MyWebUniversity.com Home Page
 



OpenSolaris man pages main menu 


System Administration Commands                          tnctl(1M)



NAME
     tnctl - configure Trusted Extensions network parameters

SYNOPSIS
     /usr/sbin/tnctl [-dfv] [-h host [/prefix] [:template]
          [-m zone:mlp:shared-mlp][-t template [:key=val [;key=val]
          [-HTz] file]


DESCRIPTION
     tnctl provides an interface to  manipulate  trusted  network
     parameters in the Solaris kernel.


     As part of Solaris Trusted Extensions initialization,  tnctl
     is  run in the global zone by an smf(5) script during system
     boot. The tnctl command is not intended to  be  used  during
     normal  system  administration.  Instead, if a local trusted
     networking database  file  is  modified  without  using  the
     Solaris  Management  Console, the administrator first issues
     tnchkdb(1M) to check the syntax, and then refreshes the ker-
     nel copy with this command:

       # svcadm restart svc:/network/tnctl




     See WARNINGS about the risks of  changing  remote  host  and
     template information on a running system.

OPTIONS
     -d

         Delete matching entries from the kernel. The default  is
         to add new entries.

         When deleting MLPs, the MLP range  must  match  exactly.
         MLPs are specified in the form:

           port[-port]/protocol


         Where port can be a number in the range 1 to  65535.  or
         any known service (see services(4)), and protocol can be
         a number in the range 1 to 255, or  any  known  protocol
         (see protocols(4)).


     -f

         Flush all kernel entries before loading the entries that



SunOS 5.11           Last change: 6 Mar 2008                    1






System Administration Commands                          tnctl(1M)



         are  specified  on  the command line. The flush does not
         take place unless at least  one  entry  parsed  success-
         fully.


     -v

         Turn on verbose mode.


     -h host[/prefix][:template]

         Update the kernel remote-host cache on  the  local  host
         for  the specified host or, if a template name is given,
         change the kernel's cache to use the specified template.
         If  prefix  is  not  specified,  then  an implied prefix
         length is determined according to  the  rules  used  for
         interpreting the tnrhdb. If -d is specified, then a tem-
         plate name cannot be specified.


     -m zone:mlp:shared-mlp

         Modify the kernel's multilevel port (MLP)  configuration
         cache for the specified zone. zone specifies the zone to
         be updated. mlp and shared-mlp specify the MLPs for  the
         zone-specific  and  shared  IP addresses. The shared-mlp
         field is effective in the global zone only.


     -t template[key=val[;key=val]

         Update the kernel template cache for template or,  if  a
         list  of  key=val  pairs  is  given, change the kernel's
         cache to use the specified entry. If  -d  is  specified,
         then key=val pairs cannot be specified.


     -T file

         Load all template entries in file into the kernel cache.


     -H file

         Load all remote host entries in  file  into  the  kernel
         cache.


     -z file

         Load just the global zone's  MLPs  from  file  into  the



SunOS 5.11           Last change: 6 Mar 2008                    2






System Administration Commands                          tnctl(1M)



         kernel  cache.  To  reload  MLPs  for a non-global zone,
         reboot the zone:

           # zoneadm -z non-global zone reboot




ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     
           ATRIBUTE TYPE               ATRIBUTE VALUE       
    
     Availability                 SUNWtsu                     
    
     Interface Stability          Uncommitted                 
    


FILES
     /etc/security/tsol/tnrhdb

         Trusted network remote-host database


     /etc/security/tsol/tnrhtp

         Trusted network remote-host templates


     /etc/security/tsol/tnzonecfg

         Trusted zone configuration database


     /etc/nsswitch.conf

         Configuration file for the name service switch


SEE ALSO
     svcs(1),  svcadm(1M),  tninfo(1M),   tnd(1M),   tnchkdb(1M),
     zoneadm(1M),  nsswitch.conf(4),  protocols(4),  services(4),
     attributes(5), smf(5)


     How to Synchronize Kernel Cache With  Network  Databases  in
     Solaris Trusted Extensions Administrator's Procedures



SunOS 5.11           Last change: 6 Mar 2008                    3






System Administration Commands                          tnctl(1M)



WARNINGS
     Changing a template while the network is up can  change  the
     security view of an undetermined number of hosts.

NOTES
     The functionality described on this manual page is available
     only if the system is configured with Trusted Extensions.


     The tnctl service  is  managed  by  the  service  management
     facility, smf(5), under the service identifier:

       svc:/network/tnctl




     The service's status can be queried by using svcs(1). Admin-
     istrative  actions  on  this service, such as refreshing the
     kernel cache, can be performed using svcadm(1M), as in:

       svcadm restart svc:/network/tnctl

































SunOS 5.11           Last change: 6 Mar 2008                    4
OpenSolaris man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™