UnixWare 7.1.4 Maintenance Pack 1
New Features and Notes

July 2004

This document provides new feature descriptions for UnixWare 7.1.4 Maintenance Pack 1 (MP1). Please see the file relnotes.html, either on the Maintenance Pack CD or on the UnixWare Supplements Web Page, for installation instructions, release notes, the list of problems fixed, known problems and workarounds, and other important information about MP1. For UnixWare 7.1.4 online documentation and release notes, please visit the Documentation Web Site.

New Features

Encrypting Filesystems
Perl Module mod_jk1 for Tomcat
Pluggable Authentication Modules (PAM)
Samba 3.0 - Multibyte
Samba 3.0 - PAM-enabled

Encrypting Filesystems

A new encryption feature has been added to the marry(7) driver. Using the marry(1M) command, an empty regular file is associated with a block special device name, and encryption is enabled on the file. A file system is created on the block special device using the mkfs(1M) command, and the block special device is mounted using the mount(1M) command. Once mounted, all data written to the file is encrypted using the 128 bit Advanced Encryption Standard (also known as 128bit AES and the Rijndael block cipher); all data read from the file is decrypted. A simple example follows:

  1. In the commands below in this procedure, regfile is the full pathname to the regular file that will contain the encypted file system. Make sure that regfile does not exist; if it does, rename or delete it before continuing. Create regfile and assign appropriate permissions and ownership, as in this example:

    # touch regfile
    # chmod 660 regfile
    # chown root regfile
    # chgrp appgrp regfile
  2. In the commands below in this procedure, mountpoint is the full pathname of the directory to be used to mount the file system. Make sure that mountpoint is an empty directory; move or delete any data residing there before continuing. If mountpoint does not exist, create it and assign appropriate permissions and ownership, as in this example:

    # mkdir mountpoint
    # chown root mountpoint
    # chgrp appgrp mountpoint
    # chmod 750 mountpoint
  3. Marry a block special device to regfile and enable encryption on the device:

    # cryptfs=`marry -a -b blksz -c "passphrase" regfile`

    In the example above, the output of the marry command (which can be quite long depending on the path used for regfile) is assigned to the $cryptfs environment variable; this is done only to simplify typing the commands in the next step.

    The blksz is the maximum size of the married device, in 512-byte blocks, plus 5 blocks for encryption information. So, if you want a file system with a maximum size of 10000 512-byte blocks, use 10005 for blksz. The passphrase (similar to a password, but longer) is used to generate the keys that encrypt and decrypt the contents of regfile. See the marry(1M) manual page for a full explanation of passphrase.

  4. Make and mount the file system:

    # mkfs -F vxfs $cryptfs blksz-5
    # mount $cryptfs mountpoint

    Note that $cryptfs is the output of the marry command from the previous step. Also note that the block size used in the mkfs command must be 5 blocks less than the blksz used in the previous marry command.

Please note that an encrypted file system requires more system overhead than a regular file system; this can have a significant effect on performance, depending on the intended use of the encrypted file system. See the marry(1M) and marry(7) manual pages for more information, including the limitations of this interface.

Perl Module mod_jk1 for Apache and Tomcat

The Perl module mod_jk1 is used to connect an Apache Web Server to a Tomcat Java Application Server, to provide Web access to Java Applications. Apache and Tomcat are part of the SCOx Web Enabling and Web Services Substrate software, distributed as part of Release 7.1.4. Information on configuring mod_jk1 can be found on the Apache Jakarta Project server at: Tomcat documentation can be found on the Tomcat website at, and Apache documentation is available from the default Apache server running on UnixWare on port 80 (http://localhost:80).

Pluggable Authentication Modules (PAM)

The Pluggable Authentication Modules (PAM) feature allows an administrator to manage the authentication policy used by all applications that support PAM without making any changes to those applications. PAM is implemented through:

Please see the PAM documentation for more information.

Samba 3.0 - Multibyte
Samba 3.0 - PAM-enabled

Two versions of Samba are available. Install the one that's right for your needs:

sambambThe sambamb package provides a multibyte version of Samba 3.0 for Asian locales. The multibyte version is not PAM-enabled and will not work properly if PAM is installed and enabled.
sambaThe samba package provides an update to the (non-multibyte) Samba 3.0 distributed with Release 7.1.4. This version is enabled for the Pluggable Authentication Modules (PAM) and Name Service Switch (NSS) features. If you install and enable PAM, you must also install the PAM-enabled samba package, since the version of Samba distributed with Release 7.1.4 (and other previous versions) will no longer work once PAM is enabled.

© Copyright 2004 The SCO Group, Inc. All rights reserved.