Command, Netapp

NetApp Lifetime Key Management Appliance 4.
0
Command Line Interface Reference Guide
NetApp, Inc.
495 East Java Drive
Sunnyvale, CA 94089 U.S.A.
Telephone: +1 (408) 822-6000
Fax: +1 (408) 822-4501
Support telephone: +1 (888) 4-NETAPP
Documentation comments: doccomments@netapp.com
Information Web: http://www.netapp.com
Part number 215-03955_A0
September 2008
Copyright, trademark information, notices and warnings
Copyright
information
Copyright 1994-2008 NetApp, Inc. All rights reserved. Printed in the U.S.A.
Part number: 215-03955_A0 (09208_KM40)
Model Number: KM500
No part of this document covered by copyright may be reproduced in any form or by any means
graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an
electronic retrieval systemwithout prior written permission of the copyright owner.
Portions of this product copyright 2005 Sun Microsystems, Inc. All rights reserved.
This software is provided AS IS, without a warranty of any kind. ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. (SUN) AND
ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
AS A RESULT OF USING, MODIFYING, OR DISTRIBUTING THIS SOFTWARE OR ITS
DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS
SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
JRE and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in
the United States and other countries.
Portions of this product are derived from FreeBSD, which is copyrighted by FreeBSD. Copyright
1994-2003 FreeBSD, Inc. All rights reserved.
Software derived from copyrighted material of FreeBSD is subject to the following license and
disclaimer:
Redistribution and use of the software in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT AS IS AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
ii
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young.
This product includes software developed by the OpenSSL project for use in the OpenSSL Toolkit.
This product includes software developed by Computing Services at Carnegie Mellon University
(http://www.cmu.edu/computing/. Copyright 2001 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. The name Carnegie Mellon University must not be used to endorse or promote products derived
from this software without prior written permission. For permission or any other legal details, please
contact:
Office of Technology Transfer
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213-3890
(412) 268-4387, fax: (412) 268-7395
tech-transfer@andrew.cmu.edu
4. Redistributions of any form whatsoever must retain the following acknowledgment:
This product includes software developed by Computing Services at Carnegie Mellon University
(http://www.cmu.edu/computing/).
Software derived from copyrighted NetApp material is subject to the following license and
disclaimer:
THIS SOFTWARE IS PROVIDED BY NETAPP AS IS AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
NetApp reserves the right to change any products described herein at any time, and without notice.
NetApp assumes no responsibility or liability arising from the use of products described herein,
except as expressly agreed to in writing by NetApp. The use or purchase of this product does not
convey a license under any patent rights, trademark rights, or any other intellectual property rights of
NetApp.
The product described in this manual may be protected by one or more U.S.A. patents, foreign
patents, or pending applications.
iii
RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to

restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer
Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).
Trademark
information
NetApp, the Network Appliance logo, the bolt design, NetAppthe Network Appliance Company,
Cryptainer, Cryptoshred, DataFabric, DataFort, Data ONTAP, Decru, FAServer, FilerView,
FlexClone, FlexVol, Manage ONTAP, MultiStore, NearStore, NetCache, NOW NetApp on the Web,
SANscreen, SecureShare, SnapDrive, SnapLock, SnapManager, SnapMirror, SnapMover,
SnapRestore, SnapValidator, SnapVault, Spinnaker Networks, SpinCluster, SpinFS, SpinHA,
SpinMove, SpinServer, StoreVault, SyncMirror, Topio, VFM, VFM (Virtual File Manager), and
WAFL are registered trademarks of NetApp, Inc. in the U.S.A. and/or other countries. gFiler,
Network Appliance, SnapCopy, Snapshot, and The evolution of storage are trademarks of NetApp,
Inc. in the U.S.A. and/or other countries and registered trademarks in some other countries. The
NetApp arch logo; the StoreVault logo; ApplianceWatch; BareMetal; Camera-to-Viewer;
ComplianceClock; ComplianceJournal; ContentDirector; ContentFabric; EdgeFiler; FlexShare;
FPolicy; Go Further, Faster; HyperSAN; InfoFabric; Lifetime Key Management, LockVault; NOW;
ONTAPI; OpenKey, RAID-DP; ReplicatorX; RoboCache; RoboFiler; SecureAdmin; Serving Data
by Design; SharedStorage; Simplicore; Simulate ONTAP; Smart SAN; SnapCache; SnapDirector;
SnapFilter; SnapMigrator; SnapSuite; SohoFiler; SpinMirror; SpinRestore; SpinShot; SpinStor;
vFiler; Virtual File Manager; VPolicy; and Web Filer are trademarks of NetApp, Inc. in the U.S.A.
and other countries. NetApp Availability Assurance and NetApp ProTech Expert are service marks of
NetApp, Inc. in the U.S.A.
IBM, the IBM logo, AIX, and System Storage are trademarks and/or registered trademarks of
International Business Machines Corporation.
Apple is a registered trademark and QuickTime is a trademark of Apple, Inc. in the U.S.A. and/or
other countries. Microsoft is a registered trademark and Windows Media is a trademark of Microsoft
Corporation in the U.S.A. and/or other countries. RealAudio, RealNetworks, RealPlayer,
RealSystem, RealText, and RealVideo are registered trademarks and RealMedia, RealProxy, and
SureStream are trademarks of RealNetworks, Inc. in the U.S.A. and/or other countries.
All other brands or products are trademarks or registered trademarks of their respective holders and
should be treated as such.
NetApp, Inc. is a licensee of the CompactFlash and CF Logo trademarks. NetApp, Inc. NetCache is
certified RealSystem compatible.
Power supply
notice
The appliance is suitable for IT power systems. Connect each power supply to a separate power
source for failover support.
WARNING: The power supply cord is used as the main disconnect device. Ensure that the socketoutlet is located/installed near the equipment and is easily accessible.
ATTENTION: LE CORDON D'ALIMENTATION EST UTILIS COMME INTERRUPTEUR
GNRAL. LA PRISE DE COURANT DOIT TRE SITUE OU INSTALLE PROXIMIT
DU MATRIEL ET TRE FACILE D'ACCS.
WARNUNG: Das Netzkabel dient als Netzschalter. Stellen Sie sicher, das die Steckdose einfach
zugnglich ist.
WARNING: This product relies on the building's installation for short-circuit (overcurrent)
protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A
international) is used on the phase conductors (all current-carrying conductors).
iv
ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit
dpend de linstallation lectrique du local. Vrifier qu'un fusible ou quun disjoncteur de 120 V alt.,
15 A U.S. maximum (240 V alt., 10 A international) est utilis sur les conducteurs de phase
(conducteurs de charge).
WARNUNG: Dieses Produkt ist darauf angewiesen, da im Gebude ein Kurzschlu- bzw.
berstromschutz installiert ist. Stellen Sie sicher, da eine Sicherung oder ein Unterbrecher von nicht
mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den
Phasenleitern (allen stromfhrenden Leitern) verwendet wird.
VARNING: Apparaten skall anslutas till jordat uttag nr den ansluts till ett ntverk.
OPPMERKSAMHET: Apparatet m kun tilkoples jordet stikkontakt.
Dual power supply

notice
WARNING: This unit has more than one power supply connection; all connections must be removed
to remove all power from the unit.
WARNUNG: Diese Einheit verfgt ber mehr als einen Stromanschlu; um Strom gnzlich von der
Einheit fernzuhalten, mssen alle Stromzufuhren abgetrennt sein.
ATTENTION: Cette unit est quipe de plusieurs raccordements d'alimentation. Pour supprimer
tout courant lectrique de l'unit, tous les cordons d'alimentation doivent tre dbranchs.
Lithium battery
notice
This product contains a lithium battery. Although the battery is not field-serviceable, observe the
following warning:
CAUTION: Danger of explosion if battery is replaced with incorrect type. Replace only with the
same type recommended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
ATTENTION: II y a danger d'explosion s'il a remplacement incorrect de la batterie. Remplacer
uniquement avec une batterie du meme type ou d'un type equivalent recommande par le constructeur.
Mettre au rebut les batteries usagees conformement aux instructions du fabricant.
WARNUNG: Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie die
Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp. Entsorgen Sie die
benutzten Batterien nach den Anweisungen des Herstellers.
WARNING: TO PREVENT BODILY INJURY WHEN MOUNTING OR SERVICING THE
APPLIANCE, DO NOT LIFT OR CARRY THE UNIT BY THE FRONT PANEL. THE FRONT
PANEL IS INTENDED TO BE AN EASILY DETACHABLE COMPONENT AND IS NOT
DESIGNED TO CARRY PRODUCT WEIGHT.
Perchlorate present
Important: Special handling may apply. See: http://www.dtsc.ca.gov/hazardouswaste/perchlorate/
Rack mounting
notice
Appropriate hardware is provided with the appliance to mount it in an EIA standard 19 rack. Follow
instructions provided in the package to mount the slide rails to the sides of the LKM appliance and
attach the rail mounts to the rack. Then slide the appliance into the rack on the rails and secure the
appliance in place using the provided screws.
WARNING: To prevent bodily injury when mounting or servicing this unit in a rack, take special
precautions to ensure that the system remains stable. These guidelines are provided to ensure your
safety:
This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the
heaviest component at the bottom of the rack.
If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the
unit in the rack.
ATTENTION: Pour viter toute blessure corporelle pendant les oprations de montage ou de
rparation de cette unit en casier, il convient de prendre des prcautions spciales afin de maintenir
la stabilit du systme. Les directives ci-dessous sont destines assurer la protection du personnel.
Si cette unit constitue la seule unit monte en casier, elle doit tre place dans le bas.
Si cette unit est monte dans un casier partiellement rempli, charger le casier de bas en haut en
plaant l'lment le plus lourd dans le bas.
Si le casier est quip de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de
rparer l'unit en casier.
WARNUNG: Zur Vermeidung von Krperverletzung beim Anbringen oder Warten dieser Einheit in
einem Gestell mssen Sie besondere Vorkehrungen treffen, um sicherzustellen, da das System stabil
bleibt. Die folgenden Richtlinien sollen zur Gewhrleistung Ihrer Sicherheit dienen:
Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden.
Bei Anbringung dieser Einheit in einem zum Teil gefllten Gestell ist das Gestell von unten nach
oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist.
Wird das Gestell mit Stabilisierungszubehr geliefert, sind zuerst die Stabilisatoren zu installieren,
bevor Sie die Einheit im Gestell anbringen oder sie warten.
vi
NetApp KM-Series Command Line Reference Guide 4.0
Table of Contents
1 Top-level commands......................................................................................................
2 db3 commands..............................................................................................................
3 trustee commands.........................................................................................................
3.1 trustee keys commands...........................................................................................................................................................

8
3.2 trustee linkkey commands....................................................................................................................................................
10
3.3 trustee linkkeysharing commands......................................................................................................................................11
3.4 trustee peer commands.........................................................................................................................................................
11
3.5 trustee unapproved commands...........................................................................................................................................12
4 lkm commands............................................................................................................
16
4.1 lkm db commands..................................................................................................................................................................

18
4.2 lkm key commands................................................................................................................................................................
20
4.2.1 lkm key attribute commands....................................................................................................................................23
4.2.2 lkm key journal commands.......................................................................................................................................24
4.3 lkm openkey commands.......................................................................................................................................................
25
4.3.1 lkm openkey enroll commands.................................................................................................................................
26
4.3.1.1 lkm openkey enroll pending commands.......................................................................................................27
4.4 lkm server commands...........................................................................................................................................................
29
4.4.1 lkm server certificate commands.............................................................................................................................
31
5 net commands.............................................................................................................
32
5.1 net util commands..................................................................................................................................................................

33
5.1.1 net util tcpdump commands......................................................................................................................................
36
6 keyman commands.....................................................................................................
38
6.1 keyman cryptainerkeys commands.....................................................................................................................................

