Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   20652 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

tnctl(1M)		System Administration Commands		     tnctl(1M)

NAME
       tnctl - configure Trusted Extensions network parameters

SYNOPSIS
       /usr/sbin/tnctl [-dfv] [-h host [/prefix] [:template]]
	   [-m zone:mlp:shared-mlp][-t template [:key=val [;key=val]]]
	   [-HTz] file]

DESCRIPTION
       tnctl provides an interface to manipulate trusted network parameters in
       the Solaris kernel.

       As part of Solaris Trusted Extensions initialization, tnctl is  run  in
       the  global zone by an smf(5) script during system boot. The tnctl com‐
       mand is not intended to be used during  normal  system  administration.
       Instead,	 if a local trusted networking database file is modified with‐
       out using the  Solaris  Management  Console,  the  administrator	 first
       issues  tnchkdb(1M)  to check the syntax, and then refreshes the kernel
       copy with this command:

	 # svcadm restart svc:/network/tnctl

       See WARNINGS about the risks  of	 changing  remote  host	 and  template
       information on a running system.

OPTIONS
       -d

	   Delete  matching entries from the kernel. The default is to add new
	   entries.

	   When deleting MLPs, the MLP range  must  match  exactly.  MLPs  are
	   specified in the form:

	     port[-port]/protocol

	   Where  port	can  be a number in the range 1 to 65535. or any known
	   service (see services(4)), and protocol can	be  a  number  in  the
	   range 1 to 255, or any known protocol (see protocols(4)).

       -f

	   Flush all kernel entries before loading the entries that are speci‐
	   fied on the command line. The flush does not take place  unless  at
	   least one entry parsed successfully.

       -v

	   Turn on verbose mode.

       -h host[/prefix][:template]

	   Update the kernel remote-host cache on the local host for the spec‐
	   ified host or, if a template name is	 given,	 change	 the  kernel's
	   cache  to  use  the specified template. If prefix is not specified,
	   then an implied prefix length is determined according to the	 rules
	   used	 for  interpreting the tnrhdb. If -d is specified, then a tem‐
	   plate name cannot be specified.

       -m zone:mlp:shared-mlp

	   Modify the kernel's multilevel port (MLP) configuration  cache  for
	   the	specified zone. zone specifies the zone to be updated. mlp and
	   shared-mlp specify the MLPs for the	zone-specific  and  shared  IP
	   addresses.  The  shared-mlp	field  is effective in the global zone
	   only.

       -t template[key=val[;key=val]]

	   Update the kernel template cache for template  or,  if  a  list  of
	   key=val pairs is given, change the kernel's cache to use the speci‐
	   fied entry. If -d is specified, then key=val pairs cannot be speci‐
	   fied.

       -T file

	   Load all template entries in file into the kernel cache.

       -H file

	   Load all remote host entries in file into the kernel cache.

       -z file

	   Load	 just  the global zone's MLPs from file into the kernel cache.
	   To reload MLPs for a non-global zone, reboot the zone:

	     # zoneadm -z non-global zone reboot

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWtsu			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Uncommitted		   │
       └─────────────────────────────┴─────────────────────────────┘

FILES
       /etc/security/tsol/tnrhdb

	   Trusted network remote-host database

       /etc/security/tsol/tnrhtp

	   Trusted network remote-host templates

       /etc/security/tsol/tnzonecfg

	   Trusted zone configuration database

       /etc/nsswitch.conf

	   Configuration file for the name service switch

SEE ALSO
       svcs(1), svcadm(1M),  tninfo(1M),  tnd(1M),  tnchkdb(1M),  zoneadm(1M),
       nsswitch.conf(4), protocols(4), services(4), attributes(5), smf(5)

       How  to	Synchronize  Kernel  Cache  With  Network Databases in Solaris
       Trusted Extensions Administrator's Procedures

WARNINGS
       Changing a template while the network is up  can	 change	 the  security
       view of an undetermined number of hosts.

NOTES
       The  functionality  described  on this manual page is available only if
       the system is configured with Trusted Extensions.

       The tnctl service  is  managed  by  the	service	 management  facility,
       smf(5), under the service identifier:

	 svc:/network/tnctl

       The  service's  status  can be queried by using svcs(1). Administrative
       actions on this service, such as refreshing the kernel  cache,  can  be
       performed using svcadm(1M), as in:

	 svcadm refresh svc:/network/tnctl

SunOS 5.10			  5 Dec 2007			     tnctl(1M)

Vote for polarhome