NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO
The smnetidb command adds, modifies, deletes, and lists entries in the tnidb database.
smnetidb subcommands are:
Adds a new entry to the tnidb database. To add an entry, the administrator must have the solaris.network.host.write
and solaris.network.security.write
authorizations.
Modifies an entry in the tnidb database. To modify an entry, the administrator must have the solaris.network.host.write
and solaris.network.security.write
authorizations.
Deletes an entry from the tnidb database. To delete an entry, the administrator must have the solaris.network.host.write
and solaris.network.security.write
authorizations.
Lists entries in the tnidb database. To list an entry, the administrator must have the solaris.network.host.read
and solaris.network.security.read
authorizations.
The smnetidb authentication arguments, auth_args, are derived from the smc(1M) arg set and are the same regardless of which subcommand you use. The smnetidb command requires the SMC to be initialized for the command to succeed (see smc(1M)). After rebooting the SMC server, the first smc connection may time out, so you may need to retry the command.
The subcommand-specific options, subcommand_args, must be preceded by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user may be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.
Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is nis, nisplus, dns, ldap, or file; host_name is the name of the machine that serves the domain; and domain_name is the name of the domain you want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the SMC assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the SMC connects to the local host on port 898.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
Specifies the clearance for the interface.
Specifies the forced privileges for the interface entry. Values can be all, none, empty, or a comma-separated list of privilege names (not privilege numbers).
Displays the command's usage statement.
Specifies the CMW label for the interface entry.
Specifies the name for the interface entry.
Specifies the maximum label for the interface entry.
Specifies the minimum label for the interface entry.
One of the following sets of arguments must be specified for subcommand add:
-n interfacename -x min=minimum_label -x max=maximum_label -l label -c clearance -f forced_privileges |
-h
One of the following sets of arguments must be specified for subcommand modify:
-n interfacename { [-x min=minimum_label] [-x max=maximum_label] [-l label] [-c clearance] [-f forced_privileges] } |
-h
One of the following arguments must be specified for subcommand delete:
-n interfacename |
-h
The following argument may be specified for subcommand list:
-h
The admin role creates a new interface entry, le0, with a minimum label of confidential, maximum label of top secret, label of [secret], clearance of ts a b, and forced privileges of all. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smnetidb add -- -n le0 \ -x min=confidential -x max="top secret" -l "[secret]" -c "ts a b" \ -f all |
The user modifies the le0 entry in the tnidb database, changing its minimum label to secret and its forced privileges to net_mac_read, net_reply_equal, and net_privaddr. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smnetidb modify -- -n le0 -x min=secret \ -f net_mac_read,net_reply_equal,net_privaddr |
The admin role deletes the le0 entry in the tnidb database. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smnetidb delete -- -n le0 |
The admin role lists the entries in the tnidb database. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smnetidb list -- |
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following files are used by the smnetidb command:
Trusted network interface-control database. See tnidb(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWmgapp |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO