A.32 Security Equivalence Vector Update Commands

Use the Security Equivalence Vector (SEV) Update commands in the NSS Console utility (nsscon) to enable or disable the update, to set the update interval from 5 minutes to 90 days (specified in seconds), and to force an immediate update of security equivalence vectors. Polling too frequently can impact performance. Polling too infrequently can cause delays in granting or restricting access to certain users. For more information about SEV, see Section 20.2, Configuring the Security Equivalence Vector Update Frequency.

nss /(No)SecurityEquivalenceUpdating

Enables or disables SEV updates to occur in the background in addition to updates that occur when the system reboots. If it is disabled, SEV updates occur only at system reboots.

To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.

Default: On (enabled)

Examples

To enable background updating, enter

nss /SecurityEquivalenceUpdating

To disable background updating, enter

nss /NoSecurityEquivalenceUpdating
nss /UpdateSecurityEquivalenceInterval=value

Sets the SEV update interval to the specified value in seconds. At the end of the elapsed time, NSS requires updated SEVs from eDirectory.

To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.

Default: 7200 (2 hours)

Range: 300 (5 minutes) to 7776000 (90 days).

nss /ForceSecurityEquivalenceUpdate

Forces the SEV update to occur immediately for all users in the NSS file system. Use this command if you modify a user’s access control settings in eDirectory and want those changes to be reflected immediately in the user’s active SEV for this server.

This command is invalid if used in the /etc/opt/novell/nss/nssstart.cfg file.

A unique abbreviation such as

nss /ForceS 

also works.

ForceSecurityEquivalenceUpdate

Forces the user security equivalence background updating to start immediately. Use this command if you modify a user’s access control settings in eDirectory and want those changes to be reflected immediately in the user’s active SEV for this server.