39
6.2 keyman lkmkeys commands................................................................................................................................................
41
6.3 keyman purgekeys commands............................................................................................................................................42
7 cli commands...............................................................................................................
44
7.1 cli cshelp commands..............................................................................................................................................................

45
8 active-role commands.................................................................................................
46
9 domain commands.....................................................................................................
47
10 group commands......................................................................................................
53
10.1 group group commands......................................................................................................................................................

55
10.2 group role commands..........................................................................................................................................................
56
11 role commands..........................................................................................................
58
12 user commands.........................................................................................................
60
12.1 user cifs commands.............................................................................................................................................................

62
NetApp Proprietary Information
Page 2 of 144
12.1.1 user cifs password commands...............................................................................................................................63

12.2 user comers commands......................................................................................................................................................
64
12.3 user group commands.........................................................................................................................................................
66
12.4 user home commands.........................................................................................................................................................
68
12.5 user role commands............................................................................................................................................................
70
13 cluster co mmands.....................................................................................................
72
13.1 cluster config commands....................................................................................................................................................

73
13.1.1 cluster config ipsec commands..............................................................................................................................
75
13.1.2 cluster config member commands........................................................................................................................76
13.1.3 cluster config potentialmember commands........................................................................................................78
13.1.4 cluster config route commands..............................................................................................................................
81
13.1.4.1 cluster config route heartbeat commands.................................................................................................82
14 db commands............................................................................................................
84
14.1 db index commands.............................................................................................................................................................

88
14.2 db trx commands..................................................................................................................................................................
88
14.3 db xlog commands...............................................................................................................................................................
89
15 system commands....................................................................................................
90
15.1 system agreement commands..........................................................................................................................................95

15.2 system banner commands.................................................................................................................................................95
15.2.1 system banner postlogin commands....................................................................................................................95
15.2.2 system banner prelogin commands......................................................................................................................96
15.3 system certificate commands............................................................................................................................................
97
15.3.1 system certificate request commands.................................................................................................................99
15.4 system crypto commands................................................................................................................................................100
15.4.1 system crypto approve commands.....................................................................................................................103
15.4.2 system crypto channel commands......................................................................................................................
104
15.4.3 system crypto ignitionkey commands................................................................................................................105
15.4.4 system crypto masterkey commands.................................................................................................................105
15.4.5 system crypto protected commands...................................................................................................................
106
15.4.6 system crypto rc commands.................................................................................................................................
107
15.4.7 system crypto rip commands...............................................................................................................................109
15.4.8 system crypto secretshare commands..............................................................................................................111
15.4.9 system crypto whitelist commands.....................................................................................................................
113
15.5 system date commands...................................................................................................................................................115
15.6 system httpd commands..................................................................................................................................................
115
15.7 system license commands...............................................................................................................................................
116
15.8 system log commands......................................................................................................................................................
117
15.9 system property commands............................................................................................................................................119
15.10 system raid commands..................................................................................................................................................
121
15.10.1 system raid errors commands...........................................................................................................................121
15.11 system tamper commands............................................................................................................................................
122
15.12 system timezone commands........................................................................................................................................123
15.13 system util commands...................................................................................................................................................124
15.13.1 system util mbeventlog commands..................................................................................................................
129
15.13.2 system util techdump commands.....................................................................................................................
129
15.13.3 system util trend commands.............................................................................................................................130
15.14 system wizard commands.............................................................................................................................................132
15.14.1 system wizard cluster commands....................................................................................................................134
15.14.2 system wizard crypto commands......................................................................................................................
135
15.14.3 system wizard network commands..................................................................................................................136
Page 3 of 144
1 TOP-LEVEL COMMANDS
active-role...
Active role commands
authorize +
Authorize admin login
challenge +
Generate challenge for PKI authentication
cli...
Command line administration commands
cluster...
Cluster commands
db...
Database administration commands
db3...
DB3 administration commands
domain...
User/group domain commands
group...
Group commands
help
Command line usage help
keyman...
Key management commands
lkm...
LKM management commands
net...
Network commands
password
Change user password
quit
Quit the current client session
role...
Role commands
system...
System commands
trustee...
Trustees management commands
user...
User commands
who
Display who is logged in
whoami
Display effective user ID
authorize
Purpose:
Authorize admin login
Usage:
authorize <user>
Parameters:
<user>
username[@domain]
Page 4 of 144
challenge
Purpose:
Generate challenge for PKI authentication
Usage:
challenge <user>
Parameters:
<user>
username[@domain]
help
Purpose:
Command line usage help
Usage:
help
password
Purpose:
Change user password
Usage:
password [-f, --force] [--new <new>] [--old <old>] [--user <user>]
Options:
-f, --force
Force password change of an admin
--new <new>
New password
--old <old>
Old password
--user <user>
username[@domain]
Page 5 of 144
quit
Purpose:
Quit the current client session
Usage:
quit
who
Purpose:
Display who is logged in
Usage:
who
whoami
Purpose:
Display effective user ID
Usage:
whoami
Page 6 of 144
2 DB3 COMMANDS
db3 restart
Restart DB3 server
db3 techdump
Series of diagnostic queries
db3 zeroize
Zeroizes DB3 data
db3 restart
Purpose:
Restart DB3 server
Usage:
db3 restart
db3 techdump
Purpose:
Series of diagnostic queries
Usage:
db3 techdump
db3 zeroize
Purpose:
Zeroizes DB3 data
Usage:
db3 zeroize
Page 7 of 144
3 TRUSTEE COMMANDS
trustee delete
Remove a trustee from the system
trustee keys...
Trustee key export and import commands
trustee linkkey...
Link key commands
trustee linkkeysharing...
Commands to control the sharing of link keys over trustee

links
trustee list
List all approved trustees in the system
trustee peer...
Trustee peer commands
trustee unapproved...
Trust establishment commands for unapproved trustees
trustee delete
Purpose:
Usage:
trustee delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
Trustee identification label
trustee list
Purpose:
Usage:
trustee list [-i, --id <id>] [-l, --label <label>] [-n, --limit
<limit>] [-o, --offset <offset>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
Trustee identifying label
-n, --limit <limit>
Query limit: zero=>no limit, negative=>backward range
-o, --offset <offset>
Query offset: negative=>step backward
3.1 trustee keys commands

trustee keys export +
Export a Cryptainer Key to the trustee
Page 8 of 144
trustee keys import
Import a Cryptainer Key from a trustee
trustee keys export

Purpose:
Export a Cryptainer Key to the trustee
Usage:
trustee keys export [-c, --cryptainer-path <cryptainer-path>] [-f, -ftp <ftp>] [-k, --key-id <key-id>] [-l, --lun <lun>] [--media-label
<media-label>] [--owner-name <owner-name>] [-p, --password
<password>] [--pool-label <pool-label>] [-d, --port-wwn <port-wwn>]
[--tgt-name <tgt-name>] [-u, --username <username>] <label>
Parameters:
<label>
Name of the trustee to whom the key is to be exported
Options:
-c, --cryptainer-path <cryptainer-path>
Path to a NAS cryptainer
-f, --ftp <ftp>
Upload keys export package to a FTP server
-k, --key-id <key-id>
Key ID
-l, --lun <lun>
Fibre Channel or iSCSI disk LUN
--media-label <media-label>
Media label (SAN)
--owner-name <owner-name>
iSCSI owner name
-p, --password <password>
Password of FTP user
--pool-label <pool-label>
Pool label (SAN)
-d, --port-wwn <port-wwn>
Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>
--tgt-name <tgt-name>
iSCSI target name
-u, --username <username>
User to connect to FTP server as
trustee keys impo rt

Purpose:
Import a Cryptainer Key from a trustee
Usage:
trustee keys import [-f, --ftp <ftp>] [-p, --password <password>]

[-u, --username <username>] [-w, --webfile <webfile>]
Options:
-f, --ftp <ftp>
Download trusted package from a FTP server
-w, --webfile <webfile>
Key file uploaded to web server
Page 9 of 144
3.2 trustee linkkey commands

trustee linkkey delete
Remove a link key from the system
trustee linkkey list
List all approved link keys in the system
trustee linkkey map +
Change the link key which is used for a particular trustee

link
trustee linkkey delete

Purpose:
Remove a link key from the system
Usage:
trustee linkkey delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
trustee linkkey list

Purpose:
List all approved link keys in the system
Usage:
trustee linkkey list [-i, --id <id>] [-l, --label <label>] [-n, -limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
-n, --limit <limit>
trustee linkkey map

Purpose:
Change the link key which is used for a particular trustee link
Usage:
trustee linkkey map <label> <id>
Parameters:
<label>
Name of the trustee
<id>
Link Key ID
Page 10 of 144
3.3 trustee linkkeysharing commands

trustee linkkeysharing disable
Disable link key sharing over a trustee link
trustee linkkeysharing enable
Enable link key sharing over a trustee link
trustee linkkeysharing disable

Purpose:
Disable link key sharing over a trustee link
Usage:
trustee linkkeysharing disable [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Link Key ID
-l, --label <label>
trustee linkkeysharing enable

Purpose:
Enable link key sharing over a trustee link
Usage:
trustee linkkeysharing enable [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Link Key ID
-l, --label <label>
3.4 trustee peer commands

trustee peer delete
trustee peer list
trustee peer delete

Purpose:
Usage:
trustee peer delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
Page 11 of 144
trustee peer list

Purpose:
Usage:
trustee peer list [-i, --id <id>] [-l, --label <label>] [-n, --limit
<limit>] [-o, --offset <offset>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
-n, --limit <limit>
3.5 trustee unapproved commands

trustee unapproved approve
Get a secret shared trustee authorization token. The

secretsharing is done using the specified recovery cards
trustee unapproved create +
Create a trust establishment package for a new trustee
trustee unapproved delete
Delete a pending trustee
trustee unapproved list
List the pending unapproved trustees in the system
trustee unapproved receive
Receive a trust package created by a remote trustee
trustee unapproved review
Check whether trustee approval is needed
trustee unapproved rmall
Remove all unapproved trustees from the system
trustee unapproved send +
Send a previously created trust package to a remote

trustee
trustee unapproved approve

Purpose:
Get a secret shared trustee authorization token. The secretsharing is done using the specified
recovery cards
Usage:
trustee unapproved approve [-i, --id <id>] [-l, --label <label>] [-t,
--type <type>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
-t, --type <type>
Link type: one of

LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)
Page 12 of 144
trustee unapproved create

Purpose:
Create a trust establishment package for a new trustee
Usage:
trustee unapproved create <label> <mylabel>
Parameters:
<label>
Label used as identifier for this trustee
<mylabel>
Label with which to introduce this Appliance to the trustee
trustee unapproved delete

Purpose:
Delete a pending trustee
Usage:
trustee unapproved delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
trustee unapproved list

Purpose:
List the pending unapproved trustees in the system
Usage:
trustee unapproved list [-i, --id <id>] [-l, --label <label>] [-n, -limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id>
Trustee ID
-l, --label <label>
-n, --limit <limit>
Page 13 of 144
trustee unapproved receive

Purpose:
Receive a trust package created by a remote trustee
Usage:
trustee unapproved receive [-f, --ftp <ftp>] [-c, --mylabel

<mylabel>] [-n, --name <name>] [-p, --password <password>] [-t, -type <type>] [-u, --username <username>] [-v, --verifier <verifier>]
[-w, --webfile <webfile>]
Options:
-f, --ftp <ftp>
Download trusted package from a FTP server
-c, --mylabel <mylabel>
Self credentials to use to talk to the trustee
-n, --name <name>
Name to associate with the trustee
-t, --type <type>
Link type: one of

LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)
-v, --verifier <verifier>
Verification hash for this package
File uploaded to web server
trustee unapproved review

Purpose:
Check whether trustee approval is needed
Usage:
trustee unapproved review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
Print nothing if no problems are detected
-v, --verbose
Show more detail
Page 14 of 144

Purpose:
Remove all unapproved trustees from the system
Usage:
trustee unapproved send

Purpose:
Send a previously created trust package to a remote trustee
Usage:
trustee unapproved send [-f, --ftp <ftp>] [-p, --password <password>]

[-u, --username <username>] <label>
Parameters:
<label>
Label of the trustee to whom the trust package is to be

sent
Options:
-f, --ftp <ftp>
Upload trust package to a FTP server
Page 15 of 144
4 LKM COMMANDS
lkm db...
ConfigDB commands
lkm disk usage
List free/used space
lkm doc
Generate Documentation for LKM interfaces
lkm key...
Key commands
lkm openkey
LKM OpenKey commands
lkm restart
Restart LKM daemon
lkm server...
Server commands
lkm state info
Show LKM subsystem state information
lkm status
Check the status of all configured LKM Servers
lkm test
LKM self test on specified function areas
lkm zeroize
Zeroize LKM information
Page 16 of 144
lkm disk usage

Purpose:
List free/used space
Usage:
lkm disk usage
lkm doc
Purpose:
Generate Documentation for LKM interfaces
Usage:
lkm doc
lkm restart
Purpose:
Restart LKM daemon
Usage:
lkm restart
lkm state info

Purpose:
Show LKM subsystem state information
Usage:
lkm state info
lkm status
Purpose:
Check the status of all configured LKM Servers
Usage:
lkm status [-v, --verbose]
Options:
-v, --verbose
Display data specific to each SNS
Page 17 of 144
lkm test
Purpose:
LKM self test on specified function areas
Usage:
lkm test [--all] [--key-parse] [--key-share] [--key-translation] [-key-vault-encrypt] [--key-vault-sign] [--time-key-generate <time-keygenerate>] [--time-key-translation <time-key-translation>] [-verbose]
Options:
--all
Tests full suite except timing ones (tests none by default)
--key-parse
Tests key parsing functions
--key-share
Tests key sharing policy functions
--key-translation
Exercises SEP
--key-vault-encrypt
Tests key vault encryption functions
--key-vault-sign
Tests key vault signing functions
--time-key-generate <time-key-generate>
Benchmark Key Generation
--time-key-translation <time-keytranslation>
--verbose
Benchmark Translation
Output all status (output failures only by default)
lkm zeroize
Purpose:
Zeroize LKM information
Usage:
lkm zeroize [--keep_journal] [--keep_key_db] [--keep_remote_cdbs]
Options:
--keep_journal
Allow the zeroize process to keep LKM journal
--keep_key_db
Allow the zeroize process to keep LKM key DB
--keep_remote_cdbs
Allow the zeroize process to keep remote ConfigDBs
4.1 lkm db commands

lkm db copy +
Copy configuration database
lkm db export +
Export a configuration database as compressed XML
lkm db list
List configuration databases
lkm db remove +
Remove configuration database
Page 18 of 144
lkm db copy
Purpose:
Copy configuration database
Usage:
lkm db copy <from> <to>
Parameters:
<from>
Database Name
<to>
Destination Database Name
lkm db export
Purpose:
Export a configuration database as compressed XML
Usage:
lkm db export [-f, --ftp-dir <ftp-dir>] [-p, --password <password>]

[-u, --username <username>] <db>
Parameters:
<db>
Config Database to export
Options:
-f, --ftp-dir <ftp-dir>
Export to FTP server as compressed XML file

<ftp://[user:pass@]host[:port]/path>
lkm db list
Purpose:
List configuration databases
Usage:
lkm db list
lkm db remove
Purpose:
Remove configuration database
Usage:
lkm db remove <dbfile>
Parameters:
<dbfile>
Database to remove
Page 19 of 144
4.2 lkm key commands

lkm key add
Add lkm key objects
lkm key attribute...
Key attribute commands
lkm key delete
Remove single lkm key object
lkm key export
Export lkm key objects
lkm key import
Import lkm key objects
lkm key journal...
Key journal commands
lkm key list
List lkm key objects
lkm key resync +
Resync LKM keys
lkm key sharing group list
List all key sharing groups this LKM appliance knows

about
lkm key statistics
List key counts
lkm key update
Update single lkm key object
lkm key verify
List corrupt lkm key objects
lkm key whitelist list
List the key whitelist
Page 20 of 144
lkm key add

Purpose:
Add lkm key objects
Usage:
lkm key add
lkm key delete

Purpose:
Remove single lkm key object
Usage:
lkm key delete
lkm key export

Purpose:
Export lkm key objects
Usage:
lkm key export [-f, --ftp <ftp>] [-n, --limit <limit>] [-o, --offset
<offset>] [--order <order>] [--order-by <order-by>] [-p, --password
<password>] [-s, --seqnum <seqnum>] [-u, --username <username>]
Options:
-f, --ftp <ftp>
Upload keys export package to a FTP server
-n, --limit <limit>
--order <order>
asc | desc
--order-by <order-by>
the attr_name to order by
-s, --seqnum <seqnum>
Sequence number to start from
lkm key import

Purpose:
Import lkm key objects
Usage:
lkm key import [-f, --ftp <ftp>] [-p, --password <password>] [-u, -username <username>] [-w, --webfile <webfile>]
Options:
-f, --ftp <ftp>
Download keys export package from a FTP server
Key file uploaded to web server
Page 21 of 144
lkm key list

Purpose:
List lkm key objects
Usage:
lkm key list [-n, --limit <limit>] [-o, --offset <offset>] [--order
<order>] [--order-by <order-by>] [--verify-show <verify-show>] [-verify-skip]
Options:
-n, --limit <limit>
--order <order>
asc | desc
--verify-show <verify-show>
Verify and show good and/or no good keys [all (default) |

ok | ng ]
--verify-skip
Skip verification and show all keys (not recommended)
lkm key resync

Purpose:
Resync LKM keys
Usage:
lkm key resync <peer>
Parameters:
<peer>
IP address
lkm key sharing group list

Purpose:
List all key sharing groups this LKM appliance knows about
Usage:
lkm key sharing group list [-n, --limit <limit>] [-o, --offset
<offset>]
Options:
-n, --limit <limit>
Page 22 of 144
lkm key statistics

Purpose:
List key counts
Usage:
lkm key statistics [--reset]
Options:
--reset
Reset statistics table (advanced)
lkm key update

Purpose:
Update single lkm key object
Usage:
lkm key update
lkm key verify

Purpose:
List corrupt lkm key objects
Usage:
lkm key verify [-a, --all] [-n, --limit <limit>] [-o, --offset
<offset>] [--order <order>] [--order-by <order-by>] [--skipverification]
Options:
-a, --all
Display all matching keys, not just corrupt ones
-n, --limit <limit>
--order <order>
asc | desc
--skip-verification
Skip verification of key signatures

Purpose:
List the key whitelist
Usage:
4.2.1 lkm key attribute commands

lkm key attribute add +
Add a new key attribute
lkm key attribute list
List allowed key attributes
Page 23 of 144
lkm key attribute add

Purpose:
Add a new key attribute
Usage:
lkm key attribute add <attr_type> <is_primary_key> <attr_name>

<attr_display_name>
Parameters:
<attr_type>
Key attribute type
<is_primary_key>
Whether attribute is a handler
<attr_name>
Key attribute name
<attr_display_name>
Key attribute display name
lkm key attribute list

Purpose:
List allowed key attributes
Usage:
lkm key attribute list [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit>
4.2.2 lkm key jo urnal commands

lkm key journal list
List keys from the LKM key journal
lkm key journal state
Output LKM key journal state
lkm key journal status
Output LKM key journal status
lkm key journal zeroize
Zeroize LKM key journal
lkm key journal list

Purpose:
List keys from the LKM key journal
Usage:
lkm key journal list [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit>
Page 24 of 144
lkm key journal state

Purpose:
Output LKM key journal state
Usage:
lkm key journal state [-i, --init-time] [-r, --recompute]
Options:
-i, --init-time
Display init-time statistics
-r, --recompute
Recompute statistics

Purpose:
Output LKM key journal status
Usage:
lkm key journal zeroize

Purpose:
Zeroize LKM key journal
Usage:
lkm key journal zeroize [-o, --overwrite]
Options:
-o, --overwrite
Overwrite entries
4.3 lkm openkey commands

lkm openkey client list
List OpenKey clients
lkm openkey enroll...
LKM OpenKey enrollment commands
lkm openkey license list
List OpenKey licenses
Page 25 of 144

Purpose:
List OpenKey clients
Usage:

Purpose:
List OpenKey licenses
Usage:
4.3.1 lkm openkey enroll comman ds

lkm openkey enroll list
Displays current OpenKey enrollment settings
lkm openkey enroll pending...
Interact with the list of enrollments pending manual

approval
lkm openkey enroll set +
Modify OpenKey enrollment settings
Page 26 of 144

Purpose:
Displays current OpenKey enrollment settings
Usage:
lkm openkey enroll set

Purpose:
Modify OpenKey enrollment settings
Usage:
lkm openkey enroll set [-t, --endtime <endtime>] [-k, --ksg <ksg>]
[-m, --netmask <netmask>] [-o, --only-added] [-p, --port <port>] [-b,
--range-begin <range-begin>] [-e, --range-end <range-end>] [-s, -subnet <subnet>] <mode>
Parameters:
<mode>
off|auto|manual
Options:
-t, --endtime <endtime>
Cut-off time for accepting enrollment requests. 'YYYY-MMDD HH:MM:SS' Default is forever.
-k, --ksg <ksg>
Default key sharing group. Name must begin and end with
forward slash delimiter.
-m, --netmask <netmask>
Only accept peers from this subnet. Used with -s, not -b or
-e. Default 0.0.0.0.
-o, --only-added
Only allow enrollment by peers in the lkm server list (but

with no certificate).
-p, --port <port>
Port on which to accept enrollment requests. Default

32580.
-b, --range-begin <range-begin>
Only accept peers from this ip range. Used with -e, not -s
or -m. Default 0.0.0.0.
-e, --range-end <range-end>
Only accept peers from this ip range. Used with -b, not -s
or -m. Default 255.255.255.255.
-s, --subnet <subnet>
Only accept peers from this subnet. Used with -m, not -b or
-e. Default 0.0.0.0.
4.3.1.1 lkm openkey enroll pending commands

lkm openkey enroll pending accept
Accept pending OpenKey clients (making them peers)
lkm openkey enroll pending certificate

get +
Get certificate of enrolled OpenKey client awaiting manual

approval
lkm openkey enroll pending list
List enrolled OpenKey clients awaiting manual approval
lkm openkey enroll pending reject
Reject pending OpenKey clients (removing them from the

list)
Page 27 of 144
lkm openkey enroll pending accept

Purpose:
Accept pending OpenKey clients (making them peers)
Usage:
lkm openkey enroll pending accept [-a, --all] [-k, --ksg <ksg>] [-m,
--netmask <netmask>] [-s, --subnet <subnet>]
Options:
-a, --all
Accept all. Must specify this or -s.
-k, --ksg <ksg>
Key sharing group. Name must begin and end with

forward slash delimiter.
Only accept peers from this subnet. If given, must specify

-s.
Only accept peers from this subnet. If netmask is

unspecified, this is a single IP address.
lkm openkey enroll pending certificate get

Purpose:
Get certificate of enrolled OpenKey client awaiting manual approval
Usage:
lkm openkey enroll pending certificate get [-t, --text] <ip>
Parameters:
<ip>
IP address
Options:
-t, --text
Display certificate as text fields, not PEM.
lkm openkey enroll pending list

