==================================================================

                          EMSRV 7.0a 

                        RELEASE NOTES        


                    
==================================================================

22nd November 2000



==================================================================
CONTENTS
================================================================== 
  
1.   Overview
2.   Supported Platforms
3.   Distribution Contents
4.   EMSRV for NetWare
5.   EMSRV for Windows NT/2000
6.   EMSRV for OS/2
7.   EMSRV for Solaris
8.   EMSRV for HP-UX
9.   EMSRV for AIX
10.  EMSRV for Linux
11.  Authentication on UNIX Platforms
12.  Large File Support on UNIX Platforms
13.  National Language Support
14.  Migration from EMSRV 6.x
15.  Known Problems
16.  For Further Information
17.  Notices


==================================================================
1.  Overview
==================================================================

This document describes the features and supported platforms for
EMSRV 7.0a.  Use the EMSRV Installation User's Guide with this
release for information on installing and using EMSRV.

1.1     New with EMSRV 7.0a

The major enhancements in EMSRV 7.0a since EMSRV 6.23 are:
 
    Support for Windows 2000 
    Support for OS/2 Warp Server for e-business
    Support for NetWare 4.2
    Support for Solaris 7.0
    Support for HP-UX 11.0
    Support for AIX 4.3.2
    Support for Linux

The major enhancements in EMSRV 7.0a since EMSRV 6.24 are:

    Support for stored resources used by VisualAge for Java 3.5
    Support for FAT32 volumes on Windows 2000
    Support for PAM authentication on Linux and Solaris platforms
    Support for DCE authentication on AIX platforms
    Support for NetWare 5.1
    Support for Red Hat Linux 6.1 and 6.2
    Support for AIX 4.3.3
    Support for non-English platforms
    Support for authentication using Active Directory Services
    Support for cross-domain authentication on Windows NT

Changes made to EMSRV 7.0a since EMSRV 7.0 are limited only to bug
fixes and minor enhancements for the purpose of making EMSRV usage
more consistent across all platforms.  The specific changes are
listed below:

a) Fixed bug where a directory tree could not be deleted on UNIX
platforms. This was causing problems when releasing resources or
versioning projects with VisualAge for Java 3.5.

b) Removed -n option to disable tracking of statistics. Statistics
are now always tracked.

c) Removed -w option to track locks. Locks are now always tracked.

d) Removed -rd option on PC platforms to disable authentication.
Authentication is disabled by default.

e) Changed -v option on UNIX platforms to -rn for consistency with
PC platforms.

f) Changed -r option on UNIX platforms to -rp for consistency with
PC platforms.

g) Changed default free space threshold on UNIX platforms to 10000
KB for consistency with PC platforms.

h) Fixed incorrect reporting of installed memory on NetWare and
Windows NT/2000.

i) Fixed bug where errors were not being logged on UNIX platforms.

j) Fixed bug on NetWare where memory for an SMP machine is
incorrectly reported.

k) Added back -a option on PC platforms to change the timeout for
killing connections that are inactive with a lock.

l) Changed default for inactivity timeout from 360 seconds to 30
seconds.

m) Removed -lp option on UNIX platforms to set timeout for killing
connections that are inactive with a lock.

n) Changed default number of connections from 256 to 512.

o) Fixed bug on Windows NT/2000 platforms, where changing the
current working directory for one connection would cause the
current working directory to be changed for all connections. If a
user was browsing the filesystem managed by EMSRV or querying or
loading managed resources with VisualAge for Java 3.5, other users
would sometimes experience failures when attempting to perform any
operation that supplied a relative pathname to EMSRV.

p) Removed support for Windows NT/2000 SMP hardware.


==================================================================
2.  Supported Platforms
==================================================================

The following platforms are supported for this release. The
supported platforms may change over time as new releases of
servers are tested and patches are received from vendors to fix
existing problems. Only English platforms are listed below. See
Section 12 for information on non-English platforms.
        
2.1     Servers

The various EMSRV implementations have been tested and certified
for the following operating systems:

    NetWare 4.2, 5.1
    OS/2 Warp 4.0, OS/2 Warp Server for e-business
    Windows NT Server 4.0, with Service Pack 5
    Windows NT Workstation 4.0, with Service Pack 5
    Windows 2000 Professional
    Windows 2000 Server
    Windows 2000 Advanced Server
    Solaris 2.6 with Patch 106257-05, 7.0
    HP-UX 10.20, 11.0
    AIX 4.3.2, 4.3.3
    Red Hat Linux 6.1, 6.2


2.2     Clients

With the EMADMIN command utility, you can communicate with EMSRV
from a workstation.  The following operating systems have been
tested and certified for this release of the EMADMIN and EMDEVNUM
utilities:

    OS/2 Warp 4.0, OS/2 Warp Server for e-business
    Windows 95, 98, and 98 (Second Edition)
    Windows NT Server 4.0 (with Service Pack 5)
    Windows NT Workstation 4.0 (with Service Pack 5)
    Windows 2000 Professional
    Windows 2000 Server
    Windows 2000 Advanced Server
    Solaris 2.6, 7.0
    HP-UX 10.20, 11.0
    AIX 4.3.2, 4.3.3
    Red Hat Linux 6.1, 6.2

EMSRV and EMSRV utilities may work with older and newer versions
of supported operating systems and/or with patches or service
packs supplied by the operating system vendors.  However at the
time of this product release, OTI has not tested on any platforms
other than those listed above.

Operating system releases or patches that modify filesystem,
network, or authentication behavior may produce unexpected
results. If there is any doubt as to whether a given configuration
is supported by OTI, contact OTI or IBM Technical Support.


2.3	    Filesystems

The various EMSRV implementations have been tested and certified
with the following filesystems:

    NetWare
        NWFS (NetWare File System) with DOS namespace
        NWFS with OS/2 or LONG namespace
        NSS (Novell Storage Services) with DOS namespace
        NSS with OS/2 or LONG namespace

    OS/2
        HPFS (High-Performance File System)
        FAT

    Windows NT/2000
        NTFS (New Technology File System)
        FAT32
        FAT

    Solaris
        UFS (UNIX File System)

    HP-UX
        VxFS (Veritas File System)

    AIX
        JFS (Journaled File System)

    Linux
        EXT2FS (Second Extended File System)

Many operating systems support installable filesystems and there
are a great many such filesystems available, particularly for UNIX
platforms. Using EMSRV with filesystems that have not been tested
and certified by OTI may produce unexpected results, possibly
leading to repository corruptions.

In particular, EMSRV only supports locally-mounted filesystems.
Remotely-mounted filesystems accessed using network requestors,
redirectors, or other similar software, cannot always guarantee
the integrity of the repository. Where possible, EMSRV will
restrict the use of filesystems to locally mounted volumes. OTI
strongly cautions against circumventing these restrictions.

Many filesystems support optional compression and encryption.
Unless these features are provided by default, OTI has not tested
nor certified them and cautions against their use if not for any
other reason than their impact on performance.

        
2.4     Authentication

The various EMSRV implementations have been tested and certified
with the following authentication methods:

    NetWare
        passwd.dat
        NDS (Novell Directory Services) accounts

    OS/2
        passwd.dat

    Windows NT/2000
        passwd.dat
        NT 4.0 SAM-based domain accounts
        NT 4.0 local SAM database
        ADS (Active Directory Services) accounts

    Solaris
        passwd.dat
        Local account database
        Local account database with shadowed passwords

    HP-UX
        passwd.dat
        Local account database
        Local account database with shadowed passwords

    AIX
        passwd.dat
        Local account database
        Local account database with shadowed passwords
        DCE (Distributed Computing Environment)

    Linux
        passwd.dat
        Local account database
        Local account database with shadowed passwords
        Local account database with MD5 passwords


==================================================================
3.  Distribution Contents
==================================================================

EMSRV 7.0a is shipped on a CD-ROM that contains the program 
executable and utilities for each of the supported platforms. In
this way, customers can change platforms easily without needing to
exchange media or licenses; however, single-user license
restrictions still apply. The installation CD-ROM contains the
following directory structure and released files. Following are
the files shipped with this release.


        README.TXT              This file
        passwd.dat              A sample password file
                                for simple file-based
                                authentication


3.1     EMSRV 7.0a for NetWare (NDS) Aug 01 2000 22:29:06 (EST)

        EMSRV.NLM               EMSRV NLM (NetWare Loadable 
                                Module)


3.2     EMSRV 7.0a for OS/2 Aug  1 2000 22:28:08 (EST)

        EMSRV.EXE               Main EMSRV program
        EMCLIENT.MOD            Client connection program.
                                One instance of this module is
                                run by EMSRV.EXE for each
                                client connection that is made.
        EMADMIN.EXE             EMSRV administration
                                program


3.3     EMSRV 7.0a for Windows NT/2000  Aug  1 2000 22:28:51 (EST)

        EMSRV.EXE               Main EMSRV program
        EMSRVMSG.DLL            EMSRV NT language support
                                DLL
        EMADMIN.EXE             EMSRV administration
                                program


3.4     EMSRV 7.0a for Solaris (SPARC) Aug  2 2000 15:20:51 (EST)

        emsrv                   EMSRV binary
        emadmin                 EMSRV administration
                                program
        emdevnum                EMSRV program for checking
                                the device number of a file
                                system
        pam.conf                Sample PAM configuration file


3.5     EMSRV 7.0a for HP-UX Aug  2 2000 15:22:15 (EST)

        emsrv                   EMSRV binary
        emsrv.shadow            EMSRV binary for shadowed
                                password accounts
        emadmin                 EMSRV administration
                                program
        emdevnum                EMSRV program for checking
                                the device number of a file
                                system


3.6     EMSRV 7.0a for AIX Aug  2 2000 14:59:08 (EST)

        emsrv                   EMSRV binary
        emadmin                 EMSRV administration
                                program
        emdevnum                EMSRV program for checking
                                the device number of a file
                                system


3.7     EMSRV 7.0a for Linux (Intel) Aug  2 2000 15:25:24 (EST)

        emsrv                   EMSRV binary
        emadmin                 EMSRV administration
                                program
        emdevnum                EMSRV program for checking
                                the device number of a file
                                system
        PAM/emsrv               Sample PAM configuration file
                                (as it is delivered on the 
                                installation media)


==================================================================
4.  EMSRV for NetWare 
==================================================================
       
4.1     Introduction

It is recommended that the NetWare Minimum Patch List be applied
to the server running EMSRV for NetWare. The various files may be
obtained from Novell's website at
http://support.novell.com/misc/patlst.htm. 

EMSRV for NetWare uses one thread per client connection. It
therefore scales more readily to support a greater number of
connections than EMSRV for OS/2 or any of the EMSRV UNIX
implementations that use one process per client connection.

EMSRV for NetWare requires that the NetWare TCP/IP stack
(TCPIP.NLM) be loaded and configured on the server. When EMSRV for
NetWare is started, TCPIP.NLM will be loaded automatically if it
is not already loaded. EMSRV for NetWare will also automatically
load the NWSNUT.NLM which is required by the EMSRV for NetWare
user interface.

4.2     Filesystems

When using EMSRV for NetWare, long filenames may only be created
and viewed on NetWare volumes to which the LONG or OS/2 namespace
has been added. Long filename support is required for the stored
resource management feature used by VisualAge for Java 3.5.

EMSRV for NetWare supports a maximum repository size of 4 GB on
both NWFS and NSS volumes. Although NSS volumes can support files
greater than 4 GB in size, Novell has yet to provide an API to
permit programs to do this other than using direct-sector I/O.

4.3     Authentication

In previous releases of EMSRV, two versions of the EMSRV for
NetWare NLM were supplied - one that used bindery authentication
and one that used NDS authentication. Bindery authentication is no
longer supported. This release includes one NLM that supports
NetWare 4.2 and 5.1. EMSRV no longer supports versions 3.x of
NetWare.

Account names authenticated by EMSRV for NetWare can come from two
sources - the name of the EMSRV user and the network names for
users managed in a repository. Account names can be simple or
distinguished. Both forms can also be typeful or typeless. Some
examples are provided below:

    Simple typeless name
    
        adrian
        
    Simple typeful name
    
        CN=adrian
        
    Distinguished typeless name
    
        adrian.engineering.ral.IBM
        
    Distinguished typeful name
    
        CN=adrian.OU=engineering.OU=ral.O=IBM

Names are always authenticated in the context of the NDS context
that is specified when EMSRV is started (the context is appended
to the account name). Absolute names (those preceded with a
period) are authenticated in the [Root] context (any context
specified when EMSRV was started, is ignored). For each trailing
period in a name, one component of the context is removed before
being appended to the name. This allows names to be resolved in
containers that are higher in an NDS tree than the specified
context. Some examples:

    Context             engineering.ral.IBM
    Name                adrian
    Resulting name      adrian.engineering.ral.IBM

    Context             engineering.ral.IBM
    Name                .admin.IBM
    Resulting name      .admin.IBM
    
    Context             engineering.ral.IBM
    Name                kathy.support.phx..
    Name                kathy.support.phx.IBM

By using a distinguished name, it is possible to authenticate
users in different containers. The most common case for this may
be if the account names for users are located in one container but
the EMSRV user is located in another. For example, if Netware
accounts corresponding to network names of users in a repository
exist in the container 'engineering.ral.IBM' but the EMRSV user
exists in the container 'IBM', the following command could be used
to load EMSRV:

    load emsrv -u .EMSRV.IBM -p test - W sys:emsrv -rn
        -SC engineering.ral.IBM
        
Alternatively, the following command would also accomplish the
same result:

    load emsrv -u EMSRV.IBM.. -p test - W sys:emsrv -rn
        -SC engineering.ral.IBM

4.4     Loading the NLM on NetWare 4.11 and NetWare 5.0

EMSRV no longer supports NetWare 4.11 or NetWare 5.0, but EMSRV
can be run on those platforms if additional steps are taken.
CLIBAUX.NLM must be loaded before the EMSRV NLM is loaded.
CLIBAUX.NLM is included with Novell's NetWare 4.11/4.2 Support
Pack 8a, but is also available separately from Novell in the file
CLIBAUX1.EXE, which can be found at the following location:

     http://support.novell.com/cgi-bin/search/download?/pub/
     updates/nw/nw42/clibaux1.exe

4.5     Files not needed in this release

In previous releases of EMSRV for NetWare, two additional files -
EMSRV.HLP and EMSRV.MSG were required along with the NLM.  These
files are no longer needed as they have been bound into the NLM.


==================================================================
5.  EMSRV for Windows NT/2000
==================================================================

5.1     Introduction

EMSRV now supports Windows 2000 in addition to Windows NT 4.0.
When using Windows NT 4.0, it is highly recommended that Service
Pack 5 or later be applied to a machine running EMSRV for Windows
NT/2000. Note that support for Windows NT 3.51 has been dropped in
this release.

