PROBLEM: (BCGMS0LJC) (PATCH ID: OSF520-936) ******** This change fixes client (login, su, rshd, edauth, and sshd2) hangs and long delays under Enhanced Security, as well as some intermittent errors or failures seen with prpasswdd or rpc.yppasswdd. Of particular note are the following externally-visible changes. In a TruCluster environment, the prpasswdd and rpc.yppasswdd daemons now watch to see whether the CFS service for the /var filesystem is moved. If so, the active instance of the daemon will also migrate to the appropriate cluster member. The prpasswdd and rpc.yppasswdd daemons now monitor whether their start-up portmapper registrations disappear or otherwise become unavailable to their clients. If this happens, they attempt to re-register with the portmapper. This is done by having the child ('worker') process exit, and the parent ('monitor') process re-start it. Some syslog messages for the LOG_AUTH facility have been clarified, and some additional ones have been added for monitoring whether the rpc.yppasswdd or prpasswdd daemon is unresponsive. [The clients will log intermittent messages at level LOG_NOTICE, approximately at 50-second intervals, if they can't get responses from the daemons.] The rpc.yppasswdd and prpasswdd daemons now make a syslog entry to the LOG_AUTH facility at level LOG_NOTICE when they become active and start trying to service client requests. This is most useful in a cluster, since it helps to identify the 'active instance' of the relevant daemon. The prpasswdd daemon no longer leaves core files in / (the root directory). If it leaves a core dump at all (which now normally should only happen in response to a SIGQUIT signal), it will be found in the /var/tcb/files directory. It is still true that any attempt to manage the rpc.yppasswdd and prpasswdd daemons with signals should only be done with the child ('worker') processes, and not with the parent ('monitor') processes. The child processes are the ones which write their pids in the (member-specific) /var/run/rpc.yppasswdd.pid and /var/run/prpasswdd.pid files. Delivery of SIGINT or SIGTERM to one of the child processes causes a graceful exit, also terminating the parent process. Delivery of SIGUSR2 causes a graceful re-start of the child process. A SIGQUIT causes a re-start after a core dump. Finally, a SIGHUP causes the child to terminate, and the parent to re-exec itself with the same argument vector, which will then cause a re-start of the child process. This last case is to minimize the down-time for the daemons should future patches to them or to the libsecurity.so library be necessary. PROBLEM: (96146) (PATCH ID: OSF520-1135) ******** Logins in TruCluster environments using Enhanced Security could hang on any member other than the one serving /var to CFS. This was because the RPC portmapper registration for prpasswdd and rpc.yppasswdd wasn't always being seen by all the members.