IBM United States
Software Announcement 201-092
April 17, 2001

IBM AIX 5L for POWER Version 5.1 Expansion Pack and Bonus Pack Provide New Programs

 ENUS201-092.PDF (39KB)


At a Glance

The AIX 5L Version 5.1 Expansion and Bonus Pack includes:

  • Adobe Acrobat Reader 4.05
  • Tools to Build Secure Java Applications
  • Data Encryption Standard (DES) Library Routines for AIX, Version 5.1
  • AIX Fast Connect for POWER Version 3.1, Evaluation Software
  • Software security and encryption support
  • Network Authentication Service Version 1.1
  • SCO Tarantella Version 1.4.1, Evaluation Software
  • IBM HTTP Server Version 1.3.12.2 (powered by Apache)
  • Netscape Communicator 4.76

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: RE001).

Overview

The AIX® Expansion Pack extends the operating system by providing encryption support, a browser to view online HTML publications, and an http server to serve online publication pages and support Web-based System Manager.

The AIX Bonus Pack complements the AIX product line by adding features, functions, and programs. An Expansion Pack and a Bonus Pack are included with every new order of AIX 5L Version 5.1 when you select media. They can also be ordered separately for existing AIX licensees. Announcements and shipments are not tied to AIX releases. Updated versions are published with new releases of content, and the content can vary.

The AIX 5L for POWER Version 5.1 Expansion Pack and Bonus Pack include:

Tools to Build Secure Java™ Applications

Provides six encryption-oriented tools for use with the AIX Developer Kit, Java 2 Technology Edition, Version 1.3

AIX Fast Connect Version 3.1.0.0, Evaluation Software

Provides file and print serving for Windows™ and OS/2® clients without the need for add-on software for the client PC

Software Security and Encryption Support

Provides encryption support for AIX capabilities, including Internet Protocol transmissions, SecureWay® Directory, and Web-based System Manager

Network Authentication Service Version 1.1

Provides a network authentication protocol based on the IETF RFC 1510 standards protocol for the Kerberos V5 Network Authentication Service

SCO Tarantella Version 1.4.1, Evaluation Software

  • Provides access to any type of application from any Java technology-enabled Internet device without additional software
  • Web-enables applications for publication on the Web without rewriting them

Adobe Acrobat Reader 4.05

  • Allows you to view and print Portable Document Format (PDF) files
  • Through the Asian font packs for Acrobat Reader, lets you display PDF files that contain text in Chinese Simplified, Chinese Traditional, Japanese, and Korean

Data Encryption Standard (DES) Library Routines for AIX, Version 5.1

Provides the capability for Electronic Code Book (ECB) and Cipher Block Chaining (CBC) encryption using 64-bit encryption keys

IBM HTTP Server Version 1.3.12.2 (powered by Apache)

  • Provides an IBM HTTP Server, IBM-enhanced, with performance and Secure Sockets Layer (SSL) for secure transactions
  • Includes software developed by the Apache Group for use in the Apache HTTP server project at:

Netscape Communicator 4.76

Provides National Language Support and bi-directional support for viewing Hebrew and Arabic HTML pages

Key Prerequisites

AIX 5L for POWER Version 5.1

Planned Availability Date

May 4, 2001

Description

AIX 5L for POWER Version 5.1 Expansion Pack

The AIX 5L Version 5.1 Expansion Pack contains the following programs. Some of these programs contain encryption. Contact your IBM representative or IBM Business Partner to determine what level of encryption you are entitled to receive.

  • AIX Certificate and Security Support Version 4.0
  • AIX Certificate and Security Support Version 5.0
  • DES Library Routines for AIX, Version 5.1, 64-bit encryption
  • IBM HTTP Server Version 1.3.12.2, 128-bit encryption
  • IBM IP Security Version 5.0, 56-bit, Triple DES encryption
  • IBM Web-based System Manager Security Version 5.1, 128-bit encryption
  • Netscape Communicator 4.76, 128-bit encryption
  • Network Authentication Service Version 1.1, 56-bit encryption internally, for authentication operations only, Network Authentication Service uses both 56-bit DES and 168-bit Triple DES
  • SecureWay-SSL Version 4.0, 56-bit encryption
  • SecureWay Directory Server and Client Utilities for Maximum Encryption Version 3.2.1, 128-bit and Triple DES encryption
  • Tools to Build Secure Java Applications

IBM HTTP Server Version 1.3.12.2 (Powered by Apache)

IBM has enhanced the HTTP Server with performance and SSL for secure transactions. When serving static content, the HTTP Server may also see up to 40% performance improvement when used with the in-kernel HTTP Get Engine in AIX 5L.