EMSRV for Windows NT/2000 will run on the following platforms:

     Windows NT Workstation
     Windows NT Server
     Windows 2000 Professional
     Windows 2000 Server
     Windows 2000 Advanced Server

OTI recommends running EMSRV on a server-class machine. The 
remote drive restrictions mentioned above will disallow any access
to libraries residing on a drive that is not located on a Windows
NT workstation running EMSRV.

EMSRV for Windows NT/2000 uses one thread per client connection.
It therefore scales more readily to support a greater number of
connections than EMSRV for OS/2 or any of the EMSRV UNIX
implementations that use one process per client connection.

5.2     Filesystems

Paths to libraries accessed via EMSRV for Windows NT/2000 must be
specified as a FAT, FAT32, NTFS, or UNC path, relative to the
EMSRV working directory (specified at the command line). It is not
possible to access a repository residing on a remote volume.
Examples of this include drives residing on other machines, shared
through Microsoft Networking, and NetWare volumes accessible by
the Gateway (and Client) Services for NetWare.

When using EMSRV for Windows NT/2000, long filenames may be
created and viewed on FAT, FAT32, and NTFS volumes. Unlike earlier
FAT implementations, the Windows NT/2000 FAT implementation has
Long File Name support.

EMSRV for Windows NT/2000 supports a maximum repository size of
2 GB on FAT volumes, 4 GB on FAT32 volumes, and 16 GB on NTFS
volumes.

5.3     Authentication

Account names authenticated by EMSRV for Windows NT/2000 can come
from two sources - the name of the EMSRV user and the network
names for users managed in a repository.  As of this release, an
account name may be in one of three formats:

    Simple name
    
        adrian
        
    Windows NT 4.0 SAM-compatible name
    
        engineering\adrian
        
    User principal name
    
        adrian@ral.ibm.com
        
Windows NT 4.0 and Windows 2000 non-domain controllers support
simple names and SAM-compatible names. Windows 2000 domain
controllers support all three formats. Previous releases of EMSRV
for Windows NT only supported simple names. The new formats allow
authentication between domains as well as in an Active Directory.

Windows NT and Windows 2000 supports installable authentication
and security packages, allowing the system to be extended with new
forms of authentication and security. EMSRV for Windows NT/2000
only supports the default packages supplied with Windows NT and
Windows 2000 - namely the MSV1_0 and Kerberos authentication
packages and the NTLM (NT LAN Manager) and Kerberos security
packages.

5.3.1   Authentication Procedure Using Windows NT and Windows 2000
        Non-Domain Controllers

EMSRV for Windows NT/2000 uses NTLM (NT Lan Manager)
authentication on Windows NT 4.0 and Windows 2000 non-domain
controllers. User records in these systems are stored in a SAM
(Security Accounts Manager) database.

To authenticate a user, EMSRV must first find the name of the
domain with the SAM database that contains the user to be
authenticated. The term domain applies equally to non-domain
controllers because every SAM database contains a built-in domain
known as 'BUILTIN' as well as for non-domain controllers, a domain
with the same name as the machine or for domain controllers, the
controlled domain.

If a SAM-compatible name (specifying a domain) is supplied, then
the domain is already known. If a simple name is provided then the
following are checked to find the user:

    - a list of well-known SID (Security Identifier)s
    - built-in and administratively defined local accounts
    - the primary domain
    - trusted domains
    
Once the domain is known, an attempt is made to authenticate the
user in that domain.

If the domain name matches the name of the SAM database on the
local machine then the authentication is processed on that
machine. The name of the SAM database on a Windows NT Workstation
that is a member of a domain, is considered to be the name of that
Windows NT machine. The name of the SAM database on a Windows NT
Advanced Server is the name of the domain. If a Windows NT machine
is not a member of a domain then authentication is processed
locally.

If the domain specified is trusted by the domain of the machine
running EMSRV, the authentication request is passed through to the
trusted domain. On a Windows NT workstation, the request is always
passed through to the primary domain controller of the
workstation, allowing the primary domain controller to determine
if the specified domain is trusted. 

If the domain name specified is not trusted by the domain of the
machine running EMSRV, the authentication request is processed on
that machine as if the domain name specified were that domain (or
computer) name. In other words, the domain name is ignored. The
system does not differentiate between a nonexistent domain or an
untrusted domain.

An example illustrates how cross-domain authentication can be
setup:

There are two domains: KIRA and CHIEF. The domain controller for
the KIRA domain is NT4PDC. The domain controller for the CHIEF
domain is NT4PDC2. A trust relationship is setup so that CHIEF is
a trusted domain of KIRA (and hence KIRA is a trusting domain of
CHIEF). The trust relationship is one-way such that KIRA is not a
trusted domain of CHIEF.

EMSRV is setup to run on KIRA\NT4PDC. Users in both domains can be
authenticated. Account names may be specified using a simple name
in which case EMSRV will locate the domain containing the user, or
the domain may be specified using a SAM-compatible name such as
CHIEF\ADRIAN.

EMSRV is setup to run on CHIEF\NT4PDC2. Only users in the CHIEF
domain can be authenticated because KIRA is not a trusted domain
of the CHIEF domain.

