On UNIX platforms, clients who present authentication NONE cannot access file databases. Release 5 clients always present some other form of authentication if possible.

On Windows NT, clients who present authentication NONE can access file databases. Clients can access any file that is accessible to the user running the Server (usually Local System).

SYS - UNIX only. ObjectStore uses the Sun ONC RPC AUTH_SYS authentication method, previously called AUTH_UNIX.

The client sends the Server a UNIX user ID and a set of group IDs, which the Server trusts. The ObjectStore client library always sends the current effective user ID and group set. This is the same mechanism used by the NFS protocol.

Caution

If you use this method, be aware of the following points:

If untrustworthy users have access to the root password, they can assume the identity of any user.

A malicious user might contrive to patch the ObjectStore client so that it sends some access identity information other than the current effective user ID and group set.
Not all systems can generate this information in a client. If you run an ObjectStore Server on such a system, this method is not available.

DES - Sun, AIX, and System V.4.0 only. ObjectStore uses the Sun ONC RPC AUTH_DES authentication, also known as secure RPC. To enable this mechanism, you must first set up the Network Information System (NIS), run the keyserv daemon on all client and Server hosts, and register public keys in the publickey NIS map. (See the newkey, chkey, keyserv, and keylogin manual pages.)

For a full explanation of the secure RPC mechanism, see the documentation supplied with your operating system.

DES authentication protects against abuse of the root password and against straightforward attempts to patch an ObjectStore client to send a fraudulent access ID. However, it is not secure against a determined intruder, due to bugs both in its design and in the reference implementation.

Name Password - All platforms except OS/2 and Windows 95. This value was previously named UNIX Login. In this release, UNIX Login is a synonym for Name Password.

ObjectStore requires each client application to send a user name and password to the Server, which validates them. See "User interface to authentication". The advantage of this method is that there is no way to fool the Server - it grants exactly the access available to the user it authenticates. The disadvantage is that ObjectStore cannot arrange a trusted path. That is, there is no way that a user, prompted for a password, can be sure that the password will be sent to the ObjectStore Server and only to the ObjectStore Server. A malicious program author could solicit and then retain passwords.

NT Local - Windows NT only. Allows Windows NT clients to communicate with local Servers.

Parameter value might imply a set of values

When you set the parameter to one of these authentication types, it means that the Server can use that value as well as any values that follow it in the list, if the value can be specified on that Server's platform. The complete prioritized list of authentication types is

NONE
SYS
DES
NAME PASSWORD
NT LOCAL

To determine the list of authentication types that a Server supports, run the ossvrstat utility. See ossvrstat: Displaying Server and Client Informationfor further information.

Examples of allowable authentication

For example, if an AIX Server has the value NONE for the Authentication Required Server parameter, it means that a client can return information that complies with NONE, SYS, DES, or NAME PASSWORD. These four values make up the Server-supported list on this platform.

If an HP Server has Authentication Required set to SYS, it means that a client can return information that complies with SYS or NAME PASSWORD. The Server-supported list for HP-UX has two values.

If a Windows NT Server has Authentication Required set to Name Password, clients can return information that complies with Name Password or NT Local. The Server-supported list for Windows NT contains two values.

How does a
client choose?

How does a client determine which type of authentication to provide to the Server?

On all platforms, if Authentication Required is NONE and if the Server can have a value of SYS for the parameter, the client returns information that complies with SYS. This allows Release 5 clients to access Release 5 rawfs and file databases.

Suppose that Authentication Required is NONE but the Server cannot have a value of SYS. In this case, the client returns information that complies with the first value in the Server-supported list that the client supports. For an AIX client contacting a Windows NT Server, this would be Name Password. Note that if the Server were on AIX, both the SYS and DES values would be allowed. A Server that cannot have a value of SYS is not a UNIX system and so the Server-supported list of values for authentication includes NONE, Name Password, and possibly NT Local.

UNIX clients always provide Name Password authentication when accessing Windows NT Servers.

Windows NT clients

When a Windows NT client provides authentication it must provide the domain name, the user name, and the user password. By default, ObjectStore uses the USERDOMAIN environment variable. You can override this by specifying a name of the form domain\name.

When a Release 5 Windows NT client contacts a local Windows NT Server, the client always provides NT Local authentication.

When a Release 5 Windows NT client contacts a remote Windows NT Server or a UNIX Server, the default is for the client to provide Name Password authentication.

To allow a Windows NT client to provide SYS authentication to a UNIX Server, you must set the user ID and group ID in the Windows NT registry. To prohibit Windows NT clients from returning SYS authentication to UNIX Servers, you can either set Authentication Required to Name Password or forbid the user ID and group ID entries in the registry. See Chapter 8, Managing ObjectStore on Windows.

Suppose a Release 5 Windows NT client contacts a Server that can accept SYS authentication. Further suppose that user ID and group are set in the Windows NT registry. In this case, the client provides SYS authentication. This allows compatibility with UNIX Servers. If the Server does not allow SYS authentication or if the user ID and group are not set in the registry, then the client provides the first type of authentication that it can that is in the list of Server-supported authentication types. In some cases, this is Name Password. But it might be NONE, which means that a Release 5 Windows NT client can access file databases that are accessible by the user running the Server.

Exceptions

When a Server is using Name Password for authentication and detects something wrong, it signals the err_authentication_failure exception. This usually means that there is no user by the specified name or the password is incorrect.

If the Server receives a command that needs authentication, but the connection has not been authenticated, and Authentication Required is not None, the Server rejects the command and signals the err_rpc_auth_tooweak (client credential too weak) exception. This means that the client could not provide the authentication that the Server requested. This happens when a client cannot generate any of the types of authentication that the Server requires.

User interface to authentication

By default, the interface to Name Password authentication communicates with the user interactively. On UNIX, it uses the /dev/tty device or the stdin and stdout streams to prompt for a user name and a password. On Windows, console applications work the same way. Windows applications pop up a dialog box. Your application can control the Name Password interface with the functions objectstore::set_simple_auth_ui() and get_simple_auth_ui(), which are described in the ObjectStore C++ API Reference.

Cache Manager Ping Time

Default: 300

The Cache Manager Ping Time parameter specifies a number of seconds. Whenever between Cache Manager Ping Time seconds and twice Cache Manager Ping Time seconds have elapsed with no message from the client, the Server attempts to send a message to the client's Cache Manager to check whether the client is still active. If the Cache Manager cannot be contacted or the Cache Manager indicates that the client does not exist, the Server disconnects the client connection. The minimum number of seconds you can specify is 10.

A large value for this parameter reduces network traffic and reduces the chance that a client will be disconnected because of a transient network failure. A small value increases network traffic, but ensures that a client that is disconnected from the network cannot hold locks for more than a short period of time.

If Cache Manager Ping Time and Cache Manager Ping Time In Transaction have different values, ObjectStore uses Cache Manager Ping Time when the client is not in a transaction.

Cache Manager Ping Time In Transaction

Default: 300

The Cache Manager Ping Time In Transaction parameter is the same as the Cache Manager Ping Time parameter, except the Server uses the interval you specify only during transactions. The number of seconds you specify for Cache Manager Ping Time In Transaction must be less than or equal to the value set for Cache Manager Ping Time. The minimum you can specify is 10 seconds.

If Cache Manager Ping Time and Cache Manager Ping Time In Transaction have different values, ObjectStore uses Cache Manager Ping Time In Transaction when the client is in a transaction.

DB Expiration Time

Default: 300

The DB Expiration Time parameter specifies the number of seconds that the Server keeps a rawfs database open after the last user has closed the database. This allows data propagation to happen in the background, which means that users do not wait for propagation to occur before they can close the rawfs database. Also, applications that use the rawfs database start more quickly if they are starting during DB Expiration Time.

Deadlock Victim

Default: work

The Deadlock Victim parameter specifies the method that the Server uses to select a victim in the event of a deadlock. Specify one of the following to determine which client is the victim. The Server sends a message to the selected client to abort the transaction.


Age	Youngest client. A client's age is calculated as the time since its last successfully committed transaction.
Current	Client that made the last request to the Server, causing it to detect the deadlock.
Oldest	Oldest client. A client's age is calculated as the time since its last successfully committed transaction
Random	Random client.
Work	Client that has done the least amount of work, as measured by RPC calls to the Server during the current transaction. This is the default.

This method of choosing a victim is secondary to transaction priority. See objectstore::set_transaction_priority() in the ObjectStore C++ API Reference for more information on transaction priorities.