Purpose:
List enrolled OpenKey clients awaiting manual approval
Usage:
lkm openkey enroll pending list [-c, --count] [-i, --ip <ip>] [-n, -limit <limit>] [-o, --offset <offset>]
Options:
-c, --count
Show only total number of pending OpenKey clients
-i, --ip <ip>
IP address of pending OpenKey client
-n, --limit <limit>
Page 28 of 144
lkm openkey enroll pending reject

Purpose:
Reject pending OpenKey clients (removing them from the list)
Usage:
lkm openkey enroll pending reject [-a, --all] [-m, --netmask

<netmask>] [-s, --subnet <subnet>]
Options:
-a, --all
Reject all. Must specify this or -s (but not both).
Only reject peers from this subnet. If given, must specify

-s. Default is 255.255.255.255.
Only reject peers from this subnet. If netmask is

unspecified, this is a single IP address.
4.4 lkm server commands

lkm server add +
Add LKM server
lkm server certificate...
Certificate commands
lkm server list
List LKM servers
lkm server remove +
Remove LKM server
lkm server set +
Modify a property of LKM server
lkm server add

Purpose:
Add LKM server
Usage:
lkm server add [--key-sharing-group <key-sharing-group>] [-p, --port

<port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee
<trustee>] [--type <type>] <peer>
Parameters:
<peer>
IP address
Options:
--key-sharing-group <key-sharing-group>
Name must begin and end with forward slash delimiter
-p, --port <port>
Port on which LKM server is listening
--protocol <protocol>
xml
-s, --secret <secret>
Shared secret
--trustee <trustee>
Label of established Trustee Link
--type <type>
software | appliance | datafort | third-party
Page 29 of 144
lkm server list

Purpose:
List LKM servers
Usage:
lkm server list [-c, --count] [-i, --ip <ip>] [-n, --limit <limit>]
[-o, --offset <offset>]
Options:
-c, --count
Show only total number of LKM servers
-i, --ip <ip>
IP address of LKM server
-n, --limit <limit>
lkm server remove

Purpose:
Remove LKM server
Usage:
lkm server remove <peer>
Parameters:
<peer>
IP address
lkm server set

Purpose:
Modify a property of LKM server
Usage:
lkm server set [--key-sharing-group <key-sharing-group>] [-p, --port

<port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee
<trustee>] <peer>
Parameters:
<peer>
IP address
Options:
--key-sharing-group <key-sharing-group>
Name must begin and end with forward slash delimiter
-p, --port <port>
Port on which LKM server is listening
--protocol <protocol>
binary | xml
Shared secret (software)
--trustee <trustee>
Label of established Trustee Link
Page 30 of 144
4.4.1 lkm server certificate commands

lkm server certificate get +
Get certificate of peer
lkm server certificate set +
Set certificate of peer
lkm server certificate get

Purpose:
Get certificate of peer
Usage:
lkm server certificate get <peer>
Parameters:
<peer>
IP address
lkm server certificate set

Purpose:
Set certificate of peer
Usage:
lkm server certificate set <peer> <certificate>
Parameters:
<peer>
IP address
<certificate>
Certificate
Page 31 of 144
5 NET COMMANDS
net apply
Apply network changes
net connection list
List network connections
net interface get +
Get network interface information
net status
Display network status
net util...
Network utilities
net apply
Purpose:
Apply network changes
Usage:
net apply [--httpd] [--sshd]
Options:
--httpd
Restart httpd
--sshd
Restart sshd
net connection list

Purpose:
List network connections
Usage:
net connection list
net interface get

Purpose:
Get network interface information
Usage:
net interface get <ifname>
Parameters:
<ifname>
Network interface name (for example: bge0, bge1, em0)
Page 32 of 144
net status
Purpose:
Usage:
net status [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
-v, --verbose
Show more detail
5.1 net util commands

net util arp
Display or delete ARP table
net util host +
Look up hostnames using DNS
net util ifconfig
Display network interface settings
net util ipsecstats
Display IPsec statistics
net util netstat
net util ping +
Ping a host
net util tcpdump...
Network packet capture facility
net util arp

Purpose:
Display or delete ARP table
Usage:
net util arp [-a] [-d] [-n]
Options:
-a
Apply action to all entries
-d
Delete all entries
-n
Show network addresses as numbers
net util host

Purpose:
Look up hostnames using DNS
Usage:
net util host <hostname>
Parameters:
<hostname>
Hostname or IP address
Page 33 of 144
net util ifconfig

Purpose:
Display network interface settings
Usage:
net util ifconfig [-C] [-L] [-a] [-d] [-l] [-m] [-u]
Options:
-C
List all of the interface cloners available on the system
-L
Display address lifetime for IPv6 addresses
-a
Display information about all interfaces in the system
-d
Display information only about interfaces that are down
-l
List all available interfaces on the system
-m
Display all of the supported media for the specified

interface
-u
Display information only about interfaces that are up
Page 34 of 144
net util ipsecstats

Purpose:
Display IPsec statistics
Usage:
net util ipsecstats
net util netstat

Purpose:
Usage:
net util netstat [-I <>] [-L] [-W] [-a] [-b] [-d] [-e] [-f <>] [-i]
[-m] [-n] [-p <>] [-r] [-s]
Options:
-I <>
Show information about the specified interface
-L
Show the size of various listen queues
-W
Avoid truncating addresses
-a
With the default display, show the state of all sockets;

With the routing table display, (option -r, as described
below), show protocol-cloned routes
-b
With the interface display (option -i, as described below),

show the number of bytes in and out
-d
With the interface display (option -i, as described below),

show the number of dropped packets
-e
Show detailed information on each TCP connection
-f <>
Limit statistics or address control block reports to those of

the specified address family
-i
Show state of interfaces which have been auto-configured
-m
Show statistics recorded by the memory management

routines
-n
Show network addresses as numbers
-p <>
Show statistics about protocol
-r
Show the routing tables
-s
Show per-protocol stats
Page 35 of 144
net util ping

Purpose:
Ping a host
Usage:
net util ping [-I <>] [-S <>] [-c <>] [-s <>] <hostname>
Parameters:
<hostname>
Hostname or IP address
Options:
-I <>
Interface to send packets from
-S <>
Source address to be used when sending packets
-c <>
Number of packets to send (default is 4).
-s <>
Number of data bytes to send (default is 56).
5.1.1 net util tcpdump comman ds

net util tcpdump delete +
Delete packet capture file
net util tcpdump start +
Start packet capture
net util tcpdump status +
Show status of packet capture
net util tcpdump stop +
Stop packet capture
net util tcpdump delete

Purpose:
Delete packet capture file
Usage:
net util tcpdump delete <interface>
Parameters:
<interface>
Interface whose packet capture file is to be deleted; use

'all' to specify all interfaces
Page 36 of 144
net util tcpdump start

Purpose:
Start packet capture
Usage:
net util tcpdump start [-x, --file <file>] [-f, --ftpserver

<ftpserver>] [-p, --password <password>] [-s, --snaplen <snaplen>]
[-u, --user <user>] <interface> <filter>
Parameters:
<interface>
Interface on which to start packet capture; use 'all' to

specify all interfaces
<filter>
Packet-matching filter
Options:
-x, --file <file>
Specify the file that should be written on the ftp server
-f, --ftpserver <ftpserver>
Specify the ftp server that the file should be outputted to
Specify the password that should be used to connect to

the ftp server
-s, --snaplen <snaplen>
Maximum length of packet to capture
-u, --user <user>
Specify the user that should be used to connect to the ftp

server
net util tcpdump status

Purpose:
Show status of packet capture
Usage:
net util tcpdump status <interface>
Parameters:
<interface>
Interface on which to check status; use 'all' to specify all

interfaces
net util tcpdump stop

Purpose:
Stop packet capture
Usage:
net util tcpdump stop <interface>
Parameters:
<interface>
Interface on which to stop packet capture; use 'all' to

specify all interfaces
Page 37 of 144
6 KEYMAN COMMANDS
keyman cryptainerkeys...
Cryptainer key management commands
keyman domainkeys list
List Domain Keys
keyman expirekeys
Check keys for expiration
keyman lkmkeys...
LKM key management commands
keyman masterkeys
Query Master Keys
keyman purgekeys...
Key purge management commands
keyman set
Set attributes of keys
keyman domainkeys list

Purpose:
List Domain Keys
Usage:
keyman domainkeys list [-d, --dk-id <dk-id>] [-n, --limit <limit>]

[-o, --offset <offset>]
Options:
-d, --dk-id <dk-id>
Domain Key ID
-n, --limit <limit>
keyman expirekeys
Purpose:
Check keys for expiration
Usage:
keyman expirekeys [-c, --coordinator]
Options:
-c, --coordinator
Run this command only if the local node is cluster

coordinator
Page 38 of 144
keyman masterkeys
Purpose:
Query Master Keys
Usage:
keyman masterkeys [-g, --generation <generation>] [-n, --limit

<limit>] [-m, --mk-id <mk-id>] [-o, --offset <offset>]
Options:
-g, --generation <generation>
Master Key generation
-n, --limit <limit>
-m, --mk-id <mk-id>
Master Key ID
keyman set
Purpose:
Set attributes of keys
Usage:
keyman set [-k, --ck-id <ck-id>] [-e, --expiration date <expiration

date>] [-n, --limit <limit>] [-o, --offset <offset>] [-r, --read-only
date <read-only date>]
Options:
-k, --ck-id <ck-id>
Cryptainer Key ID
-e, --expiration date <expiration date>
Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD

[hh:mm:ss]' or 'now'
-n, --limit <limit>
-r, --read-only date <read-only date>
Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD

6.1 keyman cryptainerkeys commands

keyman cryptainerkeys generate +
Generate Cryptainer Keys
keyman cryptainerkeys list
List Cryptainer Keys
keyman cryptainerkeys rename +
Assign a new name to an existing Cryptainer Key
Page 39 of 144
keyman cryptainerkeys generate

Purpose:
Generate Cryptainer Keys
Usage:
keyman cryptainerkeys generate [-x, --exportable <exportable>] [-i,

--index <index>] [-n, --name <name>] <no-of-keys>
Parameters:
<no-of-keys>
No of keys to generate
Options:
-x, --exportable <exportable>
This option is no longer supported. All keys are exportable
-i, --index <index>
Index for keys to be used as suffix
-n, --name <name>
Prefix for keys name
keyman cryptainerkeys list

Purpose:
List Cryptainer Keys
Usage:
keyman cryptainerkeys list [-k, --ck-id <ck-id>] [--expired] [-n, -limit <limit>] [-o, --offset <offset>] [--readonly]
Options:
-k, --ck-id <ck-id>
Cryptainer Key ID
--expired
List keys in expired state
-n, --limit <limit>
--readonly
List keys in read-only state
keyman cryptainerkeys rename

Purpose:
Assign a new name to an existing Cryptainer Key
Usage:
keyman cryptainerkeys rename <ck-id> <new-name>
Parameters:
<ck-id>
ID of the Cryptainer Key to be renamed
<new-name>
New name to be associated with this Cryptainer Key
Page 40 of 144
6.2 keyman lkmkeys commands

keyman lkmkeys backup
Back up Cryptainer Keys to LKM server
keyman lkmkeys import
Import Cryptainer Keys from LKM server
keyman lkmkeys list
Display Cryptainer Keys from LKM server

Purpose:
Back up Cryptainer Keys to LKM server
Usage:
keyman lkmkeys import

Purpose:
Import Cryptainer Keys from LKM server
Usage:
keyman lkmkeys import [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>]

[-n, --iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name
<iscsi-tgt-name>] [-s, --lower-limit-timestamp <lower-limittimestamp>] [-l, --lun <lun>] [--media-label <media-label>] [--poollabel <pool-label>] [-p, --port-wwn <port-wwn>] [-f, --upper-limittimestamp <upper-limit-timestamp>]
Options:
-k, --ck-id <ck-id>
Cryptainer Key ID
-d, --dk-id <dk-id>
Domain Key ID
-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name
-n, --iscsi-tgt-name <iscsi-tgt-name>
iSCSI Target Name
-s, --lower-limit-timestamp <lower-limit- Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD
timestamp>
-l, --lun <lun>
Logical Unit Number
Media Label (SAN)
Pool Label (SAN)
-p, --port-wwn <port-wwn>

-f, --upper-limit-timestamp <upper-limit- Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD
timestamp>
Page 41 of 144
keyman lkmkeys list

Purpose:
Display Cryptainer Keys from LKM server
Usage:
keyman lkmkeys list [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>] [-n,
--iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name <iscsitgt-name>] [-s, --lower-limit-timestamp <lower-limit-timestamp>] [-l,
--lun <lun>] [--media-label <media-label>] [--pool-label <poollabel>] [-p, --port-wwn <port-wwn>] [-v, --server <server>] [-f, -upper-limit-timestamp <upper-limit-timestamp>]
Options:
-k, --ck-id <ck-id>
Cryptainer Key ID
-d, --dk-id <dk-id>
Domain Key ID
-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name

-n, --iscsi-tgt-name <iscsi-tgt-name>
iSCSI Target Name
-s, --lower-limit-timestamp <lower-limit- Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD
timestamp>
-l, --lun <lun>
Logical Unit Number
Media Label (SAN)
Pool Label (SAN)
-p, --port-wwn <port-wwn>
-v, --server <server>
Server IP (default first available)

-f, --upper-limit-timestamp <upper-limit- Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD
timestamp>
6.3 keyman purgekeys commands

keyman purgekeys accelerate
Speedup rate of purging unused Cryptainer and Master

Keys
keyman purgekeys start
Start purging unused Cryptainer and Master Keys
keyman purgekeys status
Display the number of keys remaining to be purged
keyman purgekeys stop
Stop purging unused Cryptainer and Master Keys
Page 42 of 144

Purpose:
Speedup rate of purging unused Cryptainer and Master Keys
Usage:
keyman purgekeys start

Purpose:
Start purging unused Cryptainer and Master Keys
Usage:
keyman purgekeys start [-a, --age <age>] [-k, --ck-id <ck-id>] [-r,
--remove-tape-history]
Options:
-a, --age <age>
Age in days
-k, --ck-id <ck-id>
Cryptainer Key ID
-r, --remove-tape-history
purge old tape key references too

Purpose:
Display the number of keys remaining to be purged
Usage:

Purpose:
Stop purging unused Cryptainer and Master Keys
Usage:
Page 43 of 144
7 CLI COMMANDS
cli complete
Command line completion
cli cshelp...
CLI context-sensitive help commands
cli documentation
Print CLI documentation
cli format +
Change CLI display format
cli pager +
Turn on/off screenful CLI output display pager
cli complete
Purpose:
Command line completion
Usage:
cli complete
cli documentati on
Purpose:
Print CLI documentation
Usage:
cli documentation [-n, --name-only]
Options:
-n, --name-only
Output command names only
cli format
Purpose:
Change CLI display format
Usage:
cli format <format>
Parameters:
<format>
Set CLI display format <default|text/gui|text/xml>
Page 44 of 144
cli pager
Purpose:
Turn on/off screenful CLI output display pager
Usage:
cli pager <on|off>
Parameters:
<on|off>
Turn screenful pager on or off
7.1 cli cshelp commands

cli cshelp disable
Disable CLI context-sensitive help '?' key binding
cli cshelp enable
Enable CLI context-sensitive help '?' key binding
cli cshelp find
Find CLI context-sensitive help
cli cshelp disable

Purpose:
Disable CLI context-sensitive help '?' key binding
Usage:
cli cshelp disable
cli cshelp enable

Purpose:
Enable CLI context-sensitive help '?' key binding
Usage:
cli cshelp enable
cli cshelp find

Purpose:
Find CLI context-sensitive help
Usage:
cli cshelp find
Page 45 of 144
8 ACTIVE -ROLE COMMANDS
active-role add +
Activate an authorized role
active-role list
List active roles
active-role remove +
Remove an active role
active- role add

Purpose:
Activate an authorized role
Usage:
active-role add <active-role>
Parameters:
<active-role>
Authorized role to activate
active- role list

Purpose:
List active roles
Usage:
active-role list
active- role remove

Purpose:
Remove an active role
Usage:
active-role remove <active-role>
Parameters:
<active-role>
Active role to remove
Page 46 of 144
9 DOMAIN
COMMANDS
domain add +
Add a domain
domain controller discover +
Discover the domain controllers of a given domain
domain group list +
List groups in the domain
domain hash import +
Start a background process to import the password

hashes
domain list
List domains
domain migrate +
Move all users and groups in a domain to another domain
domain remove +
Remove a domain
domain set +
Set domain settings
domain user list +
List users in the domain
domain validate +
Validate domain access
Page 47 of 144
domain add
Purpose:
Add a domain
Usage:
domain add [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm

<krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldapschema>] [--netbios <netbios>] [-p, --password <password>] [--searchdn-list <search-dn-list>] [--server <server>] [-u, --username
<username>] <name> <type> <subtype>
Parameters:
<name>
Domain name
<type>
<cifs|nfs>
<subtype>
<local|windows|nis|ldap|userless>
Options:
--auto-import <auto-import>
Auto import user password hashes
--kdc <kdc>
Kerberos Key Distribution Center (multiple commadelimited KDC's can be specified)
--krb-realm <krb-realm>
Kerberos Realm
--ldap-bind-dn <ldap-bind-dn>
Location in LDAP directory of the domain access user
--ldap-schema <ldap-schema>
LDAP server schema
--netbios <netbios>
NetBIOS name of domain
domain access user or Unix domain root user password
--search-dn-list <search-dn-list>
Custom list of search DNs to use when querying Windows

DCs for user and group listings (e.g.
OU=dept1&OU=dept2)
--server <server>
Server name
domain access user or Unix domain root user name
domain controller discover

Purpose:
Discover the domain controllers of a given domain
Usage:
domain controller discover [--netbios <netbios>] <name>
Parameters:
<name>
Domain name
Options:
--netbios <netbios>
Domain's NetBIOS name
Page 48 of 144
domain group list

Purpose:
List groups in the domain
Usage:
domain group list [-g, --group <group>] [-n, --num-of-groups <num-ofgroups>] <domain>
Parameters:
<domain>
Name of domain
Options:
-g, --group <group>
Wildcard group name string
-n, --num-of-groups <num-of-groups>
Max number of results expected, default is 10; if you want

all results, set to 0.
domain hash import

Purpose:
Start a background process to import the password hashes
Usage:
domain hash import [-p, --password <password>] [-u, --user <user>]

<domain>
Parameters:
<domain>
Name of domain
Options:
password
-u, --user <user>
User name
domain list
Purpose:
List domains
Usage:
domain list [-n, --limit <limit>] [--name <name>] [--netbios

<netbios>] [-o, --offset <offset>] [--server <server>] [--type
<type>]
Options:
-n, --limit <limit>
--name <name>
Domain name
--netbios <netbios>
--server <server>
Server name
--type <type>
<cifs|nfs>
Page 49 of 144
domain migrate
Purpose:
Move all users and groups in a domain to another domain
Usage:
domain migrate <source-domain> <dest-domain>
Parameters:
<source-domain>
Name of source domain
<dest-domain>
Name of destination domain
domain remove
Purpose:
Remove a domain
Usage:
domain remove [-f, --forced] <domain name>
Parameters:
<domain name>
Name of domain
Options:
-f, --forced
Remove all users and groups in the domain along with the
domain
Page 50 of 144
domain set
Purpose:
Set domain settings
Usage:
domain set [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm

<krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldapschema>] [--netbios <netbios>] [-p, --password <password>] [--searchdn-list <search-dn-list>] [--server <server>] [-u, --username
<username>] <domain name>
Parameters:
<domain name>
Name of domain
Options:
--auto-import <auto-import>
Auto import user password hashes
--kdc <kdc>
Kerberos Key Distribution Center
Kerberos Realm
--ldap-bind-dn <ldap-bind-dn>
Location in LDAP directory of the domain access user
--ldap-schema <ldap-schema>
LDAP server schema
--netbios <netbios>
domain access user or Unix domain root user password
--search-dn-list <search-dn-list>
Custom list of search DNs to use when querying Windows

DCs for user and group listings
--server <server>
Server name
domain access user or Unix domain root user name
domain user list

Purpose:
List users in the domain
Usage:
domain user list [-n, --num-of-users <num-of-users>] [-u, --user

<user>] <domain>
Parameters:
<domain>
Name of domain
Options:
-n, --num-of-users <num-of-users>
Max number of results expected, default is 10; if you want

all results, set to 0.
-u, --user <user>
Wildcard user name string
Page 51 of 144
domain validate
Purpose:
Validate domain access
Usage:
domain validate <name>
Parameters:
<name>
Domain name
Page 52 of 144
10 GROUP COMMANDS
group add +
Add a group
group domain discover +
Discover & display all groups & members in Windows

domain
group group...
Nested group membership commands
group list
List groups
group remove +
Remove a group
group review
Check whether group review is needed
group role...
Group role commands
group add
Purpose:
Add a group
Usage:
group add <group>
Parameters:
<group>
groupname@domain (Wrap with double quotes if it

contains a space: e.g., "My Group")
group domain discover

Purpose:
Discover & display all groups & members in Windows domain
Usage:
group domain discover <domain>
Parameters:
<domain>
Name of domain
Page 53 of 144
group list
Purpose:
List groups
Usage:
group list [-c, --count-only] [--domain <domain>] [--domain-type

<domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [-name <name>] [-o, --offset <offset>] [--sid <sid>]
Options:
-c, --count-only
Display the total count only
--domain <domain>
Domain
--domain-type <domain-type>
<cifs|nfs>
--flags <flags>
Group flags: system,role,primary,comers,everyone,admin
--icase
Use case-insensitive search for group name
-n, --limit <limit>
--name <name>
Group name
--sid <sid>
Windows security id
group remove
Purpose:
Remove a group
Usage:
group remove <group>
Parameters:
<group>
groupname[@domain] (Wrap with double quotes if it

group review
Purpose:
Check whether group review is needed
Usage:
group review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
-v, --verbose
Show more detail
Page 54 of 144
10.1 group group commands

group group list
List nested group memberships
group group parentlist
List parent groups of nested group memberships
group group list

Purpose:
List nested group memberships
Usage:
group group list [--domain <domain>] [--domain-type <domain-type>]

[--flags <flags>] [--group <group>] [--group-domain <group-domain>]
[--group-domain-type <group-domain-type>] [--icase] [-n, --limit
<limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain>
Child group/role domain
Child group/role domain type (<cifs|nfs>)
--flags <flags>
Parent group/role flags system,role,primary,comers,everyone,admin
--group <group>
Parent group/role name
--group-domain <group-domain>
Parent group/role domain
--group-domain-type <group-domain-type>
Parent group/role domain (<cifs|nfs>)
--icase
-n, --limit <limit>
--name <name>
Child group/role name
--uflags <uflags>
Group membership flags - comers,normal
Page 55 of 144
group group parentlist

Purpose:
List parent groups of nested group memberships
Usage:
group group parentlist [--domain <domain>] [--domain-type <domaintype>] [--flags <flags>] [--group <group>] [--group-domain <groupdomain>] [--group-domain-type <group-domain-type>] [--icase] [-n, -limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags
<uflags>]
Options:
--domain <domain>
--flags <flags>
--group <group>
--icase
-n, --limit <limit>
--name <name>
--uflags <uflags>
10.2 group role commands

group role grant +
Grant a role to a group
group role revoke +
Revoke a role from a group
group role grant