5.3.2   Authentication Procedure Using Windows 2000 Domain
        Controllers

EMSRV for Windows NT/2000 uses Kerberos authentication on Windows
2000. User records for Windows 2000 domain controllers are stored
in an Active Directory instead of a SAM database. The KDC (Key
Distribution Center) service must be running to use Kerberos
authentication.

If a simple name is supplied, then the procedure for locating the
user is the same as that for Windows NT 4.0 and Windows 2000
non-domain controllers. The one difference is that in addition to
checking the following:

    - a list of well-known SID (Security Identifier)s
    - built-in and administratively defined local accounts
    - the primary domain
    - (explicitly) trusted domains

every domain in the forest for the machine running EMSRV, is also
checked. This makes sense since a forest is a collection of Active
Directory trees connected by two-way transitive trust
relationships.

A SAM-compatible name will be authenticated with the domain that
the name specifies. A User Principal Name will be authenticated
with Active Directory Services.

The implementation of Kerberos authentication in Windows 2000 is
already well-documented elsewhere and does not need to be repeated
here. In summary:

The NTLM protocol requires that the server must contact a domain
controller. When Kerberos is used, the server does not have to
contact the domain controller. A client gets a ticket for a server
by requesting one from a domain controller in the server account
domain; the server validates the ticket without consulting any
other machine.

An example illustrates how Active Directory authentication can be
setup:

There are three Active Directory domains - ibm, ral.ibm, and
engineering.ral.ibm. The engineering.ral.ibm domain is a child of
the ral.ibm domain and the ral.ibm domain is a child of the ibm
domain. Each parent-child relationship automatically creates a
two-way transitive trust relationship. As a result, since ral.ibm
trusts engineering.ral.ibm and ibm trusts ral.ibm, ibm trusts
engineering.ral.ibm. The three domains form a tree.

In addition there is another Active Directory domain - bedrock,
which forms a tree of one domain. The ibm tree and the bedrock
tree together form a forest - they share a common schema,
configuration, global catalog, and are linked with two-way
transitive trusts at the tree roots.

Finally there is an NT 4.0 domain - KIRA.  A one-way trust
relationship is setup so that ibm trusts KIRA.

If EMSRV is run on the domain controller for the ibm domain, users
from the following domains can be authenticated:

    ibm
    ral.ibm
    engineering.ral.ibm
    bedrock
    KIRA
    
Simple names for users in any of those domains will cause a search
to be initiated to find the domain containing the user.
Alternatively, names may be specified in any one of the other two
formats previously described.

5.3.3   Advanced User Rights Required for Authentication

A number of advanced user rights are required for authentication
to work correctly.  Authentication is required even if EMSRV is
not started with the -rn option since EMSRV authenticates the
EMSRV account when it is started and stopped.

As detailed in the EMSRV documentation, advanced user rights are
set in the User Manager for Windows NT 4.0 and the Local Security
Policy for Windows 2000 Professional. For Windows 2000 Server, it
may be necessary to also set the rights in the Domain Controller
Security Policy and the Domain Security Policy so that the
Effective Policy Setting for each right is correct in the Local
Security Policy. Windows 2000 Advanced Server does not have a
Local Security Policy. Instead, the right should be set in the
Domain Controller Security Policy and the Domain Security Policy
as necessary.

Each of the advanced user rights required for correct EMSRV
operation are detailed below

Act as part of the operating system

This right is required for authentication and must be set for the
account from which EMSRV is started (if EMSRV is not started as a
service) and the EMSRV account. Note that both accounts must also
be part of the 'Administrators' group.

Logon as a service

This right is required if EMSRV is being started as a service and
must be set for the account from which EMSRV is started (if EMSRV
is not started as a srevice) and the EMSRV account. You must also
ensure that the 'Deny logon as a service' right is not set for
each of the accounts.

Logon locally

This right is required if EMSRV is being started interactively or
from a batch job and must be set for the account from which EMSRV
is started (if EMSRV is not started as a service) and the EMSRV
account. You must also ensure that the 'Deny logon locally' right
is not set for each of the accounts.

Access this computer from the network

This right is required for each account which will be used to
authenticate a client. You must also ensure that the 'Deny access
to this computer from the network' right is not set for each
account.

5.4     Withdrawal of support for SMP hardware

IMPORTANT NOTE: Running any release of EMSRV for Windows NT/2000
on a machine with more than one processor, may lead to
repositories becoming corrupt.

As of this release, EMSRV will no longer run on SMP hardware
(machines with more than one processor). The decision to remove
support for SMP hardware is due to the increasing number of
reports concerning repository corruptions with Windows NT Servers
and machines with two or more processors.

This restriction may be lifted in the future if suspected Windows
NT/2000 filesystem bugs are confirmed and fixed. EMSRV continues
to support SMP hardware for all other platforms.

If EMSRV 7.0a detects more than one installed processor, it will
be unloaded and will report the following:

WARNING: Running EMSRV for Windows NT/2000 on multiprocessor
         hardware is not supported due to the likelihood of a
         repository becoming corrupted.
         
         Instal and run EMSRV on a machine with a single processor
         or a different operating system.
         
