Patch-ID# 108505-05 Keywords: security nsmail NMS 4.1 nsnews_probe nshttp netscape nsldap Synopsis: SunCluster 2.2: Internet Pro Patch Date: Jul/13/2001 Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: Sun Cluster Unbundled Release: 2.2 Xref: Topic: Sun Cluster 2.2: Internet Pro Patch Relevant Architectures: sparc BugId's fixed with this patch: 4250087 4283160 4296453 4331788 4339357 4402009 4454632 4455691 Changes incorporated in this version: 4455691 Patches accumulated and obsoleted by this patch: 108109-02 108510-01 Patches which conflict with this patch: Patches required with this patch: 108423-02 or greater 108423-04 or greater Obsoleted by: Files included with this patch: /etc/init.d/SUNWscnsm /etc/opt/SUNWscnsm/hadsconf.tmpl /opt/SUNWcluster/ha/dns/dns_probe /opt/SUNWcluster/ha/nshttp/nshttp_fm_check /opt/SUNWcluster/ha/nshttp/nshttp_fm_init /opt/SUNWcluster/ha/nshttp/nshttp_fm_start /opt/SUNWcluster/ha/nshttp/nshttp_fm_stop /opt/SUNWcluster/ha/nshttp/nshttp_probe /opt/SUNWcluster/ha/nshttp/nshttp_status /opt/SUNWcluster/ha/nshttp/nshttp_svc_abort /opt/SUNWcluster/ha/nshttp/nshttp_svc_abort_net /opt/SUNWcluster/ha/nshttp/nshttp_svc_start /opt/SUNWcluster/ha/nshttp/nshttp_svc_start_net /opt/SUNWcluster/ha/nshttp/nshttp_svc_stop /opt/SUNWcluster/ha/nshttp/nshttp_svc_stop_net /opt/SUNWcluster/ha/nsldap/nsldap_fm_check /opt/SUNWcluster/ha/nsldap/nsldap_fm_start /opt/SUNWcluster/ha/nsldap/nsldap_fm_stop /opt/SUNWcluster/ha/nsldap/nsldap_probe /opt/SUNWcluster/ha/nsldap/nsldap_svc_abort /opt/SUNWcluster/ha/nsldap/nsldap_svc_abort_net /opt/SUNWcluster/ha/nsldap/nsldap_svc_start /opt/SUNWcluster/ha/nsldap/nsldap_svc_start_net /opt/SUNWcluster/ha/nsldap/nsldap_svc_stop /opt/SUNWcluster/ha/nsldap/nsldap_svc_stop_net /opt/SUNWcluster/ha/nsmail/nsmail_fm_check /opt/SUNWcluster/ha/nsmail/nsmail_fm_init /opt/SUNWcluster/ha/nsmail/nsmail_fm_start /opt/SUNWcluster/ha/nsmail/nsmail_fm_stop /opt/SUNWcluster/ha/nsmail/nsmail_probe /opt/SUNWcluster/ha/nsmail/nsmail_status /opt/SUNWcluster/ha/nsmail/nsmail_svc_abort /opt/SUNWcluster/ha/nsmail/nsmail_svc_abort_net /opt/SUNWcluster/ha/nsmail/nsmail_svc_start /opt/SUNWcluster/ha/nsmail/nsmail_svc_start_net /opt/SUNWcluster/ha/nsmail/nsmail_svc_stop /opt/SUNWcluster/ha/nsmail/nsmail_svc_stop_net /opt/SUNWcluster/ha/nsmail/nsmail_sync /opt/SUNWcluster/ha/nsnews/nsnews_probe Problem Description: 4455691 Complete fix for BugID 4402009 (from 108505-04) 4454632 dns_probe needs to be included in Internet Pro Patch (from 108505-03) 4402009 Sun Cluster INetPro files write to /tmp insecurely (from 108505-02) 4339357 nsmail_svc_stop and nsmail_svc_stop_net are reversed (from 108505-01) 4283160 SC 2.2 Data Services Update: HA nsmail support for NMS 4.1 (from 108510-01) 4296453 SC 2.2 Data Services Update: HA nshttp support for Secure 3.6 & 4.0 (from 108109-02) 4331788 netscape mail service loses connections when ldap logical host fails over (from 108109-01) 4250087 SC 2.2 Data Services Update: HA NSLDAP support for NDS LDAP 4.1 Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ---------------------------------- Stop the Sun Cluster software on this node before applying this patch. Apply this patch to this node and then restart the Sun Cluster software after patch installation o login as root, then run the command: # scadmin stopnode o apply the patch as usual o restart the cluster on this node # scadmin startnode NOTE 1: For complete functionality for HA nsmail support, the following patches must be installed and installed in the following order (or newer): 108450-01 108423-02 NOTE 2: There are few user-level changes associated with Netscape HTTP 4.0 and Netscape HTTP Secure 3.6. Follow the installation and configuration tasks documented in Chapter 8 "Setting Up and Administering Sun Cluster HA for Netscape," in the Sun Cluster 2.2 Software Installation Guide, but note the following exceptions. In the procedure "How to Install Netscape Web or HTTP Server", the following changes apply. 1. Modify Step 7 on page 8-13: Original: "Click Create New Netscape Enterprise Server 3.5.1" For Netscape HTTP Secure 3.6, replace with: "Click Create New Netscape Enterprise Server 3.6" For Netscape HTTP 4.0, replace with: "Click Create New Netscape Enterprise Server 4.0" 2. Add to Step 8 on page 8-13: "Note that this step creates a directory "https-servername" in the server root you specified in Step 1. For example, if the server root in Step 1 was specified as /netscape-1/vol01/nshttps and the name of the server you created was hahost1, then the directory created is /netscape-1/vol01/nshttps/https-hahost1." 3. (For Netscape HTTP Secure 3.6 ONLY) Add new step after Step 8 on page 8-13: "Change to the directory created in Step 8. Create a file "keyPass" in the directory. This file should contain the password, as in Step 6. This allows the HA data service to run the server with encryption on. For more details on how to configure the server to run with encryption on or off, refer to your Netscape Enterprise Server documentation." 4. (For Netscape HTTP 4.0 ONLY) Add to Step 9 on page 8-13: "Note that the certificates needed for the Enterprise Server to run in encrypted mode must be created for each of the physical hosts on which the server can potentially run. This is different from versions 3.6 and earlier, in which only one certificate (independent of the physical servers) had to be installed. This change is imposed by the Enterprise certificate management model for Enterprise OS version 4. 5. Modify the original Step 14 on page 8-13: Original: "Enter the Location to your logical host for the Base directory location ... /netscape-1/vol01/nshttps/hahost1." Replace with: "Enter the Location to your logical host for the Base directory location ... /netscape-1/vol01/nshttps/https-hahost1." NOTE 3: This version of Sun Cluster HA for Netscape Directory Server requires few changes at the user level. All installation and configuration tasks are identical to those documented in Chapter 8 "Setting Up and Administering Sun Cluster HA for Netscape," in the Sun Cluster 2.2 Software Installation Guide, with the following exceptions: - To install Netscape Directory server, run the command "setup" (rather than "ns-setup") from the Netscape Directory Server install directory. - The package name for Netscape Directory Server is SUNWscnsl, rather than SUNWhadns. NOTE 4: To get the complete fix for files insecurely writing to /tmp, one needs to install the following patches (or newer): 109208-12 Sun Cluster 2.2: Framework Patch 109211-07 Sun Cluster 2.2: Comm Patch 107996-12 Sun Cluster 2.2: HA-Oracle Patch 108423-04 Sun Cluster 2.2: Data Service Common Patch 108511-03 Sun Cluster 2.2: HA-Sybase Patch 108351-04 Sun Cluster 2.2: HA-SAP Patch 111131-01 Sun Cluster 2.2: HA-Informix Patch 108034-02 Sun Cluster 2.2: HA-Tivoli Patch 108447-04 Sun Cluster 2.2: HA-Lotus Patch 107388-05 Sun Cluster 2.2: System Management Patch Patch Backout: ------------- Before backing out the patch, make sure the cluster software is stopped on the node: o login as root, then run the command: # scadmin stopnode o Remove the patch as usual. README -- Last modified date: Friday, July 13, 2001