dcs(1M) System Administration Commands dcs(1M)NAMEdcs - domain configuration server
SYNOPSIS
/usr/lib/dcs [-s sessions] [ [-a auth] [-e encr] [-u esp_auth] ] [-l]
DESCRIPTION
The Domain Configuration Server (DCS) is a daemon process that runs on
Sun servers that support remote Dynamic Reconfiguration (DR) clients.
It is started by the Service Management Facility (see smf(5)) when the
first DR request is received from a client connecting to the network
service sun-dr. After the DCS accepts a DR request, it uses the libcf‐
gadm(3LIB) interface to execute the DR operation. After the operation
is performed, the results are returned to the client.
The DCS listens on the network service labeled sun-dr. Its underlying
protocol is TCP. It is invoked as a server program by the SMF using the
TCP transport. The fault management resource identifier (FMRI) for DCS
is:
svc:/platform/sun4u/dcs:default
If you disable this service, DR operations initiated from a remote host
fail. There is no negative impact on the server.
Security for the DCS connection is provided differently based upon the
architecture of the system. The SMF specifies the correct options when
invoking the DCS daemon, based upon the current architecture. For all
architectures, security is provided on a per-connection basis.
The DCS daemon has no security options that are applicable when used on
a Sun Enterprise 10000 system. So there are no options applicable to
that architecture.
The security options for Sun Fire high-end systems are based on IPsec
options defined as SMF properties. These options include the -a auth,
-e encr, and -u esp_auth options, and can be set using the svccfg(1M)
command. These options must match the IPsec policies defined for DCS on
the system controller. Refer to the kmd(1M) man page in the System Man‐
agement Services (SMS) Reference Manual. The kmd(1M) man page is not
part of the SunOS man page collection.
Security on SPARC Enterprise Servers is not configurable. The DCS dae‐
mon uses a platform-specific library to configure its security options
when running on such systems. The -l option is provided by the SMF when
invoking the DCS daemon on SPARC Enterprise Servers. No other security
options to the DCS daemon should be used on SPARC Enterprise Servers.
OPTIONS
The following options are supported:
-a auth
Controls the IPsec Authentication Header (AH) algorithm. auth can
be one of none, md5, or sha1.
-e encr
Controls the IPsec Encapsulating Security Payload (ESP) encryption
algorithm. encr can be one of none, des, or 3des.
-l
Enables the use of platform-specific security options on SPARC
Enterprise Servers.
-s sessions
Sets the number of active sessions that the DCS allows at any one
time. When the limit is reached, the DCS stops accepting connec‐
tions until active sessions complete the execution of their DR
operation. If this option is not specified, a default value of 128
is used.
-u esp_auth
Controls the IPsec Encapsulating Security Payload (ESP) authentica‐
tion algorithm. esp_auth can be one of none, md5, or sha1.
EXAMPLES
Example 1: Setting an IPSec Option
The following command sets the Authentication Header algorithm for the
DCS daemon to use the HMAC-MD5 authentication algorithm. These settings
are only applicable for using the DCS daemon on a Sun Fire high-end
system.
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/ah_auth = "md5"
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_encr = "none"
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_auth = "none"
# svcadm refresh svc:/platform/sun4u/dcs
ERRORS
The DCS uses syslog(3C) to report status and error messages. All of the
messages are logged with the LOG_DAEMON facility. Error messages are
logged with the LOG_ERR and LOG_NOTICE priorities, and informational
messages are logged with the LOG_INFO priority. The default entries in
the /etc/syslog.conf file log all of the DCS error messages to the
/var/adm/messages log.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWdcsu, SUNWdcsr │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsvcs(1), cfgadm_sbd(1M), svcadm(1M), svccfg(1M), syslog(3C), con‐
fig_admin(3CFGADM), libcfgadm(3LIB), syslog.conf(4), attributes(5),
smf(5), dr(7D)NOTES
The dcs service is managed by the service management facility, smf(5),
under the fault management resource identifier (FMRI):
svc:/platform/sun4u/dcs:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). The service's
status can be queried using the svcs(1) command.
SunOS 5.10 25 Apr 2006 dcs(1M)