Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

The tarantella Command

Syntax

Description

Examples

The tarantella archive Command

Syntax

Description

Examples

The tarantella array Command

Syntax

Description

Examples

tarantella array add_backup_primary

Syntax

Description

Examples

tarantella array clean

Syntax

Description

Examples

tarantella array detach

Syntax

Description

Examples

tarantella array edit_backup_primary

Syntax

Description

Examples

tarantella array join

Syntax

Description

Examples

tarantella array list

Syntax

Examples

tarantella array list_backup_primaries

Syntax

Description

Examples

tarantella array make_primary

Syntax

Description

Examples

tarantella array remove_backup_primary

Syntax

Description

Examples

The tarantella cache Command

Syntax

Description

Examples

The tarantella config Command

Syntax

Description

Examples

tarantella config edit

Syntax

Description

Examples

tarantella config list

Syntax

Description

Examples

The tarantella emulatorsession Command

Syntax

Description

Examples

tarantella emulatorsession list

Syntax

Description

Examples

tarantella emulatorsession info

Syntax

Description

Examples

tarantella emulatorsession shadow

Syntax

Description

Examples

tarantella emulatorsession suspend

Syntax

Description

Examples

tarantella emulatorsession end

Syntax

Description

Examples

The tarantella help Command

Syntax

Description

Examples

The tarantella object Command

Syntax

Description

Examples

tarantella object add_host

Syntax

Description

Examples

tarantella object add_link

Syntax

Description

Examples

tarantella object add_mapping

Syntax

Description

Examples

tarantella object add_member

Syntax

Description

Examples

tarantella object delete

Syntax

Description

Examples

tarantella object edit

Syntax

Description

Examples

tarantella object list_attributes

Syntax

Description

Examples

tarantella object list_contents

Syntax

Description

Examples

tarantella object new_3270app

Syntax

Description

Examples

tarantella object new_5250app

Syntax

Description

Examples

tarantella object new_charapp

Syntax

Description

Examples

tarantella object new_container

Syntax

Description

Examples

tarantella object new_dc

Syntax

Description

Examples

tarantella object new_doc

Syntax

Description

Examples

tarantella object new_dynamicapp

Syntax

Description

Examples

tarantella object new_group

Syntax

Description

Examples

tarantella object new_host

Syntax

Description

Examples

tarantella object new_org

Syntax

Description

Examples

tarantella object new_orgunit

Syntax

Description

Examples

tarantella object new_person

Syntax

Description

Examples

tarantella object new_windowsapp

Syntax

Description

Examples

tarantella object new_xapp

Syntax

Description

Examples

tarantella object remove_host

Syntax

Description

Examples

tarantella object remove_link

Syntax

Description

Examples

tarantella object remove_mapping

Syntax

Description

Examples

tarantella object remove_member

Syntax

Description

Examples

tarantella object rename

Syntax

Description

Examples

tarantella object script

Syntax

Description

Examples

The tarantella passcache Command

Syntax

Description

Examples

tarantella passcache delete

Syntax

Description

Examples

tarantella passcache edit

Syntax

Description

Examples

tarantella passcache list

Syntax

Description

Examples

tarantella passcache new

Syntax

Description

Examples

The tarantella print Command

Syntax

Description

Examples

tarantella print cancel

Syntax

Description

Examples

tarantella print list

Syntax

Description

Examples

tarantella print move

Syntax

Description

Examples

tarantella print pause

Syntax

Description

Examples

tarantella print resume

Syntax

Description

Examples

tarantella print start

Syntax

Description

Examples

tarantella print status

Syntax

Description

Examples

tarantella print stop

Syntax

Description

Examples

The tarantella query Command

Syntax

Description

Examples

tarantella query audit

Syntax

Description

Using a Filter

Examples

tarantella query billing

Syntax

Description

Examples

tarantella query errlog

Syntax

Description

Examples

tarantella query uptime

Syntax

Description

Examples

The tarantella restart Command

Syntax

Description

Examples

tarantella restart sgd

Syntax

Description

Examples

tarantella restart webserver

Syntax

Description

Examples

The tarantella role Command

Syntax

Description

Examples

tarantella role add_link

Syntax

Description

Examples

tarantella role add_member

Syntax

Description

Examples

tarantella role list

Syntax

Description

Examples

tarantella role list_links

Syntax

Description

Examples

tarantella role list_members

Syntax

Description

Examples

tarantella role remove_link

Syntax

Description

Examples

tarantella role remove_member

Syntax

Description

Examples

The tarantella security Command

Syntax

Description

Examples

tarantella security certinfo

Syntax

Description

Examples

tarantella security certrequest

Syntax

Description

Examples

tarantella security certuse

Syntax

Description

Examples

tarantella security customca

Syntax

Description

Examples

tarantella security decryptkey

Syntax

Description

Examples

tarantella security disable

Syntax

Description

Examples

tarantella security enable

Syntax

Description

Examples

tarantella security fingerprint

Syntax

Description

Examples

tarantella security peerca

Syntax

Description

Examples

tarantella security selfsign

Syntax

Description

Examples

tarantella security start

Syntax

Description

Examples

tarantella security stop

Syntax

Description

Examples

The tarantella service Command

Syntax

Description

Examples

tarantella service delete

Syntax

Description

Examples

tarantella service edit

Syntax

Description

Examples

tarantella service list

Syntax

Description

Examples

tarantella service new

Syntax

Description

Examples

The tarantella setup Command

Syntax

Description

Examples

The tarantella start Command

Syntax

Description

Examples

tarantella start cdm

Syntax

Description

Examples

tarantella start sgd

Syntax

Description

Examples

tarantella start webserver

Syntax

Description

Examples

The tarantella status Command

Syntax

Description

Examples

The tarantella stop Command

Syntax

Description

Examples

tarantella stop cdm

Syntax

Description

Examples

tarantella stop sgd

Syntax

Description

Examples

tarantella stop webserver

Syntax

Description

Examples

The tarantella tokencache Command

Syntax

Description

Examples

tarantella tokencache delete

Syntax

Description

Examples

tarantella tokencache list

Syntax

Description

Examples

The tarantella tscal Command

Syntax

Description

Examples

tarantella tscal free

Syntax

Description

Examples

tarantella tscal list

Syntax

Description

Examples

tarantella tscal return

Syntax

Description

Examples

The tarantella uninstall Command

Syntax

Description

Examples

The tarantella version Command

Syntax

Description

Examples

The tarantella webserver Command

Syntax

Description

Examples

tarantella webserver add_trusted_user

Syntax

Description

Examples

tarantella webserver delete_trusted_user

Syntax

Description

Examples

tarantella webserver list_trusted_users

Syntax

Description

Examples

The tarantella webtopsession Command

Syntax

Description

Examples

tarantella webtopsession list

Syntax

Description

Examples

tarantella webtopsession logout

Syntax

Description

Examples

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

The tarantella service Command

You use this command to manage service objects used for the following SGD authentication mechanisms:

See Using Service Objects for more details about service objects.

Syntax

tarantella service delete | edit | list | new 

Description

The following table shows the available subcommands for this command.

Subcommand
Description
More Information
delete
Deletes a service object
edit
Edits a service object
list
Lists service objects and their attributes
new
Creates a new service object

Note - All commands include a --help option. You can use tarantella service subcommand --help to get help on a specific command.


Examples

The following example lists all of the available service objects and their attribute values.

$ tarantella service list

The following example deletes the mainldap service object.

$ tarantella service delete --name mainldap

tarantella service delete

Deletes a service object.

See Using Service Objects for more details about service objects.

Syntax
tarantella service delete { --name obj...
                          } | --file file
Description

The following table shows the available options for this command.

Option
Description
--name
Specifies the name of the service object to delete. This can be a space-separated list of names.
--file
Specifies a file containing a batch of commands to delete service objects.
Examples

The following example deletes the east service object.

$ tarantella service delete --name east

tarantella service edit

Edits one or more attributes for a service object.

See Using Service Objects for more details about service objects.

Syntax
tarantella service edit {
                       --name obj
                     [ --url url... ]
                     [ --position pos ]
                     [ --enabled 0|1 ]
                     [ --operation-timeout timeout ]
                     [ --base-domain domain ]
                     [ --default-domain domain ]
                     [ --black-list list ]
                     [ --white-list list ]
                     [ --security-mode ""|clientcerts]
                     [ --auth-mode kerberos|ssl ]
                     [ --site-aware 0|1 ]
                     [ --site-name name ]
                     [ --check-pwd-policy 0|1 ]
                     [ --pwd-expiry-warn-threshold threshold ]
                     [ --pwd-expiry-fail-threshold threshold ]
                     [ --domain-list domains ]
                     [ --password-update-mode ldapuser|ldapadmin]
                     [ --lookupcache-timeout timeout ]
                     [ --ad-alwaysusegc 0|1 ]
                     [ --suffix-mappings mappings ]
                     } | --file file
Description

The following table shows the available options for this command.

Option
Description
--name
The name of the service object to edit.

See Name for more details.

--url
The URLs of the LDAP directories or the URL of an Active Directory forest.

The URL(s) must be unique. Different service objects cannot use the same URL(s).

See URLs for more details.

--position
A number that specifies the position of the service object in the list of service objects. The number 1 means first position in the list.
--enabled
Whether the service object is enabled for use for authentication.

See Enabled for more details.

--operation-timeout
Period of time, in seconds, to wait for a directory server to respond to an LDAP operation.

See LDAP Operation Timeout for more details.

--base-domain
The domain that SGD uses for Active Directory authentication if users only supply a partial domain when they log in.

See Active Directory Base Domain for more details.

Applies only to Active Directory service objects.

--default-domain
The domain that SGD uses for Active Directory authentication if users do not supply a domain when they log in.

See Active Directory Default Domain for more details.

Applies only to Active Directory service objects.

--black-list
A list of Active Directory servers which are never used for LDAP queries.

See Blacklists for more details.

Applies only to Active Directory service objects.

--white-list
A list of Active Directory servers which are always used for LDAP queries. Servers not included in the list cannot be used.

See Whitelists for more details.

Applies only to Active Directory service objects.

--security-mode
Whether client certificates are used to authenticate the SSL connection to an Active Directory server. This option is only used if --auth-mode is SSL.

See SSL Connections to Active Directory for more details.

Applies only to Active Directory service objects.

--auth-mode
The mechanism used to secure the connection to an Active Directory server, either Kerberos or SSL. Kerberos is used by default.

See SSL Connections to Active Directory for more details.

Applies only to Active Directory service objects.

--site-aware
Enables site awareness for the service object. If --site-name is not set, SGD attempts to discover site information automatically by contacting the global catalog.

See Sites for more details.

Applies only to Active Directory service objects.

--site-name
A site name for the service object. This option is only used if --site-aware is enabled.

See Sites for more details.

Applies only to Active Directory service objects.

--check-pwd-policy
Whether a user’s password policy should be checked at authentication time. This option is used to enable LDAP password expiry features.

See Password Expiry for more details.

--pwd-expiry-warn-threshold
The period of time, in seconds, before password expiry where a warning message is shown on the webtop.

See Password Expiry for more details.

--pwd-expiry-fail-threshold
The period of time, in seconds, before password expiry where authentication is denied for a user and they are forced to update their password.

See Password Expiry for more details.

--domain-list
Defines a list of domains to be contacted when SGD starts.

See Domain Lists for more details.

Applies only to Active Directory service objects.

--password-update-mode
Determines how aged passwords are handled.

The default setting is ldapuser, meaning that passwords are updated using the authenticated user credentials. This results in a password change.

A setting of ldapadmin means that passwords are updated using the credentials of the service object.

See LDAP Password Update Mode for more details.

Applies only to LDAP service objects.

--lookupcache-timeout
The length of time, in seconds, for which LDAP lookup cache entries on the SGD server are held.

See Lookup Cache Timeout for more details.

--ad-alwaysusegc
Whether the global catalog is always be used for lookups. Enabling this option can speed up LDAP searches.

See Search Only the Global Catalog for more details.

Applies only to Active Directory service objects.

--suffix-mappings
A list of mappings between domain names, used for Kerberos authentication.

Each entry should be of the form suffix=domain, for example test.east.example.com=east.example.com.

See Suffix Mappings for more details.

Applies only to Active Directory service objects.

--file
Specifies a file containing a batch of commands to edit service object attributes.
Examples

The following example disables the testldap service object.

$ tarantella service edit --name testldap --enabled 0 

The following example changes the position of the mainldap service object to third in the list of service objects.

$ tarantella service edit --name mainldap --position 3 

tarantella service list

Lists the available service objects and their attributes.

See Using Service Objects for more details about service objects.

Syntax
tarantella service list { [ --name obj ]
                          [ --setting... ]
                        } | --file file
Description

The following table shows the available options for this command.

Option
Description
--name
Specifies the name of the service object to list. If no --name is specified, all service objects and their attribute values are listed.
--setting
Names a service object attribute you want to list the value for. If no --setting is specified, all attributes are listed for the service object.
--file
Specifies a file containing a batch of commands to list service objects and their attribute settings.
Examples

The following example lists all service objects in their position order and their attribute values.

$ tarantella service list

The following example lists the values of the URL and Enabled attributes for the mainldap service object.

$ tarantella service list --name mainldap --url --enabled

The following example lists the all attribute values for the mainldap service object.

$ tarantella service list --name mainldap

tarantella service new

Creates a new service object.

By default, new service objects are enabled and added in the last position in the list of service objects.

See Using Service Objects for more details about service objects.

