Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

smtnrhdb


NAME
     smtnrhdb - manage entries in the tnrhdb database

SYNOPSIS
     /usr/sadm/bin/smtnrhdb subcommand [auth_args] -- subcommand_args]


DESCRIPTION
     The smtnrhdb command  adds,  modifies,  deletes,  and  lists
     entries in the tnrhdb database.


     The tnrhdb database specifies which remote-host template  to
     use  for each host, including the local host, in the distri-
     buted system. If a host's  IP  address cannot be matched  to
     some  entry  in  the tnrhdb database, communication with the
     host is not permitted.


     The smtnrhdb command requires the Solaris Management Console
     to  be initialized for the command to succeed (see smc(1M)).
     After rebooting the Solaris Management Console  server,  the
     first  smc  connection  can  time  out, so you might need to
     retry the command.

  Valid Host Addresses and Wildcards
     The trusted network software uses a network "longest  prefix
     of  matching  bits"  mechanism  when looking for a host. The
     software looks first for the IP address of the host. If  the
     software does not find this address, then the software falls
     back to searching for an IP address with the longest  prefix
     of a matching bit pattern, and so on.

     Note -

       The actual numeric value of the subnet  address  or  other
       subnetting   information  on the system (for example, from
       the  netmasks(4)   file)   are   not  considered  by  this
       mechanism.


     Using the "longest prefix of matching  bits"  mechanism,  an
     IPv4  address of 0.0.0.0 is a wildcard address with a prefix
     length of 0 and hence matches any  IPv4  address.  For  more
     information   about   prefi  x  lengths  in  IPv4  and  IPv6
     addresses, see System Administration Guide: IP Services.


     The smtnrhdb command accepts a  hostname,  IP  address,  and
     wildcard address with as optional prefix as valid addresses.
     See  subcommand_args,  below,  for  the  format   of   valid
     addresses.

SUB-COMMANDS
     smtnrhdb subcommands are:

     add

         Adds a new entry to  the  tnrhdb  database.  To  add  an
         entry,     the     administrator     must    have    the
         solaris.network.host.write                           and
         solaris.network.security.write authorizations.


     delete

         Deletes an entry from the tnrhdb database. To delete  an
         entry,     the     administrator     must    have    the
         solaris.network.host.write                           and
         solaris.network.security.write authorizations.


     list

         Lists all entries in the tnrhdb  database.  To  list  an
         entry,     the     administrator     must    have    the
         solaris.network.host.read                            and
         solaris.network.security.read authorizations.


     modify

         Modifies an entry in the tnrhdb database. To  modify  an
         entry,     the     administrator     must    have    the
         solaris.network.host.write                           and
         solaris.network.security.write authorizations.


OPTIONS
     The  smtnrhdb  authentication  arguments,   auth_args,   are
     derived  from  the smc arg set. These arguments are the same
     regardless of which subcommand you use.


     The subcommand-specific options,  subcommand_args,  must  be
     preceded by the -- option.

  auth_args
     The valid auth_args are -D, -H, -l, -p, -r, and -u; they are
     all   optional.  If  no  auth_args  are  specified,  certain
     defaults will be assumed and the user might be prompted  for
     additional  information,  such as a password for authentica-
     tion purposes. These letter options can also be specified by
     their equivalent option words preceded by a double dash. For
     example, you can use either -D or --domain.
     -D | --domain domain

         Specifies the default domain that you  want  to  manage.
         The  syntax of domain=type:/host_name/domain_name, where
         type is dns, ldap, or file; host_name is the name of the
         server;  and  domain_name  is the name of the domain you
         want to manage.

         If you do not specify this option, the  Solaris  Manage-
         ment Console assumes the file default domain on whatever
         server you choose to manage, meaning  that  changes  are
         local  to the server. Toolboxes can change the domain on
         a tool-by-tool basis; this option specifies  the  domain
         for all other tools.


     -H | --hostname host_name:port

         Specifies the host_name and port to which  you  want  to
         connect.  If  you do not specify a port, the system con-
         nects to the default port, 898. If you  do  not  specify
         host_name:port,  the Solaris Management Console connects
         to the local host on port 898.


     -l | --rolepassword role_password

         Specifies the password for the role_name. If you specify
         a role_name but do not specify a role_password, the sys-
         tem prompts you to  supply  a  role_password.  Passwords
         specified on the command line can be seen by any user on
         the system, hence this option is considered insecure.


     -p | --password password

         Specifies the password for the user_name. If you do  not
         specify  a  password,  the  system  prompts you for one.
         Passwords specified on the command line can be  seen  by
         any  user on the system, hence this option is considered
         insecure.


     -r | --rolename role_name

         Specifies a role name for authentication. If you do  not
         specify this option, no role is assumed.


     -u | --username user_name

         Specifies the user name for authentication.  If  you  do
         not  specify  this option, the user identity running the
         console process is assumed.


     --

         This option is  required  and  must  always  follow  the
         preceding  options.  If  you  do not enter the preceding
         options, you must still enter the -- option.


  subcommand_args
     Note: Descriptions and other arg options that contain  white
     spaces must be enclosed in double quotes.

