NAME

      mxnodesecurity - add, list, or remove node credentials in Systems
      Insight Manager


SYNOPSIS

      mxnodesecurity -a -p protocol -c username:password [-n nodename ]
      mxnodesecurity -a -f filename
      mxnodesecurity -r -p protocol [-n nodename ]
      mxnodesecurity -r -f filename
      mxnodesecurity -l [-p protocol ] [-n nodename ]
      mxnodesecurity


DESCRIPTION

      The mxnodesecurity command allows a Systems Insight Manager Central
      Management Server (CMS) user to add, list, or remove credentials in
      the CMS.	Command line requests are logged in the nodesecurity.xml
      repository located at /var/opt/mx/config.	 This file only allows
      privileged user access.

      The mxnodesecurity add option allows a user to add a node credential.
      The add option may be used in one of two ways.  The user may specify
      an input xml file that describes the credentials for one or more
      target nodes or the user may declare credentials and optionally a node
      name on the command line.

      If the user specifies a file name on the command line, the file must
      be an XML formatted file.	 The file format is documented in "XML
      format" below. The user may also specify the credential
      characteristics on the command line along with the node name.  If the
      node name is omitted, the default credentials are changed to the new
      credential characteristics.

      If the node name is included on the command line, mxnodesecurity first
      attempts to get the fully qualified name for the node.  If the fully
      qualified name is not available, the IP address is requested.  If an
      IP address is not available, the name supplied on the command line is
      used.  The mxnodesecurity application then searches for the node in
      the repository.  If the node exists, the credentials for that node are
      updated.	If the node is not found a new line item is added for the
      node with the credential characteristics.

      The mxnodesecurity remove option allows a user to delete a node
      credential.  Like the add option, the remove option allows the user to
      supply a file name with the credentials and node name for deletion.
      The remove option also allows the user to remove one credential at a
      time based on the node name or to remove all credentials of a
      specified protocol type.

      If the user types a protocol and a node name on the command line, the
      remove option will attempt to resolve the node name to its fully
      qualified name.  If the fully qualified name is unavailable, an
      attempt is made to find the IP address.  If the IP address can not be
      found, the name supplied on the command line is used.  Once the node
      name has been determined, the remove option scans the node security
      repository.  If the node name is located and the protocol exists in
      the repository, the credential is deleted.  If the node has no
      additional credentials, the node is deleted from the node security
      repository.

      If the user omits the node name during a remove operation, all
      credentials for the supplied protocol are removed from the node
      security repository.

      The mxnodesecurity list option allows a user to list credentials in
      the node security repository.  There are two options that the user may
      use to filter the output list. The user may supply a protocol or a
      node name.

      If the list option is used in conjunction with the protocol option,
      all nodes which have credentials of the specified protocol are listed.
      If the list option is used in conjunction with the node option, the
      node will be located and all of the credentials for that node,
      regardless of protocol, will be listed.  If both the node and protocol
      options are used together, the node will only be displayed if
      credentials for the specified protocol exist.

    Options
      mxnodesecurity recognizes the following options:

	   -a		  Indicates that credentials should be added or
			  modified in the  node security repository. Must be
			  used with the -f option or the 'fB-p and -c'
			  options.

	   -r		  Indicates that credentials should be removed from
			  the  node security repository. Must be used with
			  the -f option or the 'fB-p and -c' options.

	   -l		  Indicates that node security credentials should be
			  listed to the screen.	 Can be used with the -p
			  option or the 'fB-n' option.

	   -f filename	  Indicates that credentials to be added or removed
			  are specified in filename. The contents of this
			  file are described in "XML format", below.

	   -p protocol	  Used to specify a protocol such as WBEM or SNMP.
			  Credentials of the specified type will be
			  displayed to the screen.  This option is used in
			  conjunction with -a, -r and -l


	   -c username:password
			  Used to specify a credentials name and *password
			  (for example in WBEM) or the community read and
			  write names (for example in SNMP).  This option is
			  used in conjunction with -a

	   -n nodename	  Used to specify a node name.	This option is used
			  in conjunction with -a, -r and -l

    XML format
      The format used for an XML input file is defined by the following DTD:

	<?xml version="1.0" encoding="UTF-8" ?>

	<!-- The node-list element consists of zero or more node elements.
	-->
	<!ELEMENT node-list ( node* ) >

	<!-- The node element consists zero or more sw-attribute elements or
	     zero or more hw-attribute elements or a combination of both.
	-->
	<!ELEMENT node ( sw-attribute | hw-attribute )* >

	<!-- The node element has the following attributes: -->
	<!-- The name attribute specifies the node name and is optional. -->
	<!-- The host-name attribute specifies the host name and is
	optional.  -->
	<!-- The guid attribute specifies the node GUID and is optional. -->
	<!-- The node element has the following elements: -->
	<!ATTLIST node name	 CDATA	 #IMPLIED
		       host-name CDATA	 #IMPLIED
		       guid	 NMTOKEN #IMPLIED >

	<!-- The sw-attribute element specifies a list of software
	attributes
	     for a node. A software attribute is specified as a name/value
	     pair. In an sw-attribute element, the software attribute name
	     portion is specified using the element's attribute called
	"name",
	     and the software attribute value portion is specified as the
	     PCDATA of the element. -->
	<!ELEMENT sw-attribute (#PCDATA) >
	<!ATTLIST sw-attribute name CDATA #REQUIRED >

	<!-- The hw-attribute element specifies a list of hardware
	attributes
	     for a node. A hardware attribute is specified as a name/value
	     pair. In a hw-attribute element, the hardware attribute name
	     portion is specified using the element's attribute called
	"name",
	     and the hardware attribute value portion is specified as the
	     PCDATA of the element. -->
	<!ELEMENT hw-attribute (#PCDATA) >
	<!ATTLIST hw-attribute name CDATA #REQUIRED >

	<!-- The credential element specifies the credential for a specified
	protocol.
	     The credential element is empty and is specified with the
	defined attributes.
	     The protocol attribute is required and specifies the
	credentialed protocol,
	     such as wbem or snmp.
	     The user name attribute is optional and associates a user name
	with the protocol.
	     The *password attribute is optional and is associated with the
	user name -->
	 .br <!ELEMENT credential EMPTY >
	<!ATTLIST credential protocol CDATA #REQUIRED
			     username CDATA #IMPLIED
			     password CDATA #IMPLIED >


RETURN VALUE

      mxnodesecurity returns one of the following values:

	     0		  Successful completion.
	     1		  Command line syntax error.
	     2		  Error in a file operation or parsing a file.
	    21		  Invalid name.
	   250		  Remote exception.


EXAMPLES

      This command adds a WBEM credential to the node security repository
      for the node mycomputer.ak.hp.com.  The username and *password are
      defined uniquely for the mycomputer.ak.hp.com node.

	   mxnodesecurity -a -p wbem -c foo:foobar

      This command adds credentials to the node security repository based on
      the contents of /home/user1/defs/newcredentials.xml.

	   mxnodesecurity -a -f /home/user1/defs/newcredentials.xml

      This command removes all credentials in the node security repository
      of type WBEM.

	   mxnodesecurity -r -p wbem

      This command removes all wbem credentials for the node
      mycomputer.ak.hp.com.

	   mxnodesecurity -r -p wbem -n mycomputer.ak.hp.com

      This command removes credentials in the node security repository based
      on the contents of /home/user1/defs/newcredentials.xml.

	   mxnodesecurity -r -f

      This command displays the list of node names and credentials contained
      in the CMS node security repository.

	   mxnodesecurity -l

      This command displays a list of node names withe credentials of type
      WBEM.

	   mxnodesecurity -l -p wbem

      This command displays the WBEM credential(s) for the node
      mycomputer.ak.hp.com.

	   mxnodesecurity -l -p wbem -n mycomputer.ak.hp.com


LIMITATIONS

      This command may only be run on the CMS.	For an HP-UX or Linux CMS,
      this command can only be run by the root user.


FILE PROCESSING

      If CMS detects a formatting error while processing an input file, the
      CMS will not make any changes to the node security repository based on
      the input file. CMS will interrupt processing and issue an error
      message describing the formatting error.


AUTHOR

      mxnodesecurity was developed by the Hewlett-Packard Company.


SEE ALSO for HP-UX

      mxngroup(1M), mxauth(1M), mxuser(1M), mxinitconfig(1M), mxnode(1M).


SEE ALSO for Linux

      mxngroup(8), mxauth(8), mxuser(8), mxinitconfig(8), mxnode(8).

      * Note: Care must be taken when specifying passwords on the command-
      line. This makes them available in the command history, in the process
      list while executing, and in the audit log if executed as part of a
      task. Be sure to clear your command history, or use alternate methods
      for specifying passwords, e.g. prompt, input file.