This product includes software developed by the Apache Group for use in the Apache HTTP server project at:

Tools to Build Secure Java Applications

  • Java Cryptography Extension (JCE) Version 1.2.1
    • Provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms
    • Offers support for encryption, including symmetric, asymmetric, block, and stream ciphers
    • Supports secure streams and sealed objects

    The IBM JCE implementation provides more cryptographic algorithms than the Sun implementation.

    For a general overview of JCE, visit:

  • Certificate Management Protocol (CMP)
    • Provides support to online interactions between Public Key Infrastructure (PKI) components

      For example, a management protocol might be used between a Certificate Authority (CA) and a client system with which a key pair is associated, or between two CAs that issue cross-certificates for each other

    For a full description of CMP, refer to RFC 2510 and 2511 for CRMF.

    These RFCs are available at:

  • Public-Key Cryptography Standards (PKCS)

    As public-key cryptography begins to see wide application and acceptance, one thing is increasingly clear: if it is going to be as effective as the underlying technology allows it to be, there must be interoperability standards.

    Even though vendors may agree on the basic public-key techniques, compatibility between implementations is by no means guaranteed. Interoperability requires strict adherence to an agreed-upon standard format for transferred data.

    IBM PKCS implementation supports the following RSA standards: PKCS #1, #3, #5, #6, #7, #8, #9, #10, and #12.

    For more information, visit:

  • Secure Multi-Purpose Internet Mail Extensions (S/MIME)
    • Offers the Java classes needed to encode and decode S/MIME messages
    • Provides a limited S/MIME parser geared to understanding and extracting PKCS #7 ContentInfo and PKCS #10 CertificationRequest objects from a S/MIME messages

    For more information on S/MIME, refer to RFC 2311 (S/MIME Version 2 Message Specification) at:

  • Java Secure Sockets Extension (JSSE) Version 1.0.2
    • Enables secure Internet communications
    • Implements a Java version of SSL and Transport Layer Security (TLS) protocols
    • Includes functionality for data encryption, server authentication, message integrity, and optional client authentication

    For more information, visit:

  • Java Authentication and Authorization Service (JAAS) Version 1.0
    • Provides a security model for the Java platform
    • Permits access to Java-controlled resources based on the identity of the user on whose behalf the Java program is running, rather than the source of the code

    For more information, visit:

The end-of-service date for these tools is April 30, 2004.

Netscape Communicator 4.76

  • 128-bit encryption with National Language Support
  • Bi-directional support for viewing Hebrew and Arabic HTML pages

Additional components to Netscape Navigator include:

  • Netscape Messenger (Netscape Mail)
  • Collabra (Netscape discussion groups)
  • Composer (Netscape Web page publishing)

Additional product information can be found at:

Network Authentication Service Version 1.1

Network Authentication Service is the IBM implementation of IETF RFC 1510 standards protocol for The Kerberos V5 Network Authentication Service. Kerberos negotiates authentication, and optionally encrypted, communication between two points on the Internet or between components on a system.

Kerberos is a client/server model where clients can either be a user or a service.

  • A client sends a request for a "ticket" to the key distribution center (KDC).
  • The KDC generates a ticket-granting ticket (TGT) for the client.
  • The TGT is encrypted using the client's password as the key.
  • The encrypted TGT is then sent back to the client.
  • The client can successfully decrypt the TGT by giving the correct password.
  • The decrypted TGT indicates proof of the client's identity and can be used to obtain service tickets from the KDC.
  • The client uses service tickets to prove its identity to another component or application.
  • TGTs and service tickets expire at a specified time.

The GSS-API provides security service to callers in a generic fashion with support for Kerberos as the underlying security mechanism. The GSS-API is based on IETF RFC 2078 for GSS-API Version 2 and IETF RFC 1964 for the Kerberos Version 5 GSS-API mechanism.

