FEDFS-GET-LIMITED-NSDB-PARAMS(8) System Manager's Manual FEDFS-GET-LIMITED-NSDB-PARAMS(8)
NAME
fedfs-get-limited-nsdb-params - send a FEDFS_GET_LIMITED_NSDB_PARAMS ADMIN protocol request
SYNOPSIS
fedfs-get-limited-nsdb-params [-?d] [-n nettype] [-h hostname] [-l nsdbname] [-r nsdbport] [-s security]
INTRODUCTION
RFC 5716 introduces the Federated File System (FedFS, for short). FedFS is an extensible standardized mechanism by which system adminis-
trators construct a coherent namespace across multiple file servers using file system referrals. For further details, see fedfs(7).
FedFS-enabled file servers allow remote administrative access via an authenticated RPC protocol known as the FedFS ADMIN protocol. Using
this protocol, FedFS administrators manage FedFS junctions and NSDB connection parameter information on remote FedFS-enabled file servers.
DESCRIPTION
The fedfs-get-limited-nsdb-params(8) command is part of a collection of low-level single-use programs that is intended for testing the
FedFS ADMIN protocol or for use in scripts. It sends a single FEDFS_GET_LIMITED_NSDB_PARAMS request to a remote FedFS ADMIN protocol ser-
vice. It is similar to the fedfs-get-nsdb-params(8) command, but cannot retrieve an X.509 certificate.
The FEDFS_GET_LIMITED_NSDB_PARAMS request retrieves NSDB connection parameter information stored on a remote server. For more on the spec-
ification and use of NSDB connection parameters, see nsdbparams(8) or fedfs(7).
An NSDB hostname and port number (see below) are are used as the primary key to identify an entry in the remote server's NSDB connection
parameter database. The NSDB connection parameter database matches NSDB hostnames and ports by exact value. In other words, if two unique
hostnames point to the IP address of the same physical NSDB, they are still considered separate entries in the local NSDB connection param-
eter database.
OPTIONS
-d, --debug
Enables debugging messages during operation.
-?, --help
Displays fedfs-get-limited-nsdb-params(8) version information and a usage message on stderr.
-h, --hostname=hostname
Specifies the hostname of a remote FedFS ADMIN service. If this option is not specified, the default value is localhost.
-n, --nettype=nettype
Specifies the transport to use when contacting the remote FedFS ADMIN service. Typically the nettype is one of tcp or udp. If this
option is not specified, the default value is netpath. See rpc(3t) for details.
-l, --nsdbname=NSDB-hostname
Specifies the hostname of the NSDB to insert into the new FedFS junction. If this option is not specified, the value of the
FEDFS_NSDB_HOST environment variable is consulted. If the variable is not set and the --nsdbname option is not specified, the
fedfs-get-limited-nsdb-params(8) command fails.
-r, --nsdbport=NSDB-port
Specifies the IP port of the NSDB to insert into the new FedFS junction. If this option is not specified, the value of the
FEDFS_NSDB_PORT environment variable is consulted. The default value if the variable is not set is 389.
-s, --security=flavor
Specifies the security flavor to use when contacting the remote FedFS ADMIN service. Valid flavors are sys, unix, krb5, krb5i, and
krb5p. If this option is not specified, the unix flavor is used. See the SECURITY section of this man page for details.
EXAMPLES
Suppose you are the FedFS administrator of the example.net FedFS domain and that your domain's NSDB hostname is nsdb.example.net. If the
file server fs.example.net already knows about your domain's NSDB, you can query it with:
$ fedfs-get-limited-nsdb-params -h fs.example.net -l nsdb.example.net
Call completed successfully
ConnectionSec: FEDFS_SEC_NONE
The remote server knows about nsdb.example.net and does not use TLS when querying it to resolve junctions.
SECURITY
By default, or if the sys and unix flavors are specified with the --security=flavor option, the fedfs-create-junction(8) command uses
AUTH_SYS security for the Remote Procedure Call. AUTH_SYS has known weaknesses and should be avoided on untrusted networks.
The RPC client uses the Kerberos v5 GSS mechanism if a Kerberos security flavor is specified. When specifying a Kerberos security flavor,
the user must first obtain a valid Kerberos ticket using kinit(1) before running fedfs-create-junction(8).
The AUTH_NONE security flavor is no longer supported by this implementation.
SEE ALSO
fedfs(7), rpc.fedfsd(8), fedfs-get-nsdb-params(8), nsdbparams(8), kinit(1), rpc(3t)
RFC 5716 for FedFS requirements and overview
COLOPHON
This page is part of the fedfs-utils package. A description of the project and information about reporting bugs can be found at
http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
AUTHOR
Chuck Lever <chuck.lever@oracle.com>
3 February 2014 FEDFS-GET-LIMITED-NSDB-PARAMS(8)