NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO
The smnettmpl command adds, modifies, deletes, and lists entries in the tnrhtp database.
smnettmpl subcommands are:
Adds a new entry to the network template database. To add an entry, the administrator must have the solaris.network.security.read
and solaris.network.security.write
authorizations.
Modifies an entry in the network template database. To modify an entry, the administrator must have the solaris.network.security.read
and solaris.network.security.write
authorizations.
Deletes an entry from the network template database. To delete an entry, the administrator must have the solaris.network.security.read
and solaris.network.security.write
authorizations.
Lists entries in the network template database. To list an entry, the administrator must have the solaris.network.security.read
authorizations.
The smnettmpl authentication arguments, auth_args, are derived from the smc(1M) arg set and are the same regardless of which subcommand you use. The smnettmpl command requires the SMC to be initialized for the command to succeed (see smc(1M)). After rebooting the SMC server, the first smc connection may time out, so you may need to retry the command.
The subcommand-specific options, subcommand_args, must be preceded by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user may be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.
Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is nis, nisplus, dns, ldap, or file; host_name is the name of the machine that serves the domain; and domain_name is the name of the domain you want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the SMC assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the SMC connects to the local host on port 898.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
Specifies the allowed privilege. Values can be a privilege name or number. Multiple privileges must be separated by a comma.
Specifies the clearance. Values can be a hex value or string (such as admin_low).
Specifies the forced privilege. Values can be a privilege name or number. Multiple privileges must be separated by a comma.
Displays the command's usage statement.
Specifies the IP label type. Valid values are none, ripso, or cipso.
Specifies the label in CMW label format. Values can be a hex value or string (such as [admin_low]).
Specifies the template name of the template.
Specifies the hosttype of the new host. Valid values are unlabeled, sun_tsol, cipso, ripso, and tsix.
Specifies the DOI value.
Specifies the maximum label. Values can be a hex value or string (such as admin_low).
Specifies the minimum label. Values can be a hex value or string (such as admin_low).
Specifies the ripso return PAF. Valid values are GENSER, SIOP-ESI, SCI, NSA, or DOE.
Specifies the ripso send class. Valid values are Top Secret, Secret, Confidential, or Unclassified.
Specifies the ripso send PAF. Valid values are GENSER, SIOP-ESI, SCI, NSA, or DOE.
One of the following sets of arguments must be specified for subcommand add:
-n template name (
-t hosttype=sun_tsol -x min=minimum_label -x max=maximum_label -a allowed_privilege ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) -x DOI=doi_value |
-t hosttype=unlabeled -x min=minimum_label -x max=maximum_label -l label -c clearance -f forced_privilege [ ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) ] -x DOI=doi_value |
-t hosttype=ripso -x min=minimum_label -x max=maximum_label -l label -c clearance -f forced_privilege -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF -x DOI=doi_value |
-t hosttype=cipso -x min=minimum_label -x max=maximum_label -c clearance -f forced_privilege -x DOI=doi_value |
-t hosttype=tsix -x min=minimum_label -x max=maximum_label -a allowed_privilege ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) -x DOI=doi_value |
-h
)
One of the following sets of arguments must be specified for subcommand modify:
-n template name (
-t hosttype=sun_tsol -x min=minimum_label -x max=maximum_label -a allowed_privilege ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) -x DOI=doi_value |
-t hosttype=unlabeled -x min=minimum_label -x max=maximum_label -l label -c clearance -f forced_privilege [ ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) ] -x DOI=doi_value |
-t hosttype=ripso -x min=minimum_label -x max=maximum_label -l label -c clearance -f forced_privilege -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF -x DOI=doi_value |
-t hosttype=cipso -x min=minimum_label -x max=maximum_label -c clearance -f forced_privilege -x DOI=doi_value |
-t hosttype=tsix -x min=minimum_label -x max=maximum_label -a allowed_privilege ( -i none | -i ripso -x ripsoSC=RipsoSendClass -x ripsoSPAF=RipsoSendPAF -x ripsoRPAF=RipsoReturnPAF | -i cipso ) -x DOI=doi_value |
-h
)
Note: If the host type is changed, all options for the new host type must be specified.
One of the following sets of arguments must be specified for subcommand delete:
-n template name |
-h
The following argument may be specified for subcommand list:
-h
The admin role connects to port 898 (which happens to be the default) of the aviary server on the nis:/birds/aves.Sun.COM domain, and creates the tsol entry in the tnrhtp database. The new template is assigned a host type of unlabeled, minimum label of confidential, maximum label of top secret, label of secret, clearance of top secret able baker, forced privilege of all, IP label type of cipso, and domain of interpretation of 1. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smnettmpl add -D nis:/birds/aves.Sun.COM -H aviary:898 -- \ -n tsol -t hosttype=unlabeled -x min=confidential -x max="top secret" \ -l secret -c "ts a b" -f all -i cipso -x DOI=1 |
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following files are used by the smnettmpl command:
Trusted network remote-host templates. See tnrhtp(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWmgapp |
smc(1M), tnrhtp(4)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO