documentation Updates 33