Content-type: text/html Man page of NSR_PEER_INFORMATION


Section: File Formats (5)
Updated: Dec 11, 08
Index Return to Main Contents


NSR peer information - Resource containing NW instance information of peers  


type: NSR peer information  


The NSR peer information resource is used by NetWorker authentication daemon nsrexecd (see nsrexecd(8)). To edit the NSRpeerinformation resources run:

nsradmin -s host_name -p nsrexec -c "type:NSR peer information"


nsradmin -s host_name -p 390113 -v 1 -c "type:NSR peer information"

See nsradmin(1m) for information on using the NetWorker administration program.  


Resources of this type are populated/created by NetWorker. They are used to hold the identity and certificate of remote NetWorker installations that the local installation communicated with in the past. These resources are simular to known_hosts file used by ssh(1). Once a NetWorker installation (client, server, or storage node) communicates with a remote NetWorker install (client, server, or storage node), a NSR peer information resource will be created on each host and will contain information about the peer (i.e. identity and certificate). During this initial communication, each host will send information about itself to the peer. This information includes the NW instance name, NW instance ID, and the certificate. After this initial communication, each NetWorker install will use the registered peer certificate to validate future communications with that peer.

This resource is only used if the two machines (the local machine and the one described by the name attribute) are using GSS EMC v1 authentication.  


The following attributes are defined for resource type NSRpeerinformation The information in parentheses describes how the attribute values are accessed. Hidden means it is an attribute of interest only to programs or experts, and these attributes can only be seen when the hidden option is turned on in nsradmin(1m). Static attributes change values rarely, if ever. For example, an attribute marked (read-only, static) has a value which is set when the attribute is created and may never change. Not all attributes are available on all Operating Systems.

name (read-only, single string)
The name attribute specifies the NW instance name of a remote machine running NetWorker. This value is is a shorthand for the NW instance name of the remote machine. The value in this attribute should be entered where ever a NetWorker instance needs to be referred to. The value should be unique throughout the data zone.
NW instance ID (read-only, hidden, single string)
The NW instance ID. This value will be used to identify the remote NetWorker install whenever a NetWorker program needs to communicate with another NetWorker program. This value has a one to one correspondence with the NetWorker instance name. It should be unique throughout the data zone.
certificate (read-only, hidden, single string)
The certificate for the remote NetWorker installation. The certificate is used by the local NetWorker installations to validate the identity of the remote NetWorker install indicated by the name attribute in the current NSR peer information resource.
Change certificate (read-write, dynamic, choice)
This attribute is used to import or clear the certificate in the resource. Valid values are: Clear certificate and Load certificate from file.

If Clear certificate is selected, then NetWorker will clear the certificate entry in the current NSR peer information resource. This will cause the initial communication between the local install and the peer described by the name attribute to reoccur on the next connection between the two hosts. Setting Change certificate to Clear certificate has the same effect as deleting the resource instance.

Setting Change certificate to Load certificate from file, causes NetWorker to attempt to load the peer certificate located in the file specified by the certificate file to load attribute.

This field will be reset to blank after NetWorker uses the value.

certificate file to load (read-write, dynamic, single string)
This field is used to specify a file name where NetWorker should load the peer certificate from when the Change certificate attribute is set to Load certificate from file. The file is expected to contain a certificate in PEM format. This field will be reset to blank after NetWorker uses the value.
administrator (read-write, list of strings)
The administrator list contains users and user netgroups that are allowed to add, delete, and update the NSR peer information resources. The default value for this field is the value of the administrator attribute in the NSRLA field at the time of creation of the first NSR peer information resource. The value of the administrator field is the same for all NSR peer information resource instances. When the administrator is changed for one instance of the NSR peer information, it will get changed for all instances. Each line specifies a user or a group of users, using one of these formats: user/[email protected] , group/[email protected] , [email protected] , [email protected] , [email protected] , [email protected] , &netgroup (only available on platforms that support netgroups) , user_attribute=value[, ...].

where user is a user name; host is a host name; group is a user group name; domain is a domain name; user_attribute can be user, group, host, nwinstname, nwinstancename, domain, or domaintype (type of the domain, NIS or WINDOMAIN).

The user attributes: nwinstname and nwinstancename are used to indicate a NetWorker instance name. The value that should be entered for either of these attributes is the value in the "name" field in the NSRLA resource for the machine where a matched user is connecting from.

value can be any string delimited by white space. If the value has space in it, then it can be quoted with double quotes. The value may contain wild cards, "*". Entering just a user name allows that user to administer NetWorker from any host (equivalent to user@* or */user or user=user). Netgroup names are always preceded by an "&".

The format: user_attribute=value[, ...] is more secure because the format is not overloaded. For example, if [email protected] is entered, then any users in the test group or users named test and that are in the domain; or from the host; will match this entry.



nsradmin(1m), nsrexecd(8), nsr_la(5).




This document was created by man2html, using the manual pages.
Time: 02:39:47 GMT, October 02, 2010