Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Problem with SSL1 and TCPware
3 views
Skip to first unread message
John Santos
Feb 22, 2016, 5:47:22 PM2/22/16
to
Warning to anyone running TCPware who wants to install the new SSL
version!
I discovered that TCPware V5.9-2 doesn't work with LDAP (ACME loginout)
on VMS Alpha V8.4 with the new SSL1 v1.0.2-c.
When you try to log in to an account with EXTAUTH flag set, you get an
error message after typing the username:
"Operation failure; if logging is enabled, see details in the
ACME$SERVER log file"
I suspect this is due to the same problems or incompatibilities corrected
in the TCPIP_CVE_PAT ECO for HP TCPIP (released in December at the same
time as SSL1.)
I also suspect that this problem (and potentially other undiscovered
problems) occurs on any TCPware version on any platform, since there
don't seem to be any recent patches on the TCPware support web site.
It is possible there are in fact patches, but only available to
supported Process customers; we let support lapse on our one remaining
TCPware system after our last customer who used TCPware upgraded their
Alphas to I64 rx2800's, which came with HP TCP/IP licenses (bundled into
the BOE license.)
I've been meaning to convert from TCPware to HP TCP/IP on this system
since then, as we do still have supported Alpha VMS 8.4/HP TCP customers.
I installed HP TCPIP (and the CVE patch) on it, a little
systartup_vms.com fiddling to get it to start TCPIP instead of TCPware,
and ACMELDAP logins now work fine.
So contact Process Software support before installing SSL1 on a TCPware
system. The same may apply to Multinet.
--
John Santos
Evans Griffiths & Hart, Inc.
version!
I discovered that TCPware V5.9-2 doesn't work with LDAP (ACME loginout)
on VMS Alpha V8.4 with the new SSL1 v1.0.2-c.
When you try to log in to an account with EXTAUTH flag set, you get an
error message after typing the username:
"Operation failure; if logging is enabled, see details in the
ACME$SERVER log file"
I suspect this is due to the same problems or incompatibilities corrected
in the TCPIP_CVE_PAT ECO for HP TCPIP (released in December at the same
time as SSL1.)
I also suspect that this problem (and potentially other undiscovered
problems) occurs on any TCPware version on any platform, since there
don't seem to be any recent patches on the TCPware support web site.
It is possible there are in fact patches, but only available to
supported Process customers; we let support lapse on our one remaining
TCPware system after our last customer who used TCPware upgraded their
Alphas to I64 rx2800's, which came with HP TCP/IP licenses (bundled into
the BOE license.)
I've been meaning to convert from TCPware to HP TCP/IP on this system
since then, as we do still have supported Alpha VMS 8.4/HP TCP customers.
I installed HP TCPIP (and the CVE patch) on it, a little
systartup_vms.com fiddling to get it to start TCPIP instead of TCPware,
and ACMELDAP logins now work fine.
So contact Process Software support before installing SSL1 on a TCPware
system. The same may apply to Multinet.
--
John Santos
Evans Griffiths & Hart, Inc.
Craig A. Berry
Feb 22, 2016, 9:50:36 PM2/22/16
to
On 2/22/16 4:47 PM, John Santos wrote:
> I discovered that TCPware V5.9-2 doesn't work with LDAP (ACME loginout)
> on VMS Alpha V8.4 with the new SSL1 v1.0.2-c.
>
> When you try to log in to an account with EXTAUTH flag set, you get an
> error message after typing the username:
>
> "Operation failure; if logging is enabled, see details in the
> ACME$SERVER log file"
>
> I suspect this is due to the same problems or incompatibilities corrected
> in the TCPIP_CVE_PAT ECO for HP TCPIP (released in December at the same
> time as SSL1.)
Supposedly that ECO is about the BIND server, not LDAP:
> I discovered that TCPware V5.9-2 doesn't work with LDAP (ACME loginout)
> on VMS Alpha V8.4 with the new SSL1 v1.0.2-c.
>
> When you try to log in to an account with EXTAUTH flag set, you get an
> error message after typing the username:
>
> "Operation failure; if logging is enabled, see details in the
> ACME$SERVER log file"
>
> I suspect this is due to the same problems or incompatibilities corrected
> in the TCPIP_CVE_PAT ECO for HP TCPIP (released in December at the same
> time as SSL1.)
<http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04952488>
John Santos
Mar 9, 2016, 7:44:03 PM3/9/16
to
In article <nagh89$3ds$1...@dont-email.me>, craig...@nospam.mac.com
says...
> <http://h20564.www2.hpe.com/hpsc/doc/public/displaydocId=emr_nac0495248
8>
HP TCP/IP with the CVE_PAT works fine with LDAP/external authentication.
I didn't try it with SSL1, but without the CVE patch.
Without SSL1, both TCPware and HP TCP/IP work with external
authentication.
With SSL1, LDAP and ACMELDAP each have patches, that seem to be required
when using SSL1. Installed those patches.
HP also claims that HP TCP/IP requires CVE_PAT when SSL1 is installed,
so I installed that as well (on the TCP/IP systems.)
Result: External Authentication works with HP TCP/IP systems, but not on
the TCPware systems.
Installed HP TCP/IP (5.7 ECO 5) and CVE_PAT on the TCPware systems.
External authentication now works on them.
The notes you linked to say CVE_PAT fixes various security
vulnerabilities in BIND and IPC, but not that it includes no other
fixes. However, the actual release notes for the patch (sys$help:bletch)
says:
Installation of this patch kit is mandatory for systems which have the
HPE SSL1 kit (HP-I64VMS-SSL1-V0100-2C-1 / HP-AXPVMS-SSL1-V0100-2C-1, or
higher version) installed, to ensure compatibility between SSL1 and the
TCPIP components (BIND, FTP, NTP, IMAP and POP).
Nothing about the LDAP client, but maybe some transport service or
library functions that the LDAP client uses also got fixed?
Don't see and common libraries being updated by the ECO, though, just
various component-specific images for BIND, FTP, etc.
says...
8>
HP TCP/IP with the CVE_PAT works fine with LDAP/external authentication.
I didn't try it with SSL1, but without the CVE patch.
Without SSL1, both TCPware and HP TCP/IP work with external
authentication.
With SSL1, LDAP and ACMELDAP each have patches, that seem to be required
when using SSL1. Installed those patches.
HP also claims that HP TCP/IP requires CVE_PAT when SSL1 is installed,
so I installed that as well (on the TCP/IP systems.)
Result: External Authentication works with HP TCP/IP systems, but not on
the TCPware systems.
Installed HP TCP/IP (5.7 ECO 5) and CVE_PAT on the TCPware systems.
External authentication now works on them.
The notes you linked to say CVE_PAT fixes various security
vulnerabilities in BIND and IPC, but not that it includes no other
fixes. However, the actual release notes for the patch (sys$help:bletch)
says:
Installation of this patch kit is mandatory for systems which have the
HPE SSL1 kit (HP-I64VMS-SSL1-V0100-2C-1 / HP-AXPVMS-SSL1-V0100-2C-1, or
higher version) installed, to ensure compatibility between SSL1 and the
TCPIP components (BIND, FTP, NTP, IMAP and POP).
Nothing about the LDAP client, but maybe some transport service or
library functions that the LDAP client uses also got fixed?
Don't see and common libraries being updated by the ECO, though, just
various component-specific images for BIND, FTP, etc.
Zorro
Mar 7, 2022, 4:15:04 AM3/7/22
to
John Santos a exposé le 22/02/2016 :
Ta pause d'usenet a donc duré 9 minutes, chapeau :)
--
Ta pause d'usenet a donc duré 9 minutes, chapeau :)
Des posts qui sont annulés par vendetta ce qui est complètement
ridicule.
C'est notamment le cas des annulations faites par E.M.
--
Ta pause d'usenet a donc duré 9 minutes, chapeau :)
Des posts qui sont annulés par vendetta ce qui est complètement
ridicule.
C'est notamment le cas des annulations faites par E.M.
Zorro
Mar 7, 2022, 4:18:34 AM3/7/22
to
Après mûre réflexion, John Santos a écrit :
Zorro
Mar 7, 2022, 4:22:03 AM3/7/22
to
Zorro a couché sur son écran :
Zorro
Mar 7, 2022, 4:23:04 AM3/7/22
to
Zorro
Mar 7, 2022, 4:24:30 AM3/7/22
to
John Santos a couché sur son écran :
Ta pause d'usenet a donc duré 7 jours, chapeau :) E.M.
0 new messages