Software Security and Encryption Support

  • Encryption Support for SecureWay Directory Version 3.2.1 includes:
    • SecureWay-SSL Version 4.0, which provides 56-bit encryption
    • SecureWay Directory Server Utilities for Maximum Encryption Version  3.2.1, which provides 128-bit and Triple DES encryption and includes a Java Naming and Directory Interface (JNDI) Client Software Developer ToolKit, which supports encryption up to 128-bit.
  • IBM IP Security, Version 5.0 provides encryption for 56-bit and Triple DES support for the Internet Protocol implemented in AIX.
  • AIX Certificate and Security Support Version 4.0 provides support for the AIX 5L IP security enhancements for the storage of certificates.
  • AIX Certificate and Security Support Version 5.0 provides support for the AIX 5L IP security enhancements for the storage of certificates.
  • DES Library Routines for AIX, Version 5.1
    • Encompasses the full-function DES
    • Provides AIX 5L Version 5.1 APIs for encrypting and decrypting data

    These APIs are based on the DES and provide the capability for ECB and CBC encryption.

    The ECB mode encrypts blocks of data independently, while the CBC mode chains together successive blocks of data during encryption. The CBC mode protects against insertions, deletions, and substitutions of blocks of data. The CBC mode also provides that clear text will not appear in the cipher text. The APIs for these encryption mechanisms only use 64-bit (DES) encryption keys.

  • IBM Web-based System Manager Security Version 5.1
    • Provides 40-bit and 128-bit encryption
    • Helps provide for the secure operation of the Web-based System Manager servers and clients
    • Based on Public Key encryption, the SSL protocol, and standard AIX login security

AIX 5L Version 5.1 Bonus Pack

The AIX 5L Version 5.1 Bonus Pack contains the following programs:

  • Adobe Acrobat Reader 4.05
  • AIX Fast Connect Version 3.1, Evaluation Software
  • SCO Tarantella Version 1.4.1, Evaluation Software

Adobe Acrobat Reader 4.05

Adobe Acrobat Reader 4.05 is an essential tool for anyone who needs to view, navigate, browse, and print PDF files.

Information on the Acrobat Reader can be found at:

Chinese Simplified, Chinese Traditional, and Korean fonts are provided on the AIX Bonus Pack. The Japanese font requires registration and must be obtained from the Web site.

Additional information on the font packs can be found at:

AIX Fast Connect Version 3.1, Evaluation Software

  • Adds file and print serving for Windows and OS/2 clients
  • Supports widely used SMB/CIFS protocol using TCP/IP
  • Provides Windows and OS/2 clients enabled for SMB/CIFS over TCP/IP — no add-on software is needed for the client PCs
  • Includes significant new function, manageability enhancements, increased performance, and Windows 2000 support
  • Now implements User Name mapping

    For example, Client User Names are not required to be same as AIX user names.

    This feature accommodates clients user naming rules, which could be different from AIX.

  • Maintains name mappings, which can be configured from command line or SMIT

    This feature supports mapping of multiple PC user names to single AIX user name giving flexibility to the administrator in managing access of resources on AIX.

NT password encryption support is now added, which offers a higher level of security by allowing mixed case and longer passwords. AIX Fast Connect DCE/DFS™ integration feature now supports encrypted passwords in addition to plain text passwords. This feature offers higher security and eliminates the need for modifying Windows clients to enable plain text passwords.

This release of AIX Fast Connect adds support of Windows Terminal Server (WTS).

  • Makes Windows 2000 server multi-user
  • Can also map network drives to AIX using Fast Connect
  • Provides access to AIX resources to its own clients

AIX Fast Connect servers are enhanced to provide detailed information about connected sessions, including files open by individual users. An administrator can force a session to close or even a file to close.

This function is supported through the command line. Graphical access to these functions is provided through Web-based System Manager. Further manageability enhancements include Web-based System Manager for AIX support, which makes managing Fast Connect easier.

The number of options, which used to be server wide, now can be configured on a per-share basis offering additional flexibility to the administrators.

A number of performance enhancements are added. The most significant is directory search caching. Search requests are one of the most expensive operations, in terms of system resources. Based on customer environment, it can show a significant performance increase.

AIX Fast Connect now supports share level security, which some of the existing AIX Connections customers use and now require in Fast Connect. Capability to send messages to PC clients is added as well.

Evaluation software is full function and is available for 60 days from the time of installation.

SCO Tarantella Version 1.4.1, Evaluation Software

  • Enables applications so that you can publish them on the Web without rewriting them
  • Uses a three-tier architecture that integrates diverse application servers and diverse client types

Applications continue to run on the servers they are on today. Existing clients, such as PCs and UNIX® workstations, and the new breed of network computers and hand-held devices are given access to any type of mainframe, Windows, or UNIX applications.

For more information, visit the Tarantella Solution Zone at:

Features include:

  • Consistent, integrated management framework for all users and applications
  • Single point of entry to all application servers
  • Ability to suspend and resume applications
  • Optimized network performance over LAN or WAN connections
  • Secure, authenticated connections
  • Scalability features, including:
    • Single point-of-administration
    • Load balancing
    • User and application information replication

Tarantella is fully scalable up to 50 Tarantella servers and can be administered from a single location. Tarantella also has load balancing capabilities at tier 2 and tier 3 to ensure user sessions are run sensibly across servers at optimum performance. This helps ensure application access is maintained constantly, even if a server becomes temporarily unavailable.

Tarantella delivers diverse application types to users. The range of application types supported includes:

  • UNIX system X Windows applications
  • UNIX system character applications
  • 3270 applications
  • Windows applications

Evaluation software is available for use for a 60-day period from installation.

For more information, visit:

Trademarks

 
DFS is a trademark of International Business Machines Corporation in the United States or other countries or both.
 
AIX, OS/2, and SecureWay are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Windows is a trademark of Microsoft Corporation.
 
Java is a trademark of Sun Microsystems, Inc.
 
UNIX is a registered trademark is a registered trademark of the Open Company in the United States and other countries.
 
Other company, product, and service names may be trademarks or service marks of others.

Strong Cryptography

The strong cryptographic (128-bits and greater) version of the Bonus Pack is now available worldwide. Contact your IBM representative or IBM Business Partner to determine what level of encryption you are entitled to receive.

Ordering Information

Orders for new licenses are accepted now.

New Licensees

AIX® 5L for POWER Version 5.1 Expansion and Bonus Packs

To receive the AIX 5L Version 5.1 Expansion Pack or the Bonus Pack with your initial order of AIX 5L Version 5.1, place an order for the 5692-A5L SPO using the information from the following tables.

AIX 5L Version 5.1 (5765-E61) customers do the following:

                                             Add
                                             5692-A5L
Program Number                               Feature
 
5692-A5L
   AIX 5.1 Expansion Pack --                 0921
   Includes some products with
   40-bit, 56-bit, 128-bit,
   and Triple DES encryption,
   and certain toolkits
   for encryption
 
5692-A5L
   AIX 5.1 Bonus Pack --                     0920

Evaluation Software

Full-function versions of the following evaluation software programs can be obtained directly from the program supplier.

  • Contact your IBM representative or Business Partner for a full-function version of AIX Fast Connect Version 3.1.1.0, program product
  • Contact SCO for a full-function Tarantella Version 1.4.1 at:

Terms and Conditions

Licensing: Each program contained in the AIX 5L Version 5.1 Expansion or Bonus Pack is licensed under the terms and conditions of that specific program. These terms and conditions may vary depending on the specific program or the program supplier. The terms and conditions of any program contained in the Bonus Pack must be read and accepted before its use. Use of the program indicates your acceptance of its terms and conditions.

This product contains data encryption and is, therefore, subject to special export licensing requirements by the Bureau of Export Administration of the U.S. Department of Commerce. Additionally, encryption is subject to country import restrictions, which may limit content availability.

IBM International Program License Agreement (IPLA): The following IBM programs contained in the AIX 5L Version 5.1 Expansion Pack or Bonus Pack are licensed under the terms and conditions of the IPLA:

  • AIX Certificate and Security Support Version 4.0
  • AIX Certificate and Security Support Version 5.0
  • DES Library Routines for AIX, Version 5.1
  • HTTP Server Version 1.3.12.2
  • IP Security Version 5.0
  • Network Authentication Service Version 1.1
  • SecureWay®-SSL Version 4.0 (for use with SecureWay Directory Version  3.2.1)
  • SecureWay Directory Server Utilities for Maximum Encryption Version  3.2.1 (for use with SecureWay Directory Version 3.2.1)
  • Tools to Build Secure Java™ Applications
  • Web-based System Manager Security Version 5.1

Trial Licensed Programs: The following IBM software is included as part of the AIX 5L Version 5.1 Expansion or Bonus Pack as evaluation software. These programs are licensed under the International License Agreement for Evaluation of Programs .

  • AIX Fast Connect Version 3.1.1.0, Evaluation Software

THESE PROGRAMS MAY CONTAIN A DISABLING DEVICE THAT WILL PREVENT IT FROM BEING USED UPON EXPIRATION OF THIS LICENSE. YOU WILL NOT TAMPER WITH THIS DISABLING DEVICE OR THE PROGRAM. YOU SHOULD TAKE PRECAUTIONS TO AVOID ANY LOSS OF DATA THAT MIGHT RESULT WHEN THE PROGRAM CAN NO LONGER BE USED.

SUBJECT TO ANY STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE WARRANTY OF NON-INFRINGEMENT AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE PROGRAMS OR TECHNICAL SUPPORT, IF ANY.

NEITHER IBM NOR ITS SUPPLIERS ARE LIABLE FOR ANY DIRECT OR INDIRECT DAMAGES, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST SAVINGS, OR ANY INCIDENTAL, SPECIAL, OR OTHER ECONOMIC CONSEQUENTIAL DAMAGES, EVEN IF IBM IS INFORMED OF THEIR POSSIBILITY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU.

Programs from Other Program Suppliers: The following programs contained in AIX 5L Version 5.1 Expansion Pack or Bonus Pack are licensed under the terms and conditions of the program supplier:

  • Adobe Acrobat Reader 4.05
  • Netscape Communicator 4.76
  • SCO Tarantella Version 1.4.1, Evaluation Software

Trial software and evaluation software provided by program suppliers may require a software key from the supplier before use or may contain a disabling device that will prevent it from being used at the expiration of the license and is subject to the same limitations as described in the Trial Licensed Programs section.

Limited Warranty

The following products are not warranted by IBM. Warranty, if any, is provided by the program supplier. IBM makes no warranties, express or implied, including, but not limited to, the implied warranties of non-infringement, merchantability, and fitness for a particular purpose.

  • Adobe Acrobat Reader 4.05
  • Netscape Communicator 4.76
  • SCO Tarantella Version 1.4.1, Evaluation Software

Evaluation Period

AIX Fast Connect Version 3.1.1.0, Evaluation Software: Evaluation software is full-function and is available for 60 days from the time of installation.

SCO Tarantella Version 1.4.1, Evaluation Software: Evaluation software is full-function and available for 60 days from the time of installation.

Program Services

The following IBM programs licensed under the terms and conditions of the IPLA and distributed on the AIX 5L Version 5.1 Expansion Pack or Bonus Pack have these program services end dates:

  • HTTP Server Version 1.3.12.2 — December 31, 2002
  • Network Authentication Service Version 1.1 — December 31, 2002
  • Tools to Build Secure Java Applications — April 30, 2004

All support or advice on the following programs is provided on an as-is basis.

Adobe Acrobat Reader: Service, if any, is provided by the program supplier. Visit the Adobe Service home page at:

You can also download updates from:

AIX Fast Connect Version 3.1.1.0, Evaluation Software: All support provided through IBM channels for this product is provided on a reasonable-effort basis. When purchased as a program product, this product is fully supported.

Netscape Communicator 4.76: For Netscape Communicator support, visit:

For the latest installp image updates, visit:

SCO Tarantella Version 1.4.0.0, Evaluation Software: For service information, visit:

For information on support by phone, fax, ftp, e-mail, post, or BBS, visit:

Order Now

 Use Priority/Reference Code: RE001
 
 Phone:     800-IBM-CALL
 Fax:       800-2IBM-FAX
 Internet:  ibm_direct@us.ibm.com
 Mail:      IBM Atlanta Sales Center
            Dept. RE001
            P.O. Box 2690
            Atlanta, GA  30301-2690

You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.

Note: Shipments will begin after the planned availability date.

Trademarks

 
AIX and SecureWay are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Java is a trademark of Sun Microsystems, Inc.
 
Other company, product, and service names may be trademarks or service marks of others.