Purpose:
Grant a role to a group
Usage:
group role grant <role> <group>
Parameters:
<role>
Role: groupname[@domain] (Wrap with double quotes if it

<group>
Group: groupname[@domain] (Wrap with double quotes if

it contains a space: e.g., "My Group")
Page 56 of 144
group role revoke

Purpose:
Revoke a role from a group
Usage:
group role revoke <role> <group>
Parameters:
<role>
Role: groupname[@domain] (Wrap with double quotes if it

<group>
Group: groupname[@domain] (Wrap with double quotes if

it contains a space: e.g., "My Group")
Page 57 of 144
11 ROLE COMMANDS
role list
List roles
role path list
List role hierarchy
role list
Purpose:
List roles
Usage:
role list [-c, --count-only] [--domain <domain>] [--domain-type

<domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [-name <name>] [-o, --offset <offset>] [--sid <sid>]
Options:
-c, --count-only
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
Group flags: system,role,primary,comers,everyone,admin
--icase
-n, --limit <limit>
--name <name>
Group name
--sid <sid>
Windows security id
Page 58 of 144
role path list

Purpose:
List role hierarchy
Usage:
role path list [--domain <domain>] [--domain-type <domain-type>] [-flags <flags>] [--group <group>] [--group-domain <group-domain>] [-group-domain-type <group-domain-type>] [--icase] [-n, --limit
<limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain>
--flags <flags>
--group <group>
--icase
-n, --limit <limit>
--name <name>
--uflags <uflags>
Page 59 of 144
12 USER COMMANDS
user add +
Add a user account
user cifs...
User CIFS commands
user comers...
User new comers commands
user group...
Group membership (non-nested) commands
user home...
User home directory commands
user list
List all users in database
user remove +
Remove a user from the database
user role...
User role commands
user set +
Set user settings
user token dump +
Dump token info
user add
Purpose:
Add a user account
Usage:
user add [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--domain <domain>]

[--fullname <fullname>] [--icase] [--id <id>] [--local] [--localcert
<localcert>] [--localid <localid>] [--password <password>] <group>
<username>
Parameters:
<group>
Group/role name
<username>
User login name
Options:
--dcrcert <dcrcert>
Pre-assigned certificate
--dcrid <dcrid>
Pre-assigned ID
--domain <domain>
Domain
--fullname <fullname>
Full name
--icase
Username is case insensitive
--id <id>
[<Unix id>,<group id>]
--local
Dont replicate administrators in a cluster
--localcert <localcert>
Local certificate
--localid <localid>
Local ID
--password <password>
User password
Page 60 of 144
user list
Purpose:
List all users in database
Usage:
user list [-c, --count-only] [--domain <domain>] [--domain-type

<domain-type>] [--fullname <fullname>] [--gid <gid>] [--icase] [--id
<id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>]
[--sid <sid>]
Options:
-c, --count-only
--domain <domain>
Domain
<cifs|nfs>
Full name
--gid <gid>
Unix group id
--icase
Use case-insensitive search for user name
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--sid <sid>
Windows security id
user remove
Purpose:
Remove a user from the database
Usage:
user remove [--icase] [--id <id>] <user>
Parameters:
<user>
username[@domain]
Options:
--icase
Username is case insensitive
--id <id>
Unix id
Page 61 of 144
user set
Purpose:
Set user settings
Usage:
user set [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--fullname

<fullname>] [--id <id>] [--localcert <localcert>] [--localid
<localid>] [--newpass <newpass>] [-r, --resetpass] <user>
Parameters:
<user>
username[@domain]
Options:
--dcrcert <dcrcert>
Pre-assigned certificate
--dcrid <dcrid>
Pre-assigned ID
Full name
--id <id>
[<Unix id>,<group id>]
--localcert <localcert>
Local certificate
--localid <localid>
Local ID
--newpass <newpass>
New password for this user
-r, --resetpass
Prompt for new password for this user
user token dump

Purpose:
Dump token info
Usage:
user token dump <user>
Parameters:
<user>
username[@domain]
12.1 user cifs commands

user cifs password...
Commands for operating on or with CIFS passwords
user cifs sid +
Query a domain controller for a user's Windows SID
user cifs validate +
Check that a user can log into a Windows or LDAP domain
Page 62 of 144
user cifs sid

Purpose:
Query a domain controller for a user's Windows SID
Usage:
user cifs sid <user>
Parameters:
<user>
username[@domain]
user cifs validate

Purpose:
Check that a user can log into a Windows or LDAP domain
Usage:
user cifs validate [--domain-name <domain-name>] [--kdc <kdc>] [-krb-realm <krb-realm>] [--server <server>] <domain type> <user name>
<password>
Parameters:
<domain type>
Domain Type (<windows|ldap>)
<user name>
User's name
<password>
User's password
Options:
--domain-name <domain-name>
Name of Windows domain
--kdc <kdc>
Kerberos Key Distribution Center (<ldap> domains only)
Kerberos Realm of user (<ldap> domains only)
--server <server>
Authentication server for domain
12.1.1 user cifs password commands

user cifs password nullify +
Nullify password (also nullifies the DataFort password if

applicable)
user cifs password verify +
Verify the password hashes of a user in the configdb
Page 63 of 144
user cifs password nullify

Purpose:
Nullify password (also nullifies the DataFort password if applicable)
Usage:
user cifs password nullify <user>
Parameters:
<user>
username[@domain]
user cifs password verify

Purpose:
Verify the password hashes of a user in the configdb
Usage:
user cifs password verify [-p, --pword <pword>] [--type <type>]

<user>
Parameters:
<user>
username[@domain]
Options:
-p, --pword <pword>
User password (zero'd hashes if unspecified)
--type <type>
Password type: datafort or file_server (default)
12.2 user comers commands

user comers cancel
Cancel the addition of new users and groups to database
user comers confirm
Confirm the addition of new users and groups to database
Page 64 of 144
user comers cancel

Purpose:
Cancel the addition of new users and groups to database
Usage:
user comers cancel [--domain <domain>] [--domain-type <domain-type>]

[--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n,
--limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags
<uflags>]
Options:
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
Group flags - system,role,primary,comers,everyone,admin
--group <group>
Group/role name
Group/role domain
Group/role domain type (<cifs|nfs>)
--icase
Use case-insensitive search for user/group/role name
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--uflags <uflags>
Page 65 of 144
user comers confirm

Purpose:
Confirm the addition of new users and groups to database
Usage:
user comers confirm [--domain <domain>] [--domain-type <domain-type>]

[--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n,
--limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags
<uflags>]
Options:
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
--group <group>
Group/role name
Group/role domain
--icase
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--uflags <uflags>
12.3 user group commands

user group grant +
Grant a group to a user
user group list
List (non-nested) group memberships
user group parentlist
List parent groups of (non-nested) group memberships
user group revoke +
Revoke a group from a user
Page 66 of 144
user group grant

Purpose:
Grant a group to a user
Usage:
user group grant [--flags <flags>] <group> <user>
Parameters:
<group>
Group/role: groupname[@domain] (Wrap with double

quotes if it contains a space: e.g., "My Group")
<user>
username[@domain]
Options:
--flags <flags>
user group list

Purpose:
List (non-nested) group memberships
Usage:
user group list [-c, --count-only] [--domain <domain>] [--domain-type

<domain-type>] [--flags <flags>] [--group <group>] [--group-domain
<group-domain>] [--group-domain-type <group-domain-type>] [--icase]
[--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset
<offset>] [--uflags <uflags>]
Options:
-c, --count-only
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
--group <group>
Group/role name
Group/role domain
--icase
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--uflags <uflags>
Page 67 of 144
user group parentlist

Purpose:
List parent groups of (non-nested) group memberships
Usage:
user group parentlist [-c, --count-only] [--domain <domain>] [-domain-type <domain-type>] [--flags <flags>] [--group <group>] [-group-domain <group-domain>] [--group-domain-type <group-domaintype>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>]
[-o, --offset <offset>] [--uflags <uflags>]
Options:
-c, --count-only
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
--group <group>
Group/role name
Group/role domain
--icase
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--uflags <uflags>
user group revoke

Purpose:
Revoke a group from a user
Usage:
user group revoke [--flags <flags>] <group> <user>
Parameters:
<group>

<user>
username[@domain]
Options:
--flags <flags>
12.4 user home commands

user home list
List the home directories that have been set
Page 68 of 144
user home remove +
Remove the home directory for a user or all users in a

domain
user home set +
Set the home directory for a user or all users in a domain
user home list

Purpose:
List the home directories that have been set
Usage:
user home list
user home remove

Purpose:
Remove the home directory for a user or all users in a domain
Usage:
user home remove [--vip <vip>] <user or domain>
Parameters:
<user or domain>
[username]@domain (Wrap with double quotes if it

Options:
--vip <vip>
Remove vip home directory rule
user home set

Purpose:
Set the home directory for a user or all users in a domain
Usage:
user home set [--vip] <user or domain> <path>
Parameters:
<user or domain>
[username]@domain (Wrap with double quotes if it

<path>
Full file path: (CIFS): \\<server>\<share>[\<path>] (NFS):

<server>:<export>[/<path>]
Options:
--vip
Set a vip based home directory rule (CIFS only). In the

absence of a User specific rule, A vip bound share
matching the user login name will be used as the user's
home dir. If non exists, access to the vip is denied.
Page 69 of 144
12.5 user role commands

user role grant +
Grant a role to a user
user role list
List user authorized roles
user role revoke +
Revoke a role from a user
user role grant

Purpose:
Grant a role to a user
Usage:
user role grant [--flags <flags>] <group> <user>
Parameters:
<group>

<user>
username[@domain]
Options:
--flags <flags>
Page 70 of 144
user role list

Purpose:
List user authorized roles
Usage:
user role list [-c, --count-only] [--domain <domain>] [--domain-type

<domain-type>] [--flags <flags>] [--group <group>] [--group-domain
<group-domain>] [--group-domain-type <group-domain-type>] [--icase]
[--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset
<offset>] [--uflags <uflags>]
Options:
-c, --count-only
--domain <domain>
Domain
<cifs|nfs>
--flags <flags>
--group <group>
Group/role name
Group/role domain
--icase
--id <id>
Unix id
-n, --limit <limit>
--name <name>
Name
--uflags <uflags>
user role revoke

Purpose:
Revoke a role from a user
Usage:
user role revoke [--flags <flags>] <group> <user>
Parameters:
<group>

<user>
username[@domain]
Options:
--flags <flags>
Page 71 of 144
13 CLUSTER COMMANDS
cluster config...
Cluster configuration commands
cluster disable +
Disable clustering
cluster enable +
Enable clustering
cluster rexec
Execute a CLI command on member DataFort(s)
cluster rsh +
Access the CLI of specified DataFort
cluster state
Get cluster state
cluster status
Check configuration database status
cluster disable
Purpose:
Disable clustering
Usage:
cluster disable <member-ip or name>
Parameters:
<member-ip or name>
Name or IP of member DataFort being disabled in this

cluster
cluster enable
Purpose:
Enable clustering
Usage:
cluster enable <member-ip or name>
Parameters:
<member-ip or name>
Name or IP of member DataFort coming back to the

cluster
Page 72 of 144
cluster rexec
Purpose:
Execute a CLI command on member DataFort(s)
Usage:
cluster rexec [--ip <ip>] [--name <name>]
Options:
--ip <ip>
Member DataFort's IP address. If this option is not

provided and no name is specified
--name <name>
Member DataFort's name. If this option is not provided

and no IP is specified
cluster rsh
Purpose:
Access the CLI of specified DataFort
Usage:
cluster rsh <member-ip or name>
Parameters:
<member-ip or name>
Member DataFort's name or IP address
cluster state
Purpose:
Get cluster state
Usage:
cluster state
cluster status
Purpose:
Check configuration database status
Usage:
cluster status
13.1 cluster config commands

cluster config ipsec...
IPsec commands
cluster config member...
Member commands
cluster config name +
Set the cluster's name
cluster config potentialmember...
Potential cluster member commands
cluster config pull +
Copy a configuration database from a member DataFort
cluster config remote list +
List the remote member's table
Page 73 of 144
cluster config route...
Member route commands
cluster config set-local
Set cluster properties of this DataFort
cluster config name

