NAME¶
nutcpc - NuFW console-mode client for GNU/Linux and BSD systems
SYNOPSIS¶
nutcpc [
-d ] [
-l ] [
-k ] [
-c ] [
-V ] [
-h ] [
-q ] [
-Q ] [
-N ] [
-H Nuauth IP ] [
-p Nuauth port ]
[
-U UserID ] [
-P UserPassword ] [
-I Interval ] [
-Z Service ] [
-C
CertFile ] [
-A AuthorityFile ] [
-K KeyFile ] [
-W CertPass ] [
-R CrlFile ] [
-a NuauthDN ]
DESCRIPTION¶
This manual page documents the
nutcpc command.
nutcpc is a console-mode client for the NuFW authenticating firewall. It sends
authentication packets to the nuauth server. All parameters can be set on
commandline but nutcpc can also be configured via the file
nuclient.conf(5).
Original packaging and informations and help can be found from
http://www.nufw.org/
OPTIONS¶
- -d
- Debug mode, don't go into background.
- -l
- Do not verify whether lock file exists before starting. And
do not create lock file.
- -k
- Kill existing instances of the program running on our local
userID.
- -c
- Check if a client is already running. Return error if no
client are running.
- -V
- Issues program version and exits.
- -h
- Issues usage details and exits.
- -q
- Do not display running nutcpc options on "ps".
Useful when using "-W"
- -H Nuauth IP
- Send authentication packet to Nuauth IP.
- -p Nuauth port
- Send authentication packet to Nuauth port.
- -U User ID
- Set nufw userid to User ID.
- -P User Password
- Set nufw password to User Password.
- -I Interval
- Set connection list refresh interval to Interval.
This option is only useful if nuauth server is in POLL mode.
- -Z Service
- Set kerberos service name to Service.
- -C CertFile
- Use certificate file stored in the file CertFile to
negotiate the TLS connection to nuauth.
- -A AuthorityFile
- Use authority file stored in AuthorityFile and check
the validity of nuauth certificate against this authority. Nutcpc will
leave if this is not the case.
- -K KeyFile
- Use key file stored in the file KeyFile to negotiate
the TLS connection to nuauth.
- -W CertPass
- Use the passphrase CertPass to decrypt the
certificate. Check the -q option if you use this.
- -R CrlFile
- Use certificate revocation list file stored in the file
CrlFile to negotiate the TLS connection to nuauth. nutcpc reloads
this file if it gets disconnected from nuauth and needs to reconnect.
Since version 2.2.19, nutcpc reloads the CRL file when receiving a HUP
signal.
- -a NuauthDN
- Verify that the certificate given by nuauth has a DN equal
to NuauthDN. Nutcpc will leave if this is not the case.
- -Q
- Suppress warning if no certificate authority is
configured.
- -N
- Suppress error if server FQDN does not match certificate
CN.
LOCK FILE¶
By default, the lock file set by nutcpc is at ~/.nufw/nutcpc.
CERTIFICATE AUTHENTICATION¶
User authentication can be done using a certificate and a private key. Such a
method will be used, if nutcpc can find a certificate at ~/.nufw/cert.pem and
the corresponding private key at ~/.nufw/key.pem. The server identity will be
checked if a CA certificate is provided in ~/.nufw/cacert.pem. Certificates
and key can also be provided on command line or via
nuclient.conf(5).
SIGNALS¶
- HUP
- When receiving this signal, nutcpc attempts to immediately
reconnect to the server, if disconnected. The signal is ignored in other
cases.
SEE ALSO¶
nufw(8)
nuauth(8)
nuclient.conf(5)
AUTHOR¶
Nuauth was designed and coded by Eric Leblond, aka Regit
(<eric@regit.org>) , and Vincent Deffontaines, aka gryzor
(<vincent@gryzor.com>). Original idea in 2001, while working on NSM Ldap
support.
This manual page was written by Eric Leblond.
Permission is granted to copy, distribute and/or modify this document under the
terms of the GNU Free Documentation License, Version 2 as published by the
Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and
no Back-Cover Texts.