This release coincides with the withdrawal of SMP support for all
current and previous releases of EMSRV.


==================================================================
6.  EMSRV for OS/2
==================================================================

6.1     Introduction

EMSRV for OS/2 now supports OS/2 Warp Server for e-business in
addition to OS/2 Warp 4.0. Support for OS/2 Warp 3.0 has been
dropped in this release.

EMSRV for OS/2 uses one process per client connection with one
thread per process. The EMSRV connection limit is therefore bound
by the number of threads which is set in the CONFIG.SYS. Warp 4.0
sets the thread limit at 1024, which should be more than enough
for most installations.

6.2     Filesystems

When using EMSRV for OS/2, long filenames may be created and
viewed on HPFS volumes. Long filename support is required for the
stored resource management feature used by VisualAge for Java 3.5.

The maximum repository size of volumes on FAT and HPFS volumes is
2 GB.

IMPORTANT NOTE: Although this release of EMSRV for OS/2 is aware
of the Journaled File System (JFS) available on OS/2 Warp Server
for e-business, JFS is NOT currently supported. At the time
of release, there are bugs in the JFS implementation of file
locking that prevent EMSRV from working correctly.  If
repositories are accessed on JFS volumes, clients may experience
failures and repositories may become corrupted.  To find out the
latest status of support for JFS volumes on OS/2 Warp Server for
e-business, contact OTI or IBM Technical Support.


==================================================================
7.  EMSRV for Solaris
==================================================================

7.1     Filesystems

EMSRV for Solaris supports a maximum repository size of 16 GB on
UFS volumes.

7.2     Authentication

EMSRV for Solaris now supports authentication using PAM. This
allows both shadowed and non-shadowed passwords to be supported
with one EMSRV executable.

There is a bug in the Solaris 2.6 implementation of PAM that
prevents EMSRV from working correctly. The patch 106257-05 must be
applied when using EMSRV with Solaris 2.6. The patch is available
at:

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F106257&zone_32=PAM

The specific bug that this patch fixes is:

4092227 pam_conv appdata_ptr member is not passed thru to conv()
function as documented

The patch is not required for Solaris 7.0.

PAM must be correctly configured on a machine running EMSRV
otherwise it will not even be possible to shutdown EMSRV using
EMADMIN. The /etc/pam.conf file must detail the 'emsrv' service.
An example pam.conf file is included with this release.


==================================================================
8.  EMSRV for HP-UX
==================================================================

8.1     Filesystems

EMSRV for HP-UX supports a maximum repository size of 16 GB on
VxFS volumes.

8.2     Authentication

EMSRV for HP-UX continues to implement authentication using two
separate EMSRV executables. Although HP-UX 11.0 supports PAM,
there is a bug in the implementation that is identical to the bug
in the Solaris 2.6 implementation of PAM, as described above. To
date, Hewlett-Packard does not have a patch to correct this
problem.


==================================================================
9.  EMSRV for AIX
==================================================================

9.1     Filesystems

EMSRV for AIX supports a maximum repository size of 16 GB on JFS
volumes.

9.2     Authentication

EMSRV for AIX now supports authentication using the system
authenticate() function. This allows one EMSRV executable to
support both shadowed and non-shadowed passwords in addition to
DCE authentication.

The authentication method for each user is set in the 
/etc/security/user file.


==================================================================
10.  EMSRV for Linux
==================================================================

10.1    Filesystems

EMSRV for Linux supports a maximum repository size of 2 GB on
EXT2FS volumes.

10.2    Authentication

EMSRV for Linux now supports authentication using PAM. This allows
both shadowed and non-shadowed passwords to be supported with one
EMSRV executable.

In addition, Red Hat Linux 6.2 supports MD5 passwords and EMSRV
also supports these via PAM.

PAM must be correctly configured on a machine running EMSRV
otherwise it will not even be possible to shutdown EMSRV using
EMADMIN. The PAM configuration file must be copied to
/etc/pam.d/emsrv. A sample PAM configuration file is included with
this release.


==================================================================
11.  Authentication on UNIX Platforms
==================================================================

11.1    PAM

On Linux and Solaris platforms, authentication is implemented
using PAM (Password Authentication Modules). Although this would
theoretically allow the use of any PAM (module) with EMSRV by
changing the relevant PAM configuration file, in practice this is
not possible.

EMSRV does not converse with clients in a manner that is entirely
compatible with the PAM architecture. As a result, EMSRV
authentication will only work where the module prompts initially
for a text password (supplied initially by the client). The
tested and certified authentication methods meet these
requirements as will most PAM (modules). Sophisticated modules
that require extended conversation or authentication data that
EMSRV does not support, will not work correctly with EMSRV.
Fingerprint scanners and retina scanners are such examples.

11.2    Usage of Root Access for Authentication

Root access on UNIX platforms is required to authenticate users.
EMSRV does NOT need to be started by the root user to accomplish
this. Doing so would compromise security as EMSRV would then have
complete access to all filesystems.

