admind(1M)
NAME
admind − Distributed system administration daemon
SYNOPSIS
admind [ −c categories ] [ −l [ log-file ] ] [ −n ] [ −O OW-pathname ]
[ −r RPC-program RPC-version ] [ −S security-level ] [ −t timeout ] [ −v ]
DESCRIPTION
admind is the server process for the distributed system administration services. This daemon accepts requests for the invocation of methods on distributed system administration objects. If the invocation request is valid and the client process is authorized to invoke the specified method for the object, admind executes the method’s runfile within a separate method process.
The admind daemon is configured to be started automatically by the inetd daemon whenever a request to invoke a method is received. The admind daemon process continues to run as long as active method requests are pending. The admind daemon may be started standalone from the command line, for example, at system boot time, in which case it continues to run even if there are no currently active requests.
System and network administration methods are located within the administration class hierarchy directories, which can be found in the /usr/snadm/classes directory. Should an alternate administration class directory location be required, its pathname is specified in the ADMINPATH environment variable, which the admind daemon reads when it first starts execution.
The admind daemon process can be configured to write tracing information into a log file by specifying the −l and −c command line options. The −l option enables logging and optionally specifies the path and file name of the log file. If no log file name is specified, the default log file /var/adm/admin.log is used. The −c option specifies a comma-separated list of tracing category names for which log messages will be written into the log file. Standard trace message categories that may be logged include:
System-Info Includes messages about when the admind daemon was started and stopped, and which class directory was used.
Requests Includes messages about which methods were invoked by the daemon and when.
Errors Includes messages about errors which occurred during the daemon and method process execution.
Class: classname
Includes messages about method requests for the specified class.
Method: methodname
Includes messages about requests for the specified method.
∗ Includes all possible log messages.
OPTIONS
The following command line options may be specified when starting the admind daemon:
−c categories Specify the set of trace message categories to be used in logging as a comma-separated list of category names.
−l [ logfile] Enable logging and optionally define the pathname to the distributed system administration log file.
−n Disable caching of class, method, and security information by the object manager in the admind daemon.
−O OW-pathname
Define the pathname to the Open Windows home directory which contains the appropriate shared libraries for the distributed system administration tools and methods. If this option is not specified, the admind daemon will use the Open Windows home directory defined in the OPENWINHOME environment variable, if defined; the home directory specified in the /etc/OPENWINHOME file, if it exists; or the default directory /usr/openwin. When the admind daemon is started by the inetd daemon, the environment variable OPENWINHOME is typically not defined. If the Open Windows home directory is not one of the pathnames specified (/usr/openwin or in the file /etc/OPENWINHOME), the −O option must be added to the admind entry in the inetd.conf(4) configuration file.
−r RPC-program RPC-version
Define an alternative RPC program and version number to be used for this execution of the admind daemon.
−S security-level
Define the level of security to be used by the admind daemon in checking a client’s right to execute a method on the server system. Security level defines the authentication mechanism used to provide and check a client’s identity, and determine whether authorization access control checking is done. Security level may be one of the following:
0 Disables both identity checking and access control checking under the client’s identity. All clients are set to the nobody identity. This level should be used only for testing.
1 Accepts client identities when both AUTH_SYS and AUTH_DES authentication mechanisms are being used. Checks that the client identity is authorized to execute the method. Since AUTH_SYS client credentials are easily forged, this level should be used only in relatively secure environments. This security level is the default.
2 Accepts client identities only when the AUTH_DES authentication mechanism is being used. Checks that the client identity is authorized to execute the method. This level provides the most secure environment for executing distributed administration methods. A publickey entry must exist for the host running the admind daemon and all administration client user identities.
−t timeout Define the maximum amount of time, in seconds, the admind daemon will take in validating a method invocation request. The default timeout value is 30 seconds.
−v Enable the writing of log messages to the system logger, syslogd. Messages logged include fatal errors encountered while attempting to start the admind daemon process and those specified by the −c trace message categories.
FILES
/var/adm/admin.log
distributed system administration default log file
SEE ALSO
admintool(1M), inetd(1M), sysidtool(1M)
SunOS 5.1 Routine System Administration Guide
SunOS 5.1 — Last change: 4 May 1992