Deadlock

Deadlock occurs when two or more processes are waiting for locks and there is a circular dependency such that none of them can obtain the locks. For example, ProcessA is waiting for a lock held by ProcessB, which is waiting for a lock held by ProcessA. Because the dependency is circular, none of the processes can obtain the requested lock. If the ObjectStore Server did not detect deadlock situations, the processes involved would wait for an infinite length of time.

Transaction data

When deadlock occurs, the Server automatically detects it and chooses a victim whose transaction is aborted. If the aborted transaction is a lexical transaction, it is automatically retried. If it is a dynamic transaction, the transaction is aborted with err_deadlock.

When the Server aborts lexical transactions, it rolls back the persistent data that has been modified during the transaction to its pretransaction state. Also, stack variables declared within the scope of the transaction go out of scope. Special care must be taken for stack variables whose values have been changed within the transaction and for space allocated on the heap during the transaction.

To obtain information about where the deadlock occurs, run the Server in debug mode.

Direct to Segment Threshold

Default: 128

The Direct to Segment Threshold parameter specifies, in sectors, the threshold value that determines whether the Server writes segments to the log first and then to the database, or writes them directly to the database. If less than this threshold is written past the current end of segment during a transaction, the data is written to the log before being written to the database. If the number of sectors written is greater than this threshold, the data is written directly to the database. The default is 128 sectors (64 KB).

Choosing a value depends on the size of the log and the cost of writing and flushing the data separately from writing and flushing the log record. For example, if you need to add 1 KB to each of 100 segments, writing 1 KB to each segment accesses the disk 100 times. If average disk speed is 8 to 12 milliseconds per access, it would take 800 milliseconds to 1.2 seconds to perform all the write operations. But if you write the data to the log, either in a record or in the log data segment, the write operation would probably be to contiguous disk storage and only take about 50 milliseconds. This parameter lets you choose between

Faster access and a larger log file
Slower access and a smaller log file

The Server applies the following tests in the following order; the first one that matches determines how the data is stored:

If the data is being written to a newly created segment, data is always written directly to the database segment.
If the following conditions are met, the data goes directly to the database (this formula means the decision to write data directly to a database is not changed by the size of individual write operations):
- Data is being written past the current end of the database segment.
- The last sector number being written minus the current committed size of the segment is greater than the new Direct to Segment Threshold.
If neither of the previous conditions applies, data is put in the log until the commit is done.

Failover Heartbeat Time

Default: none

The Failover Heartbeat Time parameter must be specified if you are using a failover Server. This parameter can be set to between 2 and 60 seconds. The parameter defines how often a heartbeat message is written to disk. In the advent of a failure, it takes five times Failover Heartbeat Time for the secondary Server to recognize the failure and to take over.

Host Access List

Default: none

The Host Access List parameter specifies the pathname of a file. This file must contain a set of primary names of hosts, one name per line. (If DNS is in use, they must be fully qualified domain names.) The Server refuses connections from any host not on the list, or whose name cannot be determined. This mechanism is only as secure as the available means for translating host addresses to host names. On some networks, such as NetBIOS, there might not be a secure method.

This parameter is intended for use in environments where a machine is on a network with untrustworthy hosts and DES authentication is unavailable or unworkable.

When you create a host access list, and you also have an administrative hosts list set with the Admin Host List Server parameter, ObjectStore adds all hosts in the administrative hosts list to the host access list.

Log Data Segment Growth Increment

Default: 2048

The Log Data Segment Growth Increment parameter specifies how many sectors to add to the data segment in the transaction log when more room is needed. The default is 2048 sectors (1 MB).

Log Data Segment Initial Size

Default: 2048

The Log Data Segment Initial Size parameter sets the initial size of the data segment in the transaction log in sectors. The default is 2048 sectors (1 MB).

Log File

Default: rawfs

The Log File parameter specifies the pathname of the transaction log file.If you do not specify a value for Log File, the Server maintains the log in the rawfs, where it does not need a name. If you do not have a rawfs and you do not specify a value for Log File, the Server fails to start and displays the message

There are no partitions specified in the parameters file. Whenever 
partitions are omitted from the parameters file a log file path must be 
specified in the parameters file.

If you have a rawfs, you should not specify a name for this parameter. See Description of the Server Transaction Log.

If you specify a pathname for this parameter, the pathname cannot be for a raw partition. The directory that contains the log file must exist before you start the Server. When the log is in the native file system, you should place it where it can never be accidentally deleted by a user. You might want to name it in such a way that it is never deleted.

Caution: Deleting the log file can cause database corruption.