Purpose:
Set the cluster's name
Usage:
cluster config name <name>
Parameters:
<name>
Cluster's name
cluster config pull

Purpose:
Copy a configuration database from a member DataFort
Usage:
cluster config pull [-r, --rebuild] <member-ip>
Parameters:
<member-ip>
Cluster member's name or IP address
Options:
-r, --rebuild
Rebuild all tables from scratch
cluster config remote list

Purpose:
List the remote member's table
Usage:
cluster config remote list [-p, --potential] <remote-ip>
Parameters:
<remote-ip>
Remote DataFort's IP address
Options:
-p, --potential
List remote member's potential table. Without the option

lists cluster table.
Page 74 of 144
cluster config set-local

Purpose:
Set cluster properties of this DataFort
Usage:
cluster config set-local [--coord <coord>] [--ip <ip>] [--member-id

<member-id>] [--name <name>]
Options:
--coord <coord>
Can be coordinator?
--ip <ip>
This DataFort's IP address
--member-id <member-id>
This DataFort's member ID
--name <name>
This DataFort's name
13.1.1 cluster config ipsec commands

cluster config ipsec dumpsad
Dump the Security Association Database (SAD) entries
cluster config ipsec dumpspd
Dump the Security Policy Database (SPD) entries
cluster config ipsec flushsad
Flush the Security Association Database (SAD) entries
cluster config ipsec restart
Restart IPsec daemon
cluster config ipsec secret
Set shared secret for IPsec traffic between DataFort

appliances
Page 75 of 144

Purpose:
Dump the Security Association Database (SAD) entries
Usage:

Purpose:
Dump the Security Policy Database (SPD) entries
Usage:

Purpose:
Flush the Security Association Database (SAD) entries
Usage:
cluster config ipsec resta rt

Purpose:
Restart IPsec daemon
Usage:
cluster config ipsec restart
cluster config ipsec secret

Purpose:
Set shared secret for IPsec traffic between DataFort appliances
Usage:
cluster config ipsec secret [-s, --secret <secret>]
Options:
IPsec secret string
13.1.2 cluster config member commands

cluster config member count
Show number of member DataFort appliances
cluster config member list
List cluster member DataFort appliances
cluster config member remove +
Remove a cluster member DataFort
cluster config member rmall
Remove all cluster members
cluster config member set +
Change cluster member attributes
Page 76 of 144

Purpose:
Show number of member DataFort appliances
Usage:
cluster config member list

Purpose:
List cluster member DataFort appliances
Usage:
cluster config member list [-c, --count] [-n, --limit <limit>] [-member-id <member-id>] [--member-ip <member-ip>] [-o, --offset
<offset>]
Options:
-c, --count
Show only current number of members
-n, --limit <limit>
Member DataFort's member ID
--member-ip <member-ip>
Member DataFort's IP address
cluster config member remove

Purpose:
Remove a cluster member DataFort
Usage:
cluster config member remove <member-ip>
Parameters:
<member-ip>
Cluster member's name or IP address
Page 77 of 144

Purpose:
Remove all cluster members
Usage:
cluster config member set

Purpose:
Change cluster member attributes
Usage:
cluster config member set [--coord <coord>] [--ip <ip>] [--txid

<txid>] <old-member-ip>
Parameters:
<old-member-ip>
Member's IP address
Options:
--coord <coord>
Can be coordinator?
--ip <ip>
Member DataFort's IP new address
--txid <txid>
Last txid known to local member on this member's line
13.1.3 cluster config potentialmember comman ds

cluster config potentialmember add +
Add a new potential member
cluster config potentialmember

authenticate +
cluster config potentialmember commit
Authenticate a new potential member
cluster config potentialmember getmaster
Get the IP address of the potential master member
cluster config potentialmember list
List potential cluster members
cluster config potentialmember review
Check whether potential cluster members are waiting
cluster config potentialmember rmall
Remove all unconfirmed potential members from cluster

group
cluster config potentialmember set +
Change potential member attributes
cluster config potentialmember status
Show potential cluster members status
Ask the master for the global domain key and join the
cluster
Page 78 of 144
cluster config potentialmembe r add

Purpose:
Add a new potential member
Usage:
cluster config potentialmember add [-m, --master] [-n, --name <name>]

[-s, --slave] <member-ip>
Parameters:
<member-ip>
Potential member's IP address
Options:
-m, --master
Potential member is already in the cluster
-n, --name <name>
Potential member's name
-s, --slave
Member should not be a coordinator
cluster config potentialmembe r authenticate

Purpose:
Authenticate a new potential member
Usage:
cluster config potentialmember authenticate [-i, --initial] <memberip>
Parameters:
<member-ip>
Cluster member's IP address
Options:
-i, --initial
Authenticate using the initial cluster token
Page 79 of 144
cluster config potentialmembe r commit

Purpose:
Ask the master for the global domain key and join the cluster
Usage:
cluster config potentialmember commit
cluster config potentialmembe r getmaste r

Purpose:
Get the IP address of the potential master member
Usage:
cluster config potentialmember getmaster
cluster config potentialmembe r list

Purpose:
List potential cluster members
Usage:
cluster config potentialmember list [-c, --count] [-n, --limit

<limit>] [--member-id <member-id>] [--member-ip <member-ip>] [-o, -offset <offset>]
Options:
-c, --count
Show only current number of members
-n, --limit <limit>
Member DataFort's member ID
--member-ip <member-ip>
Member DataFort's IP address
cluster config potentialmembe r review

Purpose:
Check whether potential cluster members are waiting
Usage:
cluster config potentialmember review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
-v, --verbose
Show more detail
Page 80 of 144
cluster config potentialmembe r rmall

Purpose:
Remove all unconfirmed potential members from cluster group
Usage:
cluster config potentialmember rmall
cluster config potentialmembe r set

Purpose:
Change potential member attributes
Usage:
cluster config potentialmember set [--coord <coord>] [--ip <ip>] [-name <name>] <old-member-ip>
Parameters:
<old-member-ip>
Member's IP address
Options:
--coord <coord>
Can be coordinator?
--ip <ip>
Potential member DataFort's new IP address
--name <name>
Potential member's new name
cluster config potentialmembe r status

Purpose:
Show potential cluster members status
Usage:
cluster config potentialmember status
13.1.4 cluster config route comman ds

cluster config route add +
Add a route to a cluster member
cluster config route heartbeat...
Route heartbeat commands
cluster config route list
Display the routes to cluster members
cluster config route remove +
Remove a route to a cluster member
cluster config route rmall
Remove routes to all cluster members
Page 81 of 144
cluster config route add

Purpose:
Add a route to a cluster member
Usage:
cluster config route add [-p, --peer <peer>] [-s, --source <source>]
[-t, --timeout <timeout>] <member-ip>
Parameters:
<member-ip>
Options:
-p, --peer <peer>
Peer IP address
-s, --source <source>
Source IP address
-t, --timeout <timeout>
Connection establishment timeout seconds.

Purpose:
Display the routes to cluster members
Usage:
cluster config route remove

Purpose:
Remove a route to a cluster member
Usage:
cluster config route remove <member-ip>
Parameters:
<member-ip>

Purpose:
Remove routes to all cluster members
Usage:
13.1.4.1 cluster config route heartbeat commands

cluster config route heartbeat disable
Dont maintain a route heartbeat and keep alive for all

open routes
Page 82 of 144
cluster config route heartbeat enable
Maintain a route heartbeat and keep alive for all open

routes

Purpose:
Dont maintain a route heartbeat and keep alive for all open routes
Usage:

Purpose:
Maintain a route heartbeat and keep alive for all open routes
Usage:
Page 83 of 144
14 DB COMMANDS
db begin
Begin a transaction
db commit
Commit the current transaction
db connect
Connect to configuration database
db export
Export the configuration database as compressed XML file
db import
Import the configuration database
db index...
Indexing administration commands
db record +
Get a configuration database record
db recover
Recover a config database through the Recovery Wizard
db rollback
Rollback the current transaction
db save
Checkpoint database and save changes to disk
db select
Perform a database query
db size
Display database available space
db status
Display configuration database status
db trx...
Transaction administration commands
db xlog...
Transaction log administration commands
db begin
Purpose:
Begin a transaction
Usage:
db begin [-p, --priority <priority>]
Options:
-p, --priority <priority>
Transaction priority: <system | user>
Page 84 of 144
db commit
Purpose:
Commit the current transaction
Usage:
db commit
db connect
Purpose:
Connect to configuration database
Usage:
db connect [-f, --force-reconnect]
Options:
-f, --force-reconnect
Forcibly disconnect and reconnect to configuration

Database
db export
Purpose:
Export the configuration database as compressed XML file
Usage:
db export [-f, --ftp-dir <ftp-dir>] [-l, --lkm] [-p, --password

<password>] [-x, --purge] [-u, --username <username>]
Options:
-f, --ftp-dir <ftp-dir>
Export to FTP server as compressed XML file

<ftp://[user:pass@]host[:port]/path>
-l, --lkm
Export to Lifetime Key Management server
-x, --purge
Purge unused Cryptainer Keys after export is complete
Page 85 of 144
db import
Purpose:
Import the configuration database
Usage:
db import [-v, --dbversion <dbversion>] [-f, --ftp <ftp>] [-p, -password <password>] [-u, --username <username>] [-w, --webfile
<webfile>]
Options:
-v, --dbversion <dbversion>
Currently valid choices for <dbversion> are:
-f, --ftp <ftp>
Download compressed XML configdb from FTP server

<ftp://[user:pass@]host[:port]/path_to_configdb>
Name of compressed XML configdb file uploaded to web

server
db record
Purpose:
Get a configuration database record
Usage:
db record <rid>
Parameters:
<rid>
Record id: 0x[64-bit hex]
db recover
Purpose:
Recover a config database through the Recovery Wizard
Usage:
db recover [-p, --password <password>] [-u, --username <username>]
Options:
Page 86 of 144
db rollback
Purpose:
Rollback the current transaction
Usage:
db rollback
db save
Purpose:
Checkpoint database and save changes to disk
Usage:
db save
db select
Purpose:
Perform a database query
Usage:
db select [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit>
db size
Purpose:
Display database available space
Usage:
db size [-s, --summary] [-t, --tables]
Options:
-s, --summary
Shows free space only
-t, --tables
Shows table information
db status
Purpose:
Display configuration database status
Usage:
db status [-v, --verbose]
Options:
-v, --verbose
Show more detail
Page 87 of 144
14.1 db index commands

db index list
List all database indexes
db index test
Test database index integrity
db index list
Purpose:
List all database indexes
Usage:
db index list
db index test
Purpose:
Test database index integrity
Usage:
db index test
14.2 db trx commands

db trx kill +
Kill (rollback) a transaction
db trx list
List transactions
db trx kill
Purpose:
Kill (rollback) a transaction
Usage:
db trx kill <txid>
Parameters:
<txid>
Txid (0x[64-bit hex]) of trx to be killed
Page 88 of 144
db trx list
Purpose:
List transactions
Usage:
db trx list
14.3 db xlog commands

db xlog list
Query transaction redo log records
db xlog test
Test transaction redo log
db xlog list
Purpose:
Query transaction redo log records
Usage:
db xlog list [-a, --action <action>] [-d, --detail] [-n, --limit

