Use the Security Equivalence Vector (SEV) Update commands in the NSS Console utility (nsscon) to enable or disable the update, to set the update interval from 5 minutes to 90 days (specified in seconds), and to force an immediate update of security equivalence vectors. Polling too frequently can impact performance. Polling too infrequently can cause delays in granting or restricting access to certain users. For more information about SEV, see Section 21.2, Configuring the Security Equivalence Vector Update Frequency.
Enables or disables SEV updates to occur in the background in addition to updates that occur when the system reboots. If it is disabled, SEV updates occur only at system reboots.
To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.
Default: On (enabled)
Examples
To enable background updating, enter
nss /SecurityEquivalenceUpdating
To disable background updating, enter
nss /NoSecurityEquivalenceUpdating
Enables or disables eDirectory user SEV updates to occur in the background. If it is disabled, SEV updates occur only at system reboots.
To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.
Default: On (enabled)
Examples
To enable eDirectory user background updating, enter
nss /eDirSecurityEquivalenceUpdating
To disable eDirectory user background updating, enter
nss /NoeDirSecurityEquivalenceUpdating
Enables or disables AD user SEV updates to occur in the background. If it is disabled, SEV updates occur only at system reboots.
To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.
Default: On (enabled)
Examples
To enable AD user background updating, enter
nss /ADSecurityEquivalenceUpdating
To disable AD user background updating, enter
nss /NoADSecurityEquivalenceUpdating
Enables SEV refresh only for those connections that are used within the default update interval. To get the default update interval, see the UpdateEdirSecurityEquivalenceInterval, UpdateADSecurityEquivalenceInterval, and UpdateSecurityEquivalenceInterval parameters.
To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.
Default: Off (disabled)
Examples
To enable optimized SEV refresh, enter
nss /OptimizeSEVRefresh
To disable optimized SEV refresh, enter
nss /NoOptimizeSEVRefresh
Sets the SEV update interval to the specified value in seconds. At the end of the elapsed time, NSS requires updated SEVs from eDirectory and AD.
To make it persistent, include the command in the /etc/opt/novell/nss/nssstart.cfg file.
Default: 7237 (2 hours 37 seconds)
Range: 300 (5 minutes) to 7776000 (90 days).
Sets the eDirectory SEV update interval to the specified value in seconds.
Default: 600 (10 minutes)
Range: 300 (5 minutes) to 7776000 (90 days).
Sets the AD SEV update interval to the specified value in seconds.
Default: 1800 (30 minutes)
Range: 300 (5 minutes) to 7776000 (90 days).
Forces the SEV update to occur immediately for all users in the NSS file system. Use this command if you modify a user’s access control settings in eDirectory and want those changes to be reflected immediately in the user’s active SEV for this server.
This command is invalid if used in the /etc/opt/novell/nss/nssstart.cfg file.
A unique abbreviation such as
nss /ForceS
also works.
Specifies the user type for ListConnections. The valid values are AD and Edir. This parameter is used only with ForceSecurityEquivalenceUpdate parameter.
Specifies the user FDN for force SEV update. This parameter is used only with ForceSecurityEquivalenceUpdate, ForceEdirSecurityEquivalenceUpdate, and ForceADSecurityEquivalenceUpdate parameters.
Forces the user security equivalence background updating to start immediately. Use this command if you modify a user’s access control settings in eDirectory and AD, and want those changes to be reflected immediately in the user’s active SEV for this server. You can update the SEV only for eDirectory or AD users using /UserType switch. Also, you can update the SEV for a single eDirectory or AD user using the /UserFDN switch.
Forces the user security equivalence update for eDirectory user. You can update a single eDirectory user using the /UserFDN switch.
Forces the user security equivalence update for AD user. You can update a single AD user using the /UserFDN switch.