1smtnrhdb(1M) System Administration Commands smtnrhdb(1M)
2
6 smtnrhdb - manage entries in the tnrhdb database
7
9 /usr/sadm/bin/smtnrhdb subcommand [auth_args] -- subcommand_args]
10
13 The smtnrhdb command adds, modifies, deletes, and lists entries in the
14 tnrhdb database.
15 The tnrhdb database specifies which remote-host template to use for
18 each host, including the local host, in the distributed system. If a
19 host's IP address cannot be matched to some entry in the tnrhdb data‐
20 base, communication with the host is not permitted.
21 The smtnrhdb command requires the Solaris Management Console to be ini‐
24 tialized for the command to succeed (see smc(1M)). After rebooting the
25 Solaris Management Console server, the first smc connection can time
26 out, so you might need to retry the command.
27 Valid Host Addresses and Wildcards
29 The trusted network software uses a network "longest prefix of matching
30 bits" mechanism when looking for a host. The software looks first for
31 the IP address of the host. If the software does not find this address,
32 then the software falls back to searching for an IP address with the
33 longest prefix of a matching bit pattern, and so on.
34 Note -
36 The actual numeric value of the subnet address or other subnetting
38 information on the system (for example, from the netmasks(4) file)
39 are not considered by this mechanism.
40 Using the "longest prefix of matching bits" mechanism, an IPv4 address
43 of 0.0.0.0 is a wildcard address with a prefix length of 0 and hence
44 matches any IPv4 address. For more information about prefi x lengths in
45 IPv4 and IPv6 addresses, see System Administration Guide: IP Services.
46 The smtnrhdb command accepts a hostname, IP address, and wildcard
49 address with as optional prefix as valid addresses. See subcom‐
50 mand_args, below, for the format of valid addresses.
51
53 smtnrhdb subcommands are:
54 add
56 Adds a new entry to the tnrhdb database. To add an entry, the
58 administrator must have the solaris.network.host.write and
59 solaris.network.security.write authorizations.
60 delete
63 Deletes an entry from the tnrhdb database. To delete an entry, the
65 administrator must have the solaris.network.host.write and
66 solaris.network.security.write authorizations.
67 list
70 Lists all entries in the tnrhdb database. To list an entry, the
72 administrator must have the solaris.network.host.read and
73 solaris.network.security.read authorizations.
74 modify
77 Modifies an entry in the tnrhdb database. To modify an entry, the
79 administrator must have the solaris.network.host.write and
80 solaris.network.security.write authorizations.
81
84 The smtnrhdb authentication arguments, auth_args, are derived from the
85 smc arg set. These arguments are the same regardless of which subcom‐
86 mand you use.
87 The subcommand-specific options, subcommand_args, must be preceded by
90 the -- option.
91 auth_args
93 The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all
94 optional. If no auth_args are specified, certain defaults will be
95 assumed and the user might be prompted for additional information, such
96 as a password for authentication purposes. These letter options can
97 also be specified by their equivalent option words preceded by a double
98 dash. For example, you can use either -D or --domain.
99 -D | --domain domain
101 Specifies the default domain that you want to manage. The syntax of
103 domain=type:/host_name/domain_name, where type is dns, ldap, or
104 file; host_name is the name of the server; and domain_name is the
105 name of the domain you want to manage.
106 If you do not specify this option, the Solaris Management Console
108 assumes the file default domain on whatever server you choose to
109 manage, meaning that changes are local to the server. Toolboxes can
110 change the domain on a tool-by-tool basis; this option specifies
111 the domain for all other tools.
112 -H | --hostname host_name:port
115 Specifies the host_name and port to which you want to connect. If
117 you do not specify a port, the system connects to the default port,
118 898. If you do not specify host_name:port, the Solaris Management
119 Console connects to the local host on port 898.
120 -l | --rolepassword role_password
123 Specifies the password for the role_name. If you specify a
125 role_name but do not specify a role_password, the system prompts
126 you to supply a role_password. Passwords specified on the command
127 line can be seen by any user on the system, hence this option is
128 considered insecure.
129 -p | --password password
132 Specifies the password for the user_name. If you do not specify a
134 password, the system prompts you for one. Passwords specified on
135 the command line can be seen by any user on the system, hence this
136 option is considered insecure.
137 -r | --rolename role_name
140 Specifies a role name for authentication. If you do not specify
142 this option, no role is assumed.
143 -u | --username user_name
146 Specifies the user name for authentication. If you do not specify
148 this option, the user identity running the console process is
149 assumed.
150 --
153 This option is required and must always follow the preceding
155 options. If you do not enter the preceding options, you must still
156 enter the -- option.
157 subcommand_args
160 Note: Descriptions and other arg options that contain white spaces must
161 be enclosed in double quotes.
162 -h
164 Displays the command's usage statement.
166 -H hostname
169 Specifies the name of the host. For the list subcommand, the host‐
171 name argument is not specified. This is not required if the ipad‐
172 dress subcommand argument is specified.
173 -i ipaddress
176 Specifies the IP address of the host. This is not required if the
178 hostname subcommand argument is specified. This option is not valid
179 with the -w option.
180 -n templatename
183 Specifies the name of an existing template.
185 -p prefixlen
188 Specifies the prefix length (in bits) of a wildcard representation
190 of the IP address. The prefix is the left-most portion of the IP
191 address. This option is valid only with the -w option. For example,
192 when the value of -w ipaddress-wildcard is 192.168.0.0, a prefixlen
193 value of 24 indicates that the wildcard matches all addresses on
194 the 192.168.0 network. With a prefixlen of 32, the wildcard
195 192.168.0.0 matches all addresses on the 192.168.0.0 network.
196 -w ipaddress-wildcard
199 Specifies the IP address of the subnet using a wildcard.
201 o One of the following sets of arguments must be specified for
204 subcommand add:
205 -H hostname -n templatename |
207 -i ipaddress -n templatename |
208 -w ipaddress-wildcard -n templatename [ -p prefixlen ] |
209 -h
210 o One of the following sets of arguments must be specified for
214 subcommand modify:
215 -H hostname -n templatename |
217 -i ipaddress -n templatename |
218 -w ipaddress-wildcard -n templatename [ -p prefixlen ] |
219 -h
220 o One of the following sets of arguments must be specified for
224 subcommand delete:
225 -H hostname |
227 -i ipaddress |
228 -w ipaddress-wildcard [ -p prefixlen ] |
229 -h
230 o The subcommand list takes the following argument:
234 -h
236
240 Example 1 Specifying the Template Name for a Wildcard IP Address
241 The admin role specifies the template name, cipso_lan, for a series of
244 hosts that use the IP address wildcard 192.168.113.0 on the local file
245 system. Since no authorization arguments were specified, the adminis‐
246 trator connects to port 898 of the local host on the local server with
247 the file domain type, which are the defaults. The administrator is
248 prompted for the admin password.
249 $ usr/sadm/bin/smtnrhdb add -- -w 192.168.113.0 -n cipso_lan
252 Example 2 Deleting an Entry in the tnrhdb Database
256 The admin role connects to port 898 (which happens to be the default)
259 of the LDAP server and deletes a host entry from the database by speci‐
260 fying its IP address, 192.168.113.8. Since the domain was not speci‐
261 fied, the file domain type and local server are used by default. The
262 administrator is prompted for the admin password.
263 # /usr/sadm/bin/smtnrhdb delete -D ldap:/example.domain -i 192.168.113.8
266 Example 3 Adding a Subnet to the tnrhdb Database
270 The following command adds all the addresses on the 192.168.55.0 sub‐
273 net, from 192.168.55.1 to 192.168.55.255, to the tnrhdb database:
274 # /usr/sadm/bin/smtnrhdb add \
277 -D file:/machine1.ExampleCo.COM/machine1.ExampleCo.COM \
278 -- -w 192.168.55.0 -n cipso
279 Authenticating as user: root
280 Type /? for help, pressing <enter> accepts the default denoted by [ ]
281 Please enter a string value for: password ::
282 Loading Tool: com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
283 from machine1.ExampleCo.COM
284 Login to machine1.ExampleCo.COM as user root was successful.
285 Download of com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
286 from machine1.ExampleCo.COM
287 was successful.
288 Example 4 Adding Subnet 192.168.0 to the tnrhdb Database
292 The following command adds all the addresses on the 192.168.0 subnet,
295 from 192.168.0.1 to 192.168.0.255 to the tnrhdb database. The prefix,
296 24, indicates that the first 24 bits (192.168.0) are fixed. Only the
297 final zero is a wildcard.
298 # /usr/sadm/bin/smtnrhdb add \
301 -D file:/machine1.ExampleCo.COM/machine1.ExampleCo.COM \
302 -- -w 192.168.0.0 -p 24 -n cipso
303 Login to machine1.ExampleCo.COM as user root was successful.
305 Download of com.exampleco.admin.hostmgr.cli.smtnrhdb.HostMgrTnrhdbCli
306 from machine1.ExampleCo.COM was successful.
307
311 The following exit values are returned:
312 0
314 Successful completion.
316 1
319 Invalid command syntax. A usage message displays.
321 2
324 An error occurred while executing the command. An error message
326 displays.
327
330 The following files are used by the smtnrhdb command:
331 /etc/security/tsol/tnrhdb
333 Trusted network remote-host database.
335
338 See attributes(5) for descriptions of the following attributes:
339 ┌─────────────────────────────┬─────────────────────────────┐
344 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
345 ├─────────────────────────────┼─────────────────────────────┤
346 │Availability │SUNWmgts │
347 ├─────────────────────────────┼─────────────────────────────┤
348 │Interface Stability │Committed │
349 └─────────────────────────────┴─────────────────────────────┘
350
352 smc(1M), netmasks(4), attributes(5)
353 System Administration Guide: Security Services
356
358 The functionality described on this manual page is available only if
359 the system is configured with Trusted Extensions.
360SunOS 5.11 19 Dec 2008 smtnrhdb(1M)