NAME

hostadm - maintain BoKS host database table

SYNOPSIS

Register a new host entry:
hostadm -a -h hostname {-i primary-address | -b hostid} [-c comment] [-p homedir] [-f filehost:
path] [-t type] [-j xroleset] [{-A|-D} flag] [-y prereg_type] [-V]
Modify an existing host entry:
hostadm [-a|-m] -h hostname [-i secondary-address | -b hostid] [-c comment] [-p homedir]
[-f filehost: path] [-t type] [-j xroleset |-J] [{-A|-D} flag] [-V]
hostadm -h hostname -i old-address -I new-address
hostadm -h hostname -I new-primary-address
hostadm -b hostid -I new-address
hostadm -h old_name -n new_name [-V]
Delete a host entry or remove an IP address:
hostadm -d {-h hostname | -i address | -b hostid}
List and report host attributes or hostgroup membership:
hostadm -l [-{B|F|H|L|P|S|T|Y}] [-t type] [-h hostname]
hostadm -g -h hostname
Check parent home directory attribute for host or hostgroup:
hostadm -k -h host- or hostgroup
Set default domain name (global value):
hostadm -M domain-name

DESCRIPTION

hostadm is used to maintain the BoKS host database. Options exist to add, modify, delete, list and verify
host data.
All hosts with BoKS installed must be registered in the database and have a nodekey password assigned.
The same nodkey must also be registed on the BoKS host itself. See hostkey(1).
Hosts without BoKS can be registered as of type NONBOKSHOST. All registered hosts are regarded
trusted and will be authorized as valid from-hosts when evaluating access routes without the ANY/ prefix in
the from-field.
Hosts registered as BoKS Agent hosts have a BoKS Agent installed but is not capable of receiving native
operating system user database updates as well as lacks home directory management capabilities.
Other host types are supported (see the -t option below).
A host can have multiple addresses assigned in BoKS. The initial address registered is refered to as the primary
address of the host and is used by the BoKS Master when communicating with the host.

OPTIONS

-a

Add or modify the entry for the host whose name is specified by the -h option. If the host already
exists in the database, the existing entry will be modified. If the -p and/or -f options are present,
their arguments will be used to define home directory and physical home directory respectively.
-b hostid
Specifies a unique host ID string associated with the host. A hostid may be used to identify hosts
that are located behind firewalls that do Network Address Translation (NAT) and the real address
is not available.
Normally a host must have at least one Internet (IP) address registered in BoKS, but a BoKS Desktop
host may instead have a hostid. For MS Windows Workstations the hostid should be the SID
(Security Identifier) string. For a BoKS Desktop host to be able to use host setting download a
hostid should be assigned to the Desktop host. See settingadm (1).
Unix- and Linux BoKS hosts may also have a host ID registered together with, or instead of an IP
address. Having a host ID for a Unix BoKS Host means that the host is enabled for dynamic IP
(DHCP) support, in which case the dynip flag must be set as well. The hostid must in this case
start with a percentage (’%’) character.

-c comment
An optional free text comment (up to 128 characters) may be entered using this option.

-d Used with options -b, -i and -h only.
hostadm -d -h hostname
Remove the host entry indicated by the -h option from the BoKS database.
hostadm -d -i address
Remove address from the database.
hostadm -d -b hostid
Will remove hostid from the database.
If removal with options -i or -b would result in a host entry with neither IP address nor host ID the
operation is refused. Option -h will however delete the host entry unconditionally.

-f filehost:path
Specifies the hostname and path to the directory on the fileserver where the home directory prefix
for host is mounted. I.e. where home directory management should take place. The filehost file
server must have BoKS installed and running. If filehost:path is an empty string, this attribute
will be removed. See also option -p below and mkhome(1) .

-g
List all the hostgroups this host is a member of. (Even those where it is included because of a
wildcard member).

-h hostname
Specifies the name of the host to be listed, added, modified or deleted from the BoKS database.
When registering a new host entry an IP address or a hostid must be supplied.
Valid characters in hostnames when registering new hosts are letters from the ASCII character set
(A-Z,a-z), digits (0-9), period (.), hyphen (-) or underscore (_). A hostname can not start or end
with period, hyphen or underscore. Although upper case letters are allowed in hostnames Fox
Technologies recommends using only lower case letters and reserving upper case letters for hostgroup
names, see hgrpadm(1).

-i address
Specifies a primary IP address for a host when registering a new host entry (with options -a and
-h). Can also be used to register a secondary address (option -h). The address must be unique
(not already registered for another host).
Use -i with option -d to remove an address from a host entry and with option -I to change an
already registered address.
See also option -I that can be used to reset primary address.

-j xroleset
Use the specified xRole Set for the host.
-J
Remove any xRole Set from host entry in database.

-k
Check that the home directory-prefix attribute exists for all hosts in the hostgroup named with the
-h option. Exit status will be 1 if the homeprefix is missing for any of the hosts in the hostgroup.

-l
List contents of the host database to standard output. For each host the name, the address, the
optional comment, home directory, physical home directory (i.e. directory on fileserver), type and
applicable flag values set will be printed. Use with option -S or -C to get a condensed listing. Can
be used with options -h and -t to limit the output to a certain host or type of hosts.

-m
Optional flag when modifying parameters or assigning secondary addresses to an existing host
entry. (Obsolete but maintained for backward compatibility).

-n new_name
Rename a host to new_name. Use only with the -h old_name option and optionally the -V option
to skip checks for overlapping accounts. See Rename Operation section in NOTES below for a
detailed description.