Instead, you should change the owner of the EMSRV executable to
'root' and set the SUID bit of the executable. This can be
accomplished as follows:

    chown root emsrv
    chmod u+s emsrv

When EMSRV attempts to authenticate a user, it will temporarily
change the authority of the running EMSRV process to be the
authority of the owner of the executable.  Once authentication is
complete, the authority of the running EMSRV process will be
changed back to that of the user that started EMSRV.  This happens
on a per-process (per-client) basis so whilst a client is being
authenticated, only the process serving that client has temporary
root access.

Root access for authentication is required regardless of how
EMSRV actually implements authentication. Interfaces such as
PAM only provide a common API to permit applications to support
multiple authentication methods, configuration specific to each
method of authentication must still be correct.


==================================================================
12.  Large File Support on UNIX Platforms
==================================================================

12.1    Introduction

On AIX, Solaris, and HP-UX, large file support needs to be enabled
for both the volume hosting a repository and the user starting the
EMSRV process.

12.2    Building a Filesystem on AIX

'-o bf=true' must be used with mkfs.

12.3    Building a Filesystem on Solaris

UFS filesystems automatically have Large File Support

12.4    Building a Filesystem on HP-UX

'-o largefiles' must be used with newfs.

12.5    User Limits

On AIX, Solaris, and HP-UX, limits for the user starting the EMSRV
process must be set.  The -Hf and -Sf options require arguments
specifying the number of 512 byte blocks.  The following commands
should be appropriate to enable up to 16 GB repositories:

	ulimit -Hf 33554432
	ulimit -Sf unlimited


==================================================================
13.  National Language Support
==================================================================

13.1    Introduction

When the environment is correctly configured, EMSRV allows clients
to store and retrieve file and directory names containing
characters other than ASCII. Although creating files (as
repositories) with non-ASCII characters is not all that common, it
is much more likely with VisualAge for Java 3.5 where resource
files and directories are stored using EMSRV.

13.2    Character Encoding Between Clients and EMSRV

There are various classes of coded character sets and character
encoding schemes in use on platforms supported by EMSRV and EMSRV
clients. These fall into various classes including (with
examples):

- single-byte (SBCS) such as ASCII, OEM and ANSI code pages
- double-byte (DBCS) such as JIS, Shift-JIS
- multi-byte (MBCS) such as EUC
- Unicode such as UCS-2

On SBCS platforms, EMSRV runs as an SBCS application. On platforms
that support DBCS/MBCS, EMSRV runs as a DBCS/MBCS application.
This is true even if the operating system and filesystem both
support Unicode. EMSRV is not built as a Unicode application
because not all platforms or filesystems support Unicode. Although
it is possible to encode Unicode as ASCII by using UTF-8 or SCSU,
this would increase directory and path names which already
encounter limits on PC platforms.

EMSRV supports non-ASCII characters by using the character
encoding scheme of the client. No character encoding conversions
are performed between the client and the server. This means that
file and directory names are stored in the server's filesystem,
using the client's encoding scheme. If the client and server use
different or incompatible character encoding schemes, file and
directory names stored on the server will not match those
requested by the client. Even if the server operating system and
filesystem can blindly store any bytes supplied to it, operations
may fail as EMSRV may misinterpret trailing bytes of a character
as a path separator or other character it is interested in.

To ensure compatiblity between clients and servers, the same or
compatible encoding schemes should be used.

The encoding restriction applies only to identifiers which EMSRV
must deal with. Data stored in the repository is transparent to
EMSRV since it sees only the records containing this data. Unicode
clients such as VisualAge for Java, can freely store components
with Unicode names or text in a repository. However EMSRV has to
deal with directory and path names and when authentication is
enabled, user account names. These names are not passed between
the client and server as Unicode but are encoded on the client and
passed to EMSRV.

An example of a different but compatible character encoding scheme
is an English client and a Japanese server using Shift-JIS
encoding. If the English client only uses ASCII characters in its
file and directory names, the Japanese server can handle these
without a problem since US-ASCII is a code subset of Shift-JIS
encoding. Introducing a Greek (Windows) client however would be
problematic since characters with a value > 127 in the Greek ANSI
code page do not exist in Shift-JIS tables. Likewise, a Japanese
(Windows) client using Shift-JIS encoding would not work with a
Japanese (Unix) server using EUC-JP encoding.

In summary, ensure that the clients and servers use the same
character encoding scheme. To see what encoding is being used at a
client, run EMADMIN on that machine to check the code page or
locale. When started, EMSRV will also report the code page or
locale to the console and/or the log and this information also
appears in queries from EMADMIN. Be aware that EMADMIN may not
work with EMSRV if run from a machine with a different or
incompatible character encoding scheme to that used by the machine
running EMSRV.

13.3    Code Page Used by EMSRV for NetWare, Windows NT/2000 and
        OS/2

For NetWare, Windows NT/2000, and OS/2, the code page used by
EMSRV is determined by the global settings of the operating
system. Usually this is determined in system settings or startup
files.

13.4    Locale Used by EMSRV for UNIX Platforms

For UNIX platforms, programs usually run with the 'C' locale by
default. If a locale is defined by the environment variable
LC_CTYPE or in its absence, the environment variable LANG, EMSRV
sets the locale of its root process to that defined by the
relevant environment variable.