Syntax
tarantella service new { 
                       --name obj 
                       --type ldap|ad 
                       --url url... 
                     [ --position pos ]
                     [ --enabled 0|1 ]
                     [ --operation-timeout timeout ]
                     [ --base-domain domain ]
                     [ --default-domain domain ]
                     [ --black-list list ]
                     [ --white-list list ]
                     [ --security-mode ""|clientcerts]
                     [ --auth-mode kerberos|ssl ]
                     [ --site-aware 0|1 ]
                     [ --site-name name ]
                     [ --check-pwd-policy 0|1 ]
                     [ --pwd-expiry-warn-threshold threshold ]
                     [ --pwd-expiry-fail-threshold threshold ]
                     [ --domain-list domains ]
                     [ --password-update-mode ldapuser|ldapadmin]
                     [ --lookupcache-timeout timeout ]
                     [ --ad-alwaysusegc 0|1 ]
                     [ --suffix-mappings mappings ]
                     } | --file file
Description

The following table shows the available options for this command.

Option
Description
--name
The name of the service object to create.

See Name for more details.

--type
The service object type, either LDAP or Active Directory.

See Type for more details.

--url
The URLs of the LDAP directories or the URL of an Active Directory forest.

The URL(s) must be unique. Different service objects cannot use the same URL(s).

See URLs for more details.

--position
A number that specifies the position of the service object in the list of service objects. The number 1 means first position in the list.
--enabled
Whether the service object is enabled for use.

See Enabled for more details.

--operation-timeout
Period of time, in seconds, to wait for a directory server to respond to an LDAP operation.

See LDAP Operation Timeout for more details.

--base-domain
The domain that SGD uses for Active Directory authentication if users only supply a partial domain when they log in.

See Active Directory Base Domain for more details.

Applies only to Active Directory service objects.

--default-domain
The domain that SGD uses for Active Directory authentication if users do not supply a domain when they log in.

See Active Directory Default Domain for more details.

Applies only to Active Directory service objects.

--black-list
A list of Active Directory servers which are never used for LDAP queries.

See Blacklists for more details.

Applies only to Active Directory service objects.

--white-list
A list of Active Directory servers which are always used for LDAP queries. Servers not included in the list cannot be used.

See Whitelists for more details.

Applies only to Active Directory service objects.

--security-mode
Whether client certificates are used to authenticate the SSL connection to an Active Directory server. This option is only used if --auth-mode is SSL.

See SSL Connections to Active Directory for more details.

Applies only to Active Directory service objects.

--auth-mode
The mechanism used to secure the connection to an Active Directory server, either Kerberos or SSL. Kerberos is used by default.

See SSL Connections to Active Directory for more details.

Applies only to Active Directory service objects.

--site-aware
Enables site awareness for the service object. If --site-name is not set, SGD attempts to discover site information automatically by contacting the global catalog.

See Sites for more details.

Applies only to Active Directory service objects.

--site-name
A site name for the service object. This option is only used if --site-aware is enabled.

See Sites for more details.

Applies only to Active Directory service objects.

--check-pwd-policy
Whether a user’s password policy should be checked at authentication time. This option is used to enable LDAP password expiry features.

See Password Expiry for more details.

--pwd-expiry-warn-threshold
The period of time, in seconds, before password expiry where a warning message is shown on the webtop.

See Password Expiry for more details.

--pwd-expiry-fail-threshold
The period of time, in seconds, before password expiry where authentication is denied for a user and they are forced to update their password.

See Password Expiry for more details.

--domain-list
Defines a list of domains to be contacted when SGD starts.

See Domain Lists for more details.

Applies only to Active Directory service objects.

--password-update-mode
Determines how aged passwords are handled.

The default setting is ldapuser, meaning that passwords are updated using the authenticated user credentials. This results in a password change.

A setting of ldapadmin means that passwords are updated using credentials of the service object. This results in a password reset.

See LDAP Password Update Mode for more details.

Applies only to LDAP service objects.

--lookupcache-timeout
The length of time, in seconds, for which LDAP lookup cache entries on the SGD server are held.

See Lookup Cache Timeout for more details.

--ad-alwaysusegc
Whether the global catalog is always be used for lookups. Enabling this option can speed up LDAP searches.

See Search Only the Global Catalog for more details.

Applies only to Active Directory service objects.

--suffix-mappings
A list of mappings between domain names, used for Kerberos authentication.

Each entry should be of the form suffix=domain, for example test.east.example.com=east.example.com.

See Suffix Mappings for more details.

Applies only to Active Directory service objects.

--file
Specifies a file containing a batch of commands to edit service object attributes.
Examples

The following example creates an LDAP service object called mainldap. The service object is set to third position in the list of service objects and is enabled by default.

$ tarantella service new \
--name mainldap --type ldap \ 
--url "ldap://main1.example.com;ldap://main2.example.com" \ 
--position 3 

The following example creates an Active Directory service object called east. The service object is in the last position in the list of service objects by default, and is set to disabled.

$ tarantella service new \
--name east --type ad \
--url "ad://east.example.com" \
--enabled 0