About the nmasconfig Utility
Use this utility for login sequence management, login method management, and Simple Password management, apart from configuring and unconfiguring the NMAS server.
When this utility is used with arguments, it validates them and prompts for the password of the user who has administrative rights.
If the utilility is used without arguments, nmasconfig displays a description of the utility and available options.
Four modes of operation are available:
- config
- method
- sequence
- passwd
Only one of the modes of operation needs to be selected.
This section discusses the following topics:
Table 1. The nmasconfig Utility General Parameters
-t |
Refers to the name of the eDirectory tree on which NMAS has to be configured.This is an optional parameter. By default, this is taken from the tree name of the current server, read from nds.conf file. |
-h host name:[port] |
Refers to the hostname and, optionally, the eDirectory port. By default, this is taken from the hostname of the current server and the default eDirectory port |
Configuring the NMAS Server
The config mode of the nmasconfig utility lets you configure or remove the configuration of the NMAS server. To use this mode to configure the server, ensure that you have administrative rights.
Configuring the NMAS Server
To configure the NMAS server, enter the following command:
nmasconfig config [-t treename] [-h hostname[:port]] -c -a adminname
Table 2. The nmasconfig Utility Configure Parameters
-c |
Configures NMAS. |
-d |
Removes NMAS configuration. |
-a |
Refers to the fully distinguished name of the eDirectory administrator with supervisor rights to the security container. The fully distinguished name of the administrator should be specified in the typeless, dot-delimited form without the tree name. This parameter is required. |
Example:To configure NMAS in the tree ACME running on the same host, enter the following command.
nmasconfig config -t acme -c -a admin.company
Unconfiguring the NMAS Server
To remove the NMAS server configuration, enter the following command:
nmasconfig config [-t treename] [-h hostname[:port]] -d -a adminname
Example: To remove the configuration of NMAS in the tree ACME, enter the following command:
nmasconfig config -t acme -d -a admin.company
NOTE: For NMAS configuration or unconfiguration to take effect, restart the Novell eDirectory server.
Login Method Management
Use the method mode of the nmasconfig utility to install a new login method or upgrade an existing login method to the tree. It can also be used to remove an existing login method
Installing a New Login Method
To install a new login method or upgrade an existing login method to the tree, enter the following command:
nmasconfig method [general options] -i | -U -f path-to-config.txt -a admin_name
Table 3. The nmasconfig Utility Method Parameters
-i |
Installs a new method. This also creates a login sequence which contains only this login method. |
-u |
Upgrades NMAS configuration. |
-r |
Removes an existing method from the tree. This also removes the sequence with only this login method, created during this method install. |
-a |
Refers to the fully distinguished name of the eDirectory administrator with supervisor rights to the context in which the server object and Directory services are to be created. The fully distinguished name of the administrator should be specified in the typeless dot delimited form without the tree name. This parameter is required. |
-f |
Refers to the absolute or relative path, including the filename, to the config.txt file for the method that needs to be installed. This text file is located in the NMAS methods directory on the install CD. This is a required parameter if either the -i or -U options are specified. |
-m |
Refers to the name of the NMAS method object that needs to be removed from the tree. If there are spaces or special characters in the method object name, then the name should be within quotes (" ").This is a required parameter if the -r option is specified. |
Example:To install a new method to the tree running on the current server, enter the following command:
nmasconfig method -i -f ./SimplePassword/config.txt -a admin.company
Removing an Existing Login Method
To remove an existing login method, enter the following command:
nmasconfig method [general options] -r -m methodname -a admin_name
Example:To remove an existing login method from the tree running on the current server, enter the following command:
nmasconfig method -t ACME -r -m "X.509 Certificate" -a admin.company
IMPORTANT: You only need to specify one of these options: -i, -U, or -r.
Login Sequence Management
Use the sequence mode of the nmasconfig utility to manage the login sequence.
To manage the login sequence, enter the following command:
nmasconfig sequence [general options] -D user_name -a admin_name
Table 4. The nmasconfig Utility Sequence Parameters
-D |
Refers to the distinguished name of the user object for which sequence management is to be done.The user's distinguished name should be specified in the typeless, dot-delimited form without the tree name. This is a required parameter. |
-a |
Refers to the distinguished name of the user object with supervisor rights to the context in which the previously specified user object is to be modified.The admin DN should be specified in the typeless, dot-delimited form without the tree name. This is a required parameter. |
Example: To manage the authorized and default sequences of the user named user1 in tree ACME, enter the following command:
nmasconfig sequence -t ACME -D user1.finance.company -a admin.company
The sequence management option generates a menu of options.
Table 5. The Sequence Management Menu Options
(a) Authorize a method |
Authorizes a sequence present in the "Available Login Sequences" list. |
(b) Remove an authorized method |
Removes an existing authorized login sequence from the "Authorized Login Sequences" list. |
(c) Change default login sequence |
Sets the default login sequence for the user from the "Authorized Login Sequences" list. |
(d) Commit current changes and exit |
Commits the changes to eDirectory and exits the sequence management menu. |
(e) Quit without saving |
Quits the sequence management menu without saving the changes. |
Managing Simple Passwords
Use the passwd mode of nmasconfig utility to set simple passwords.
To set the simple password for a specified user in the tree, enter the following command:
nmasconfig passwd [general options] [-H hash_type] [-a admin_name] -D user_name
Table 6. The nmasconfig Utility Password Parameters
-H |
Refers to the hashing format in which the simple password for the user needs to be stored in eDirectory. The valid values are "sha," "md5," or "clear."By default, simple password hash type is "clear." |
-a |
Refers to the distinguished name of the user object with supervisor rights to the context in which the specified user object's simple password is to be modified. The administrator's fully distinguished name should be specified in the typeless, dot-delimited form without the tree name. |
-D |
Refers to the distinguished name of the user object for which simple password change is to be done. The user DN should be specified in the typeless, dot-delimited form without the tree name. This is a required parameter. |
Example 1:If you are an admin and are changing another user's simple password, enter the following command:
nmasconfig passwd -a admin.company -D user1.finance.company
Example 2:If you are modifying your own simple password, enter the following command:
nmasconfig passwd -D user1.finance.company
