NAME
mxnodesecurity - add, list, or remove node credentials in Systems
Insight Manager
SYNOPSIS
mxnodesecurity -a -p protocol -c username:password [-n nodename ]
mxnodesecurity -a -f filename
mxnodesecurity -r -p protocol [-n nodename ]
mxnodesecurity -r -f filename
mxnodesecurity -l [-p protocol ] [-n nodename ]
mxnodesecurity
DESCRIPTION
The mxnodesecurity command allows a Systems Insight Manager Central
Management Server (CMS) user to add, list, or remove credentials in
the CMS. Command line requests are logged in the nodesecurity.xml
repository located at /var/opt/mx/config. This file only allows
privileged user access.
The mxnodesecurity add option allows a user to add a node credential.
The add option may be used in one of two ways. The user may specify
an input xml file that describes the credentials for one or more
target nodes or the user may declare credentials and optionally a node
name on the command line.
If the user specifies a file name on the command line, the file must
be an XML formatted file. The file format is documented in "XML
format" below. The user may also specify the credential
characteristics on the command line along with the node name. If the
node name is omitted, the default credentials are changed to the new
credential characteristics.
If the node name is included on the command line, mxnodesecurity first
attempts to get the fully qualified name for the node. If the fully
qualified name is not available, the IP address is requested. If an
IP address is not available, the name supplied on the command line is
used. The mxnodesecurity application then searches for the node in
the repository. If the node exists, the credentials for that node are
updated. If the node is not found a new line item is added for the
node with the credential characteristics.
The mxnodesecurity remove option allows a user to delete a node
credential. Like the add option, the remove option allows the user to
supply a file name with the credentials and node name for deletion.
The remove option also allows the user to remove one credential at a
time based on the node name or to remove all credentials of a
specified protocol type.
If the user types a protocol and a node name on the command line, the
remove option will attempt to resolve the node name to its fully
qualified name. If the fully qualified name is unavailable, an
attempt is made to find the IP address. If the IP address can not be
found, the name supplied on the command line is used. Once the node
name has been determined, the remove option scans the node security
repository. If the node name is located and the protocol exists in
the repository, the credential is deleted. If the node has no
additional credentials, the node is deleted from the node security
repository.
If the user omits the node name during a remove operation, all
credentials for the supplied protocol are removed from the node
security repository.
The mxnodesecurity list option allows a user to list credentials in
the node security repository. There are two options that the user may
use to filter the output list. The user may supply a protocol or a
node name.
If the list option is used in conjunction with the protocol option,
all nodes which have credentials of the specified protocol are listed.
If the list option is used in conjunction with the node option, the
node will be located and all of the credentials for that node,
regardless of protocol, will be listed. If both the node and protocol
options are used together, the node will only be displayed if
credentials for the specified protocol exist.
Options
mxnodesecurity recognizes the following options:
-a Indicates that credentials should be added or
modified in the node security repository. Must be
used with the -f option or the 'fB-p and -c'
options.
-r Indicates that credentials should be removed from
the node security repository. Must be used with
the -f option or the 'fB-p and -c' options.
-l Indicates that node security credentials should be
listed to the screen. Can be used with the -p
option or the 'fB-n' option.
-f filename Indicates that credentials to be added or removed
are specified in filename. The contents of this
file are described in "XML format", below.
-p protocol Used to specify a protocol such as WBEM or SNMP.
Credentials of the specified type will be
displayed to the screen. This option is used in
conjunction with -a, -r and -l
-c username:password
Used to specify a credentials name and *password
(for example in WBEM) or the community read and
write names (for example in SNMP). This option is
used in conjunction with -a
-n nodename Used to specify a node name. This option is used
in conjunction with -a, -r and -l
XML format
The format used for an XML input file is defined by the following DTD:
<?xml version="1.0" encoding="UTF-8" ?>
<!-- The node-list element consists of zero or more node elements.
-->
<!ELEMENT node-list ( node* ) >
<!-- The node element consists zero or more sw-attribute elements or
zero or more hw-attribute elements or a combination of both.
-->
<!ELEMENT node ( sw-attribute | hw-attribute )* >
<!-- The node element has the following attributes: -->
<!-- The name attribute specifies the node name and is optional. -->
<!-- The host-name attribute specifies the host name and is
optional. -->
<!-- The guid attribute specifies the node GUID and is optional. -->
<!-- The node element has the following elements: -->
<!ATTLIST node name CDATA #IMPLIED
host-name CDATA #IMPLIED
guid NMTOKEN #IMPLIED >
<!-- The sw-attribute element specifies a list of software
attributes
for a node. A software attribute is specified as a name/value
pair. In an sw-attribute element, the software attribute name
portion is specified using the element's attribute called
"name",
and the software attribute value portion is specified as the
PCDATA of the element. -->
<!ELEMENT sw-attribute (#PCDATA) >
<!ATTLIST sw-attribute name CDATA #REQUIRED >
<!-- The hw-attribute element specifies a list of hardware
attributes
for a node. A hardware attribute is specified as a name/value
pair. In a hw-attribute element, the hardware attribute name
portion is specified using the element's attribute called
"name",
and the hardware attribute value portion is specified as the
PCDATA of the element. -->
<!ELEMENT hw-attribute (#PCDATA) >
<!ATTLIST hw-attribute name CDATA #REQUIRED >
<!-- The credential element specifies the credential for a specified
protocol.
The credential element is empty and is specified with the
defined attributes.
The protocol attribute is required and specifies the
credentialed protocol,
such as wbem or snmp.
The user name attribute is optional and associates a user name
with the protocol.
The *password attribute is optional and is associated with the
user name -->
.br <!ELEMENT credential EMPTY >
<!ATTLIST credential protocol CDATA #REQUIRED
username CDATA #IMPLIED
password CDATA #IMPLIED >
RETURN VALUE
mxnodesecurity returns one of the following values:
0 Successful completion.
1 Command line syntax error.
2 Error in a file operation or parsing a file.
21 Invalid name.
250 Remote exception.
EXAMPLES
This command adds a WBEM credential to the node security repository
for the node mycomputer.ak.hp.com. The username and *password are
defined uniquely for the mycomputer.ak.hp.com node.
mxnodesecurity -a -p wbem -c foo:foobar
This command adds credentials to the node security repository based on
the contents of /home/user1/defs/newcredentials.xml.
mxnodesecurity -a -f /home/user1/defs/newcredentials.xml
This command removes all credentials in the node security repository
of type WBEM.
mxnodesecurity -r -p wbem
This command removes all wbem credentials for the node
mycomputer.ak.hp.com.
mxnodesecurity -r -p wbem -n mycomputer.ak.hp.com
This command removes credentials in the node security repository based
on the contents of /home/user1/defs/newcredentials.xml.
mxnodesecurity -r -f
This command displays the list of node names and credentials contained
in the CMS node security repository.
mxnodesecurity -l
This command displays a list of node names withe credentials of type
WBEM.
mxnodesecurity -l -p wbem
This command displays the WBEM credential(s) for the node
mycomputer.ak.hp.com.
mxnodesecurity -l -p wbem -n mycomputer.ak.hp.com
LIMITATIONS
This command may only be run on the CMS. For an HP-UX or Linux CMS,
this command can only be run by the root user.
FILE PROCESSING
If CMS detects a formatting error while processing an input file, the
CMS will not make any changes to the node security repository based on
the input file. CMS will interrupt processing and issue an error
message describing the formatting error.
AUTHOR
mxnodesecurity was developed by the Hewlett-Packard Company.
SEE ALSO for HP-UX
mxngroup(1M), mxauth(1M), mxuser(1M), mxinitconfig(1M), mxnode(1M).
SEE ALSO for Linux
mxngroup(8), mxauth(8), mxuser(8), mxinitconfig(8), mxnode(8).
* Note: Care must be taken when specifying passwords on the command-
line. This makes them available in the command history, in the process
list while executing, and in the audit log if executed as part of a
task. Be sure to clear your command history, or use alternate methods
for specifying passwords, e.g. prompt, input file.