     -h

         Displays the command's usage statement.


     -H hostname

         Specifies the name of the host. For the list subcommand,
         the  hostname  argument  is  not  specified. This is not
         required if the ipaddress subcommand argument is  speci-
         fied.


     -i ipaddress

         Specifies the IP  address  of  the  host.  This  is  not
         required  if  the hostname subcommand argument is speci-
         fied. This option is not valid with the -w option.


     -n templatename

         Specifies the name of an existing template.


     -p prefixlen

         Specifies the prefix length  (in  bits)  of  a  wildcard
         representation  of  the  IP  address.  The prefix is the
         left-most portion of the  IP  address.  This  option  is
         valid  only  with  the  -w option. For example, when the
         value of -w ipaddress-wildcard is 192.168.0.0, a prefix-
         len  value of 24 indicates that the wildcard matches all
         addresses on the 192.168.0 network. With a prefixlen  of
         32,  the  wildcard  192.168.0.0 matches all addresses on
         the 192.168.0.0 network.

     -w ipaddress-wildcard

         Specifies the IP address of the subnet using a wildcard.


         o    One of the following  sets  of  arguments  must  be
              specified for subcommand add:

                -H hostname -n templatename |
                -i ipaddress -n templatename |
                -w ipaddress-wildcard -n templatename [ -p prefixlen ] |
                -h



         o    One of the following  sets  of  arguments  must  be
              specified for subcommand modify:

                -H hostname -n templatename |
                -i ipaddress -n templatename |
                -w ipaddress-wildcard -n templatename [ -p prefixlen ] |
                -h



         o    One of the following  sets  of  arguments  must  be
              specified for subcommand delete:

                -H hostname |
                -i ipaddress |
                -w ipaddress-wildcard [ -p prefixlen ] |
                -h



         o    The subcommand list takes the following argument:

                -h



EXAMPLES
     Example 1 Specifying the Template Name  for  a  Wildcard  IP
     Address


     The admin role specifies the template name, cipso_lan, for a
     series   of   hosts   that   use  the  IP  address  wildcard
     192.168.113.0 on the local file system. Since no  authoriza-
     tion arguments were specified, the administrator connects to
     port 898 of the local host on the local server with the file
     domain  type,  which  are the defaults. The administrator is
     prompted for the admin password.


       $ usr/sadm/bin/smtnrhdb add -- -w 192.168.113.0 -n cipso_lan



     Example 2 Deleting an Entry in the tnrhdb Database


     The admin role connects to port 898 (which happens to be the
     default)  of  the  LDAP server and deletes a host entry from
     the database by specifying its  IP  address,  192.168.113.8.
     Since the domain was not specified, the file domain type and
     local server are  used  by  default.  The  administrator  is
     prompted for the admin password.


       # /usr/sadm/bin/smtnrhdb delete -D ldap:/example.domain -i 192.168.113.8



     Example 3 Adding a Subnet to the tnrhdb Database


     The  following  command  adds  all  the  addresses  on   the
     192.168.55.0 subnet, from 192.168.55.1 to 192.168.55.255, to
     the tnrhdb database:


       # /usr/sadm/bin/smtnrhdb add \
       -D file:/machine1.ExampleCo.COM/machine1.ExampleCo.COM \
        -- -w 192.168.55.0 -n cipso
       Authenticating as user: root
       Type /? for help, pressing <enter> accepts the default denoted by [ ]
       Please enter a string value for: password ::
       Loading Tool: com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
       from machine1.ExampleCo.COM
       Login to machine1.ExampleCo.COM as user root was successful.
       Download of com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
       from machine1.ExampleCo.COM
       was successful.



     Example 4 Adding Subnet 192.168.0 to the tnrhdb Database


     The  following  command  adds  all  the  addresses  on   the
     192.168.0  subnet,  from 192.168.0.1 to 192.168.0.255 to the
     tnrhdb database. The prefix, 24, indicates that the first 24
     bits  (192.168.0)  are  fixed.  Only  the  final  zero  is a
     wildcard.


       # /usr/sadm/bin/smtnrhdb add \
       -D file:/machine1.ExampleCo.COM/machine1.ExampleCo.COM \
        -- -w 192.168.0.0 -p 24 -n cipso

       Login to machine1.ExampleCo.COM as user root was successful.
       Download of com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
       from machine1.ExampleCo.COM was successful.



EXIT STATUS
     The following exit values are returned:

     0

         Successful completion.


     1

         Invalid command syntax. A usage message displays.


     2

         An error occurred while executing the command. An  error
         message displays.


FILES
     The following files are used by the smtnrhdb command:

     /etc/security/tsol/tnrhdb

         Trusted network remote-host database.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:









     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWmgts                    |
    |_____________________________|_____________________________|
    | Interface Stability         | Committed                   |
    |_____________________________|_____________________________|


SEE ALSO
     smc(1M), netmasks(4), attributes(5)


     System Administration Guide: Security Services

NOTES
     The functionality described on this manual page is available
     only if the system is configured with Trusted Extensions.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments