NSR_LA(5)NSR_LA(5)NAME
NSR peer information - Resource containing NW instance information of
peers
SYNOPSIS
type: NSR peer information
DESCRIPTION
The NSR peer information resource is used by NetWorker authentication
daemon nsrexecd (see nsrexecd(8)). To edit the NSRpeerinformation
resources run:
nsradmin -s host_name -p nsrexec -c "type:NSR peer information"
or
nsradmin -s host_name -p 390113 -v 1 -c "type:NSR peer informa‐
tion"
See nsradmin(1m) for information on using the NetWorker administration
program.
DESCRIPTION
Resources of this type are populated/created by NetWorker. They are
used to hold the identity and certificate of remote NetWorker installa‐
tions that the local installation communicated with in the past. These
resources are simular to known_hosts file used by ssh(1). Once a Net‐
Worker installation (client, server, or storage node) communicates with
a remote NetWorker install (client, server, or storage node), a NSR
peer information resource will be created on each host and will contain
information about the peer (i.e. identity and certificate). During
this initial communication, each host will send information about
itself to the peer. This information includes the NW instance name, NW
instance ID, and the certificate. After this initial communication,
each NetWorker install will use the registered peer certificate to val‐
idate future communications with that peer.
This resource is only used if the two machines (the local machine and
the one described by the name attribute) are using GSS EMC v1 authenti‐
cation.
ATTRIBUTES
The following attributes are defined for resource type NSRpeerinforma‐
tion The information in parentheses describes how the attribute values
are accessed. Hidden means it is an attribute of interest only to pro‐
grams or experts, and these attributes can only be seen when the hidden
option is turned on in nsradmin(1m). Static attributes change values
rarely, if ever. For example, an attribute marked (read-only, static)
has a value which is set when the attribute is created and may never
change. Not all attributes are available on all Operating Systems.
name (read-only, single string)
The name attribute specifies the NW instance name of a remote
machine running NetWorker. This value is is a shorthand for the
NW instance name of the remote machine. The value in this
attribute should be entered where ever a NetWorker instance
needs to be referred to. The value should be unique throughout
the data zone.
NW instance ID (read-only, hidden, single string)
The NW instance ID. This value will be used to identify the
remote NetWorker install whenever a NetWorker program needs to
communicate with another NetWorker program. This value has a
one to one correspondence with the NetWorker instance name. It
should be unique throughout the data zone.
certificate (read-only, hidden, single string)
The certificate for the remote NetWorker installation. The cer‐
tificate is used by the local NetWorker installations to vali‐
date the identity of the remote NetWorker install indicated by
the name attribute in the current NSR peer information resource.
Change certificate (read-write, dynamic, choice)
This attribute is used to import or clear the certificate in the
resource. Valid values are: Clear certificate and Load certifi‐
cate from file.
If Clear certificate is selected, then NetWorker will clear the
certificate entry in the current NSR peer information resource.
This will cause the initial communication between the local
install and the peer described by the name attribute to reoccur
on the next connection between the two hosts. Setting Change
certificate to Clear certificate has the same effect as deleting
the resource instance.
Setting Change certificate to Load certificate from file, causes
NetWorker to attempt to load the peer certificate located in the
file specified by the certificate file to load attribute.
This field will be reset to blank after NetWorker uses the
value.
certificate file to load (read-write, dynamic, single string)
This field is used to specify a file name where NetWorker should
load the peer certificate from when the Change certificate
attribute is set to Load certificate from file. The file is
expected to contain a certificate in PEM format. This field
will be reset to blank after NetWorker uses the value.
administrator (read-write, list of strings)
The administrator list contains users and user netgroups that
are allowed to add, delete, and update the NSR peer information
resources. The default value for this field is the value of the
administrator attribute in the NSRLA field at the time of cre‐
ation of the first NSR peer information resource. The value of
the administrator field is the same for all NSR peer information
resource instances. When the administrator is changed for one
instance of the NSR peer information, it will get changed for
all instances. Each line specifies a user or a group of users,
using one of these formats: user/host@domain , group/host@domain
, user@host , user@domain , group@host , group@domain , &net‐
group (only available on platforms that support netgroups) ,
user_attribute=value[, ...].
where user is a user name; host is a host name; group is a user
group name; domain is a domain name; user_attribute can be user,
group, host, nwinstname, nwinstancename, domain, or domaintype
(type of the domain, NIS or WINDOMAIN).
The user attributes: nwinstname and nwinstancename are used to
indicate a NetWorker instance name. The value that should be
entered for either of these attributes is the value in the
"name" field in the NSRLA resource for the machine where a
matched user is connecting from.
value can be any string delimited by white space. If the value
has space in it, then it can be quoted with double quotes. The
value may contain wild cards, "*". Entering just a user name
allows that user to administer NetWorker from any host (equiva‐
lent to user@* or */user or user=user). Netgroup names are
always preceded by an "&".
The format: user_attribute=value[, ...] is more secure because
the format is not overloaded. For example, if test@test.acme.com
is entered, then any users in the test group or users named test
and that are in the domain; test.acme.com or from the host;
test.acme.com will match this entry.
SEE ALSO
nsradmin(1m), nsrexecd(8), nsr_la(5).
NetWorker 7.3.2 Aug 23, 06 NSR_LA(5)