PURPOSE

tlisten - generic listener process

SYNOPSIS

tlisten [ -d device ] -l nlsaddr [-u {uid-# | uid-name}] [ -z bits ] [ -Z bits ]

DESCRIPTION

tlisten is a network independent listener process that runs as a daemon process on TUXEDO System/T application processors and provides remote service connections for other System/T processes, for example, tmboot(1). The following command line options are used by tlisten:

-d device

Full pathname of the network device. For Release 6.4 and later, this parameter is optional. For prior releases, it should be used if the underlying network provider requires it (for example, tli).

-l nlsaddr

Specifies the network address where the process listens for connections.

TCP/IP addresses may be specified in the following forms:

"//host.name:port_number"
"//#.#.#.#:port_number"

In the firsst format, the domain finds an address for hostname using the local name resolution facilities (usually DNS). hostname must be the local machine, and the local name resolution facilities must unambiguously resolve hostname to the address of the local machine.

In the second example, the "#.#.#.#" is in dotted decimal format. In dotted decimal format, each # should be a number from 0 to 255. This dotted decimal number represents the IP address of the local machine.

In both of the above formats, port_number is the TCP port number at which the domain process will listen for incoming requests. port_number can either be a number between 0 and 65535 or a name. If port_number is a name, then it must be found in the network services database on your local machine.

The address can also be specified in hexadecimal format when preceded by the characters "0x". Each character after the initial "0x" is a number between 0 and 9 or a letter between A and F (case insensitive). The hexadecimal format is useful for arbitrary binary network addresses such as IPX/SPX or TCP/IP.

The address can also be specified as an arbitrary string. The value should be the same as that specified for the NLSADDR parameter in the NETWORK section of the configuration file.

-u {uid-#| uid-name}

tlisten will run as the indicated user. This option supports the startup of tlisten as part of system initialization by root. This option is required if the user running tlisten is root. The tlisten process can therefore be started by root, but will not run as root. Non-root users of the tlisten command do not need to use the -u option. Non-root users can set the -u option, but it can only be set to their own user id and is effectively a no-op. Each instantiation of a tlisten process on a processor is capable of supporting all System/T applications that use the same application administrator user id.

-z [0|40|128]

When establishing a network link between a TUXEDO administrative process and tlisten, require at least this minimum level of encryption. 0 means no encryption, while 40 and 128 specify the length (in bits) of the encryption key. If this minimum level of encryption cannot be met, link establishment will fail. The default value is 0.

-Z [0|40|128]

When establishing a network link between a TUXEDO administrative process and tlisten, allow encryption up to this level. 0 means no encryption, while 40 and 128 specify the length (in bits) of the encryption key. The default value is 128. The -z or -Z options are available only if either the International or Domestic BEA TUXEDO Security Add-on Package is installed.

The tlisten process authenticates most service requests. tlisten reads a file with a list of passwords, and any process requesting a service must present at least one of the passwords found in the file. If the APPDIR environment variable is set, passwords will be obtained from a file named APPDIR/.adm/tlisten.pw. If this file is not found, the system will look for TUXDIR/udataobj/tlisten.pw, which is created when the TUXEDO System is installed. A zero-length or missing password file disables password checking. When running in this insecure mode, the tlisten and any process connecting to tlisten will generate a userlog warning message.

Processes which request services from tlisten such as tmboot find the passwords to be used during authentication in files on their own machines. They use the same methods as the tlisten to find their password files.

ENVIRONMENT VARIABLES

• TUXDIR must be set and exported before the tlisten command is invoked.
• LD_LIBRARY_PATH must be set for SVR4 applications that use shared objects. It must be set to $TUXDIR/lib before the tlisten process is started.
• APPDIR may be used to provide the name of the tlisten password file.
• ULOGPFX can be used to direct the file in which log messages are to be placed.

Note: During the installation process, an administrative password file is created. When necessary, BEA TUXEDO searches for this file in the following directories (in the order shown):

APPPPDIR/.adm/tlisten.pw
TUXDIR/udataobj/tlisten.pw

To ensure that your administrative password file will be found, make sure you have set the APPDIR and/or TUXDIR environment variables.

LINK-LEVEL ENCRYPTION

If the link-level encryption feature is in operation between tlisten and a requesting process such as tmboot, link-level encryption will be negotiated and activated before authentication occurs.

TERMINATION

The only way to stop a tlisten process with a normal termination is by sending it a SIGTERM signal.

RECOMMENDED USE

We recommend that you start one tlisten process for each application upon system startup. Remember to set the TUXDIR and APPDIR environment variables before invoking tlisten.

One alternative method for starting the tlisten process is to start it manually. The -u option can be omitted if the tlisten process is started by the application administrator. Duplicate tlisten command invocations using the same network address will terminate automatically and gracefully log an appropriate message.

NETWORK ADDRESSES

Suppose the local machine on which tlisten is being run is using TCP/IP addressing and is named backus.company.com, with address 155.2.193.18. Further suppose that the port number at which the /T domain should accept requests is 2334. Assume that port number 2334 has been added to the network services database under the name bankapp-nlsaddr. The address specified by the \f4-l\fP option could be represented in the following ways:

//155.2.193.18:bankapp-nlsaddr
//155.2.193.18:2334
//backus.company.com:bankapp-nlsaddr
//backus.company.com:2334
0x0002091E9B02C112

The last of these representations is hexadecimal format. The 0002 is the first part of a TCP/IP address. The 091E is the port number 2334 translated into a hexadecimal number. After that each element of the IP address 155.2.193.12 is translated into a hexadecimal number. Thus the 155 becomes 9B, 2 becomes 02 and so on.

For a STARLAN network, a recommended address of uname.tlisten will usually yield a unique name.

WINDOWS NT CONTROL PANEL APPLET

Administrative privileges on a remote NT machine are required in order to start a tlisten process on that machine through the Control Panel Applet.

SEE ALSO

ubbconfig(5)