Using the setuptrust command

Article:HOWTO70341  |  Created: 2012-02-07  |  Updated: 2013-03-01  |  Article URL http://www.symantec.com/docs/HOWTO70341
Article Type
How To


Environment

Subject


Using the setuptrust command

You can use the setuptrust command to contact the broker to be trusted, obtain its certificate or details over the wire, and add to the trust repository if the furnished details are trustworthy. The security administrator can configure one of the following levels of security for distributing root certificates:

  • High security (2): If a previously untrusted root is acquired from the peer (that is, if no certificate with the same signature exists in our trust store), the user will be prompted to verify the hash.

  • Medium security (1): The first authentication broker will be trusted without prompting. Any attempts to trust subsequent authentication brokers will cause the user to be prompted for a hash verification before the certificate is added to the trusted store.

  • Low security (0): The authentication broker certificate is always trusted without any prompting. The vssat CLI is located in the authentication service 'bin' directory.

The setuptrust command uses the following syntax:

vssat setuptrust --broker <host[:port]> --securitylevel high

The setuptrust command uses the following arguments:

The broker, host, and port arguments are first. The host and port of the broker to be trusted. The registered port for Authentication is 2821. If the broker has been configured with another port number, consult your security administrator for information.

See About using NetBackup Access Control (NBAC)

See Unifying NetBackup Management infrastructures with the setuptrust command


Legacy ID



v32446386_v71360082


Article URL http://www.symantec.com/docs/HOWTO70341


Terms of use for this information are found in Legal Notices