-p homedir
Specifies the name of the directory where the users home directories are located, aka the parent
home or home directory prefix. Used in conjunction with relative home directory assignment to
users in BoKS. If homedir is an empty string, the home directory prefix will be removed from the
host entry. See also option -f.

-t type
Specifies the type of the host. The type argument used with the -t option can be referred to as a
compound type in that it has the effect of also setting flag values for some types. Flag values may
be controlled independently with the -A and -D options. Valid type arguments are:
AGENTHOST
Host running a BoKS Agent (as opposed to a BoKS Server Agent). Used for access control
and single sign-on to various third party applications. Implies the nopswupdate and
flags.
DTHOST
Host running BoKS Desktop. A DTHOST may be created without an IP address provided
that a hostid is assigned. Other host types must always have at least one IP address
assigned. Implies the nopswupdate flag.
DYNIPCLIENT
BoKS Unix- or Linux host with dynamic IP address. Implies the dynip flag.
NONBOKSHOST
Host without BoKS or a BoKS host in another domain. Aka Other host. Implies the nopswupdate
flag.
REPLICA
BoKS Manager Replica server. Has a copy of the BoKS database and may serve authentication
and authorization requests from BoKS Agents, Server Agents and Desktops. This
type is also used for the BoKS Master.
UNIXBOKSHOST
Unix or Linux host with BoKS installed. Aka BoKS Client or BoKS Server Agent.
WINBOKSCLIENT
MS Windows Server host with BoKS Client for Windows installed.
The default type when registering new host entries (option -a) is UNIXBOKSHOST.

-y prereg_type
This is for internal use to register the host to be of pre-registration type prereg_type. Can only be
used when adding a host.

-A|D flag
Specifies if flag should be enabled (-A) or disabled (-D). Multiple -A and -D options are allowed.
Valid flag values are:
nopswupdate
The password and group files should not be updated on this host.
noclntd
The host has no client daemon.
rolesettest
The host is used for RBAC Role Set testing, so the Role Sets installed on the host should
not be overwritten by BoKS.
dynip
The host uses dynamic IP addresses. A hostid needs to be set as well. See option -b.
udatacheck
Enable user attribute checking on login to the host. User attribute checking can also be
enabled globally, see bksdef(1).
Note that user attribute checking must also be enabled for the login user account to take
effect, see mkbks(1) and modbks(1).

-I new_address
Used with options -h, -i and -b only. The possible combinations are:
hostadm -h hostname -i old-address -I new-address
Will change the address from old_address to new_address for hostname.
hostadm -h hostname -I new-address
Will set new-address as the primary address for hostname. The new address can but does
not have to be an already registered address for hostname.
hostadm -b hostid -I new-address
If used with -b a full IP address change as if requested by a dynamic IP address capable
BoKS Client will be performed. This is only valid for a BoKS Client host with a host ID
set.
The new address must not be already assigned to another host.

-M domain
Specify the default (master) domain. This is used when validating logins against access routes
where hostnames have been specified without domain. Applies only to hostnames present in the
BoKS data base.
-C|-S With option -l only.
Will print a summary report containing hostname, primary address, host type,
home directory prefix and whether password file updates are enabled for the host or not.
The host type is reported in a short format. With option -C the host type shows the compound
type, meaning that the reported type may be a combination of basic type and flag values. With
option -S the type reported is the basic (non-compound) type.
See also option -T.

-B With option -l only.
Print host name, BoKS version and OS version. Note that BoKS and OS version
will only be set for UNIX machines running BoKS version 6.6.1 or later. In other cases, N/A
will be printed for these fields. Also note that it will take some time after a machine is installed
until these fields are updated. OS version is listed as reported by boks_uname -P, i.e. it will not
list the exact OS version, but the base version the BoKS has been ported to.

-F With option -l only.
Print the home directory prefix and physical home directory (on fileserver), if
present.

-H
With option -l print only the home directory prefix, if present.

-L With option -l only.
Print the flags bitmask value.

-P With option -l only.
Print IP-addresses. First address printed for each host is the primary address.

-T With option -l only.
Print the (compound) host type value (same as reported with plain -l).

-Y with option -l only.
Print host pre-registration type. Mainly intended for internal use.

-V
The ENV variable OVERLAPPING_ACCOUNT_CHECK (See ENV.4) can be set to make BoKS
check for overlapping accounts. If checking is turned on, the -V switch can be used to skip this
check when adding, modifying or renaming a host.

NOTES

hostadm will not execute any programs configured in ssm_hook_config(4). Those are only executed automatically
when administration is done from the GUI. Rename Operation:
The rename operation will rename the host in all database tables.
It will change the host part of any account tied directly to the host.
It will change the host name in any access routes that refer to the host.
It will make the new name a member of all the Host Groups that the old name was a member of (but the
new name may become a member of more Host Groups than the old name since it may match members in
other Host Groups, e.g via wild cards).
It will modify the name in the iptmp file it it is a replica.
It will modify the name in any pre-registration entry if present.
It will modify the name in any entries in $BOKS_etc/profiles/host2profile.
It will not attempt to modify the host in Active Directory if the host has been joined to the active directory
using adjoin.
If the host has a virtual card issued, this will not be changed automatically. If the host name has changed
in DNS, you may need to issue a new virtual card to the host.

SEE ALSO

hostkey(1), ssh_keyreg(1), lh(1),
hgrpadm(1), mkhome(1), cadm(1)

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 14, 2019