/usr/lib/dcs [-s sessions] [ [-a auth] [-e encr] [-u esp_auth] ] [-l]
The Domain Configuration Server (DCS) is a daemon process that runs on Sun servers that support remote Dynamic Reconfiguration (DR) clients. It is started by the Service Management Facility (see smf( 5)) when the first DR request is received from a client connecting to the network service sun-dr. After the DCS accepts a DR request, it uses the libcfgadm (3LIB) interface to execute the DR operation. After the operation is performed, the results are returned to the client.
The DCS listens on the network service labeled sun-dr. Its underlying protocol is TCP. It is invoked as a server program by the SMF using the TCP transport. The fault management resource identifier (FMRI) for DCS is:
If you disable this service, DR operations initiated from a remote host fail. There is no negative impact on the server.
Security for the DCS connection is provided differently based upon the architecture of the system. The SMF specifies the correct options when invoking the DCS daemon, based upon the current architecture. For all architectures, security is provided on a per-connection basis.
The DCS daemon has no security options that are applicable when used on a Sun Enterprise 10000 system. So there are no options applicable to that architecture.
The security options for Sun Fire high-end systems are based on IPsec options defined as SMF properties. These options include the –a auth, –e encr, and –u esp_auth options, and can be set using the svccfg(1M) command. These options must match the IPsec policies defined for DCS on the system controller. Refer to the kmd(1M) man page in the System Management Services (SMS) Reference Manual. The kmd(1M) man page is not part of the SunOS man page collection.
Security on SPARC Enterprise Servers is not configurable. The DCS daemon uses a platform-specific library to configure its security options when running on such systems. The –l option is provided by the SMF when invoking the DCS daemon on SPARC Enterprise Servers. No other security options to the DCS daemon should be used on SPARC Enterprise Servers.
The following options are supported:
Controls the IPsec Authentication Header (AH) algorithm. auth can be one of none, md5, or sha1.
Controls the IPsec Encapsulating Security Payload (ESP) encryption algorithm. encr can be one of none, des, or 3des.
Enables the use of platform-specific security options on SPARC Enterprise Servers.
Sets the number of active sessions that the DCS allows at any one time. When the limit is reached, the DCS stops accepting connections until active sessions complete the execution of their DR operation. If this option is not specified, a default value of 128 is used.
Controls the IPsec Encapsulating Security Payload (ESP) authentication algorithm. esp_auth can be one of none, md5, or sha1.
The following command sets the Authentication Header algorithm for the DCS daemon to use the HMAC-MD5 authentication algorithm. These settings are only applicable for using the DCS daemon on a Sun Fire high-end system.
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/ah_auth = "md5" # svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_encr = "none" # svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_auth = "none" # svcadm refresh svc:/platform/sun4u/dcs
The DCS uses syslog(3C) to report status and error messages. All of the messages are logged with the LOG_DAEMON facility. Error messages are logged with the LOG_ERR and LOG_NOTICE priorities, and informational messages are logged with the LOG_INFO priority. The default entries in the /etc/syslog.conf file log all of the DCS error messages to the /var/adm/messages log.
See attributes(5) for descriptions of the following attributes:
The dcs service is managed by the service management facility, smf(5), under the fault management resource identifier (FMRI):