Most plaforms set the LANG environment variable when a language is
specified in the options for the windowing system login. It is
important to note that the environment variable will only be
inherited by processes or consoles launched from the windowing
system. If EMSRV is launched from a telnet session for example,
the 'C' locale will usually apply.

13.6    Platform Restrictions

Although a platform may support MBCS file and directory names,
that does not mean that all other identifiers may also be MBCS.
EMSRV paths may include drive names or volume names and
authentication also requires user account names. NetWare, for
example, supports MBCS file and directory names but server names
and volume names must be SBCS. Consult the documentation for your
server operating system to be sure of the cases where multi-byte
characters are legal.

Since EMSRV runs as a DBCS/MBCS application, it will not run on a
platform that implements a locale solely using Unicode. Examples
of this are the following Windows 2000 locales that do not have
code pages:

    Armenian (Armenia)
    Georgian (Georgia)
    Hindi (India) 
    Tamil (India)
    Marathi (India)
    Sanskrit (India)
    Konkani (India)
    
13.7    MBCS File and Directory Names on an English NetWare
        Server

It is important to note that according to Novell, not only do
English NetWare servers not support MBCS file or directory names,
but that attempting to create such directory entries on an English
server could corrupt a volume beyond repair. For details about
this, search for TID 2939360 in the Novell Knowledgebase.

13.8    EMSRV Messages and Log File Output

Although EMSRV and EMADMIN support the handling of MBCS
identifiers, the EMSRV and EMADMIN executables have not been
localized. All console and log file output remains in English.


==================================================================
14.  Migration from EMSRV 6.x
==================================================================

To move from EMSRV 6.x to EMSRV 7.0a, simply perform the normal
backups, shut down your EMSRV 6.x, install EMSRV 7.0a, and start up
EMSRV 7.0a. 

EMSRV 7.0a is completely compatible with EMSRV 6.x. For example, if
you are running VisualAge for Java 3.02 or older or VisualAge
Smalltalk, you can connect to a repository running under EMSRV
7.0. You will see no difference, and migration does not require
any special steps.


==================================================================
15.  Known Problems
==================================================================

15.1    Interchanging Different Versions of EMSRV and EMSRV
        Utilities

        You must use EMADMIN 7.0 with EMSRV 7.0a.  EMADMIN 7.0
        will not work correctly with releases of EMSRV before 7.0.

15.2    EMSRV is Not Supported on 800-Class HP Architectures

        HP-UX is supported on 700-class workstation machines only.
        It has been tested on an HP-UX 9000/715/60 machine and an
        HP-UX 9000/782/200+ machine. EMSRV is not supported on
        800-class machines because 800-class (server) machines
        have a different architecture and require different
        binaries.
        
15.3    Passwords Containing Non-ASCII Characters Cannot be Used
        to Authenticate With EMSRV When Entered in Response to
        a Prompt From EMADMIN on Non-English Windows Platforms
        
        Due to a bug in the Microsoft C run-time libraries, any
        password containing non-ASCII characters and entered in
        response to the prompt:
        
        'Enter the password of the user who started EMSRV'
        
        will not be correctly interpreted.  The workaround is
        to supply the password with the -p option when running
        EMADMIN.
        
15.4    Menus and Windows Appear With Garbage Characters When
        Running on Japanese NetWare
        
        The EMSRV for NetWare NLM uses Novell's NLM User Interface
        Developer Components (NWSNUT).  When running on Japanese
        NetWare, graphics characters used in the NWSNUT menus and
        windows are not available and will appear as 'garbage'
        characters.  This is not a bug in the EMSRV NLM nor in
        NetWare, but rather it is a limitation of the Shift-JIS
        code page (932).  See TID 1001298 in the Novell
        Knowledgebase for more information.
        
15.5    EMADMIN Does Not Copy Stored Resources Directory

        When EMADMIN is used to copy a VisualAge for Java 3.5
        repository, it does not copy the corresponding stored
        project resources directory.  This feature will be
        implemented in a future release.
        
15.6    Memory Reported By EMSRV on NetWare and Windows NT/2000
        Platforms Is Not Rounded Up
        
        The number of MB of installed system memory that is
        reported by EMSRV on NetWare and Windows NT/2000 machines
        is always rounded down to the nearest integer.
        

==================================================================
16.  For Further Information
==================================================================

For more information on PAM, please refer to the following URLs.

    Linux PAM:

http://www.kernel.org/pub/linux/libs/pam/

    PAM on Red Hat Linux:

http://www.redhat.com/support/manuals/RHL-6.0-Manual/
install-guide/manual/doc089.html

    PAM on Solaris:

http://www.sun.com/software/solaris/pam/



==================================================================
17.  Notices
==================================================================

Copyrights
        (c) 1990, 2000 Object Technology International Inc. (OTI).

        Object Technology International Inc. (OTI) is a wholly
        owned subsidiary of IBM Canada, Ltd.

Trademarks
        ENVY is a registered trademark of Object Technology
        International Inc. (OTI).

        Other product names may be trademarks of their respective
        companies.