<limit>] [-o, --offset <offset>] [-i, --rid <rid>] [-x, --txid
<txid>]
Options:
-a, --action <action>
Xlog action: <start | insert | update | delete | p2commit

| ready | dont_commit | commit | abort | chkpt>
-d, --detail
Show extra record details - record id and tablename
-n, --limit <limit>
-i, --rid <rid>
Record id: 0x[64-bit hex]
-x, --txid <txid>
Transaction id 0x[64-bit hex]
db xlog test
Purpose:
Test transaction redo log
Usage:
db xlog test
Page 89 of 144
15 SYSTEM COMMANDS
system agreement...
Agreement commands
system allproperties globalize
Globalize all properties which can be globalized
system banner
Banner commands
system certificate...
Certificate commands
system check
Perform basic system checks
system crypto...
Crypto commands
system date...
Date commands
system finalize
Finalize the system
system httpd...
HTTPD commands
system license...
License commands
system log...
System log commands
system lproperty get
Get long property
system ntpd restart
Restart NTP daemon
system property...
Property commands
system raid...
Raid commands
system reboot
Reboot the system
system revert
Revert system to snapshot image
system selftest
Perform system selftest
system sensors
Display system sensors
system serial
Display Appliance serial number
system shutdown
Shutdown the system
system snmp restart
Restart the SNMP agent
system sshd restart
Restart the Appliance SSH server
system tamper...
Tamper commands
system timers list
List system timers
system timezone...
Timezone commands
system upgrade
Upgrade the system
system util...
System utilities
system version
Display the version of all system components
system wizard...
Wizard commands
system zeroize
Zeroize all key material and delete configuration database
Page 90 of 144

Purpose:
Globalize all properties which can be globalized
Usage:
system check
Purpose:
Perform basic system checks
Usage:
system check [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
-v, --verbose
Show more detail
system finalize
Purpose:
Finalize the system
Usage:
system finalize
system lproperty get

Purpose:
Get long property
Usage:
system lproperty get [-d, --detail] [-n, --limit <limit>] [-k, --name
<name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value
<value>]
Options:
-d, --detail
Show more detail
-n, --limit <limit>
-k, --name <name>
Query properties by name
-r, --role <role>
Evaluate permissions for specified role
-v, --value <value>
Query properties by value
Page 91 of 144
system ntpd restart

Purpose:
Restart NTP daemon
Usage:
system ntpd restart
system reboot
Purpose:
Reboot the system
Usage:
system reboot [-p]
Options:
-p
Power cycle Appliance
system revert
Purpose:
Revert system to snapshot image
Usage:
system revert [-k, --keep_ip] [--verbose]
Options:
-k, --keep_ip
use saved IP in case configdb value is not set
--verbose
Print a more verbose set of messages to the screen
system selftest
Purpose:
Perform system selftest
Usage:
system selftest [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet
-v, --verbose
Show more detail
Page 92 of 144
system sensors
Purpose:
Display system sensors
Usage:
system sensors
system serial
Purpose:
Display Appliance serial number
Usage:
system serial
system shutdown
Purpose:
Shutdown the system
Usage:
system shutdown
system snmp restart

Purpose:
Restart the SNMP agent
Usage:
system snmp restart
system sshd restart

Purpose:
Restart the Appliance SSH server
Usage:
system sshd restart
system timers list

Purpose:
List system timers
Usage:
system timers list
system upgrade
Purpose:
Upgrade the system
Page 93 of 144
Usage:
system upgrade [-k, --keep_ip] [--keep_journal] [--keep_key_db] [-keep_remote_cdbs] [-n, --no_snapshot] [-r, --partial] [-p, --password
<password>] [-u, --username <username>] [--verbose] [-v, --verify]
[-z, --zeroize]
Options:
-k, --keep_ip
Allow the upgrade process to keep old admin IP info
--keep_journal
--keep_key_db
--keep_remote_cdbs
-n, --no_snapshot
Do not create a snapshot with the upgrade
-r, --partial
Allow the upgrade process to do a partial zeroization
--verbose
Print a more verbose set of messages to the screen
-v, --verify
Only compute and display a verification hash of package
-z, --zeroize
Allow the upgrade process to zeroize the box
system version
Purpose:
Display the version of all system components
Usage:
system version [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card>
Index number of the specific crypto-card in this Appliance

to which this command should apply
system zeroize
Purpose:
Zeroize all key material and delete configuration database
Usage:
system zeroize [-k, --keep_ip] [--keep_journal] [--keep_key_db] [-p,

--keep_protected] [--keep_remote_cdbs]
Options:
-k, --keep_ip
Allow the zeroize process to keep old admin IP info
--keep_journal
--keep_key_db
-p, --keep_protected
Allow the zeroize process to keep contents of protected

EEPROM
--keep_remote_cdbs
Page 94 of 144
15.1 system agreement commands

system agreement sign
Sign the license agreement
system agreement view
view the license agreement

Purpose:
Sign the license agreement
Usage:

Purpose:
view the license agreement
Usage:
15.2 system banner commands

system banner postlogin...
Postlogin banner commands
system banner prelogin...
Prelogin banner commands
15.2.1 system banner postlogin commands

system banner postlogin add
Append string to postlogin banner message
system banner postlogin get
Print the postlogin banner message
system banner postlogin set
Initialize postlogin banner message
Page 95 of 144

Purpose:
Append string to postlogin banner message
Usage:

Purpose:
Print the postlogin banner message
Usage:

Purpose:
Initialize postlogin banner message
Usage:
15.2.2 system banner prelogin commands

system banner prelogin add
Append string to prelogin banner message
system banner prelogin get
Print the prelogin banner message
system banner prelogin set
Initialize prelogin banner message
Page 96 of 144

Purpose:
Append string to prelogin banner message
Usage:

Purpose:
Print the prelogin banner message
Usage:

Purpose:
Initialize prelogin banner message
Usage:
15.3 system certificate commands

system certificate get
View the Appliance certificate
system certificate getcert
Get the PEM format certificate
system certificate request...
Certificate request commands
system certificate set +
Set results from the CA as the Appliance certificate
system certificate sign +
Self-sign and set the Appliance certificate
Page 97 of 144

Purpose:
View the Appliance certificate
Usage:
system certificate getcer t

Purpose:
Get the PEM format certificate
Usage:
system certificate getcert [-s, --summary] [-v, --version <version>]
Options:
-s, --summary
Output summary only
-v, --version <version>
Certificate version
system certificate set

Purpose:
Set results from the CA as the Appliance certificate
Usage:
system certificate set [-v, --version <version>] <certificate>
Parameters:
<certificate>
Certificate
Options:
Certificate version
Page 98 of 144
system certificate sign

Purpose:
Self-sign and set the Appliance certificate
Usage:
system certificate sign [-v, --version <version>] <CN> <C> <ST> <L>
<O> <OU> <E>
Parameters:
<CN>
commonName
<C>
countryName
<ST>
stateOrProvinceName
<L>
localityName
<O>
organizationName
<OU>
organizationalUnitName
<E>
emailAddress
Options:
Certificate version
15.3.1 system certificate request comman ds

system certificate request generate +
Generate a certificate request for the CA to sign
system certificate request get
Get the certificate request
Page 99 of 144
system certificate request generate

Purpose:
Generate a certificate request for the CA to sign
Usage:
system certificate request generate [-v, --version <version>] <CN>

<C> <ST> <L> <O> <OU> <E>
Parameters:
<CN>
commonName
<C>
countryName
<ST>
stateOrProvinceName
<L>
localityName
<O>
organizationName
<OU>
organizationalUnitName
<E>
emailAddress
Options:
Certificate version
system certificate request get

Purpose:
Get the certificate request
Usage:
system certificate request get [-v, --version <version>]
Options:
Certificate version
15.4 system crypto commands

system crypto approve...
Approve action by messages signed by recovery cards
system crypto authenticate
Authenticate System Card and SEP
system crypto channel...
Establish secure channel
system crypto ignitionkey...
SEP and System Card Ignition Key commands
system crypto interrupts
Display crypto device interrupt count statistics
system crypto level
Get the crypto level of SEP
system crypto manager
Security manager
system crypto masterkey...
Appliance Master Key commands
system crypto numSEPs
Get the number of SEPs in this Datafort
system crypto protected...
Protected EEPROM
system crypto proxy
Execute System Card commands
Page 100 of 144
system crypto rc...
Recovery Card commands
system crypto rip...
Recovery Information Package Commands
system crypto scstatus
Status of the System Card
system crypto secretshare...
Secret sharing commands
system crypto start
Start the crypto module (set cipher and load Master Key)
system crypto test
Crypto self test
system crypto whitelist...
Manage whitelist entries

Purpose:
Authenticate System Card and SEP
Usage:
system crypto interrup ts

Purpose:
Display crypto device interrupt count statistics
Usage:
system crypto interrupts [-c, --crypto-card <crypto-card>]
Options:
Index number of the specific crypto-card in this DataFort

system crypto level

Purpose:
Get the crypto level of SEP
Usage:
system crypto level [-c, --crypto-card <crypto-card>]
Options:

Page 101 of 144
system crypto manager

Purpose:
Security manager
Usage:
system crypto manager [-a, --authenticate] [-c, --changeaks] [-d, -device <device>] [-g, --genmk] [-h, --help] [-i, --id] [-k, --key
<key>] [-n, --newik] [-r, --rcid] [-s, --seed] [-V, --versionsyscard]
Options:
-a, --authenticate
Authenticate System Card to SEP
-c, --changeaks
Change system card and SEP AKS
-d, --device <device>
Use the specified SEP in the Datafort instead of the

default
-g, --genmk
Generate first encmk
-h, --help
Show help and exit
-i, --id
Get public key and node ID of the SEP
-k, --key <key>
Use specified key as as enc(MK) in start up
-n, --newik
MK must already be loaded to SEP, returns enc(MK)

encrypted w/ new IK
-r, --rcid
Retrieve DRTKN ID
-s, --seed
Send RNG seed to system card
-V, --version-syscard
Get the version of the system card

Purpose:
Get the number of SEPs in this Datafort
Usage:
system crypto proxy

Purpose:
Execute System Card commands
Usage:
system crypto proxy [-r, --reset]
Options:
-r, --reset
Reset System Card
Page 102 of 144

Purpose:
Status of the System Card
Usage:
system crypto start

Purpose:
Start the crypto module (set cipher and load Master Key)
Usage:
system crypto start [-c, --cluster]
Options:
-c, --cluster
start crypto without global domain key
system crypto test

Purpose:
Crypto self test
Usage:
system crypto test [-c, --crypto-card <crypto-card>]
Options:

15.4.1 system crypto approve comman ds

system crypto approve clear +
Clear approve state
system crypto approve message +
Process (possibly part of) signed authorization message
system crypto approve nonce +
Generate a nonce
system crypto approve status
Get status of recovery card-based approval
system crypto approve clear

Purpose:
Clear approve state
Usage:
system crypto approve clear <purpose>
Parameters:
<purpose>
purpose code
Page 103 of 144
system crypto approve message

Purpose:
Process (possibly part of) signed authorization message
Usage:
system crypto approve message <message>
Parameters:
<message>
(possibly part of) signed message
system crypto approve nonce

Purpose:
Generate a nonce
Usage:
system crypto approve nonce <purpose>
Parameters:
<purpose>
purpose code

Purpose:
Get status of recovery card-based approval
Usage:
15.4.2 system crypto chan nel commands

system crypto channel challenge +
Send challenge
system crypto channel response +
Receive response
system crypto channel challenge

Purpose:
Send challenge
Usage:
system crypto channel challenge <id>
Parameters:
<id>
peer device id
Page 104 of 144
system crypto channel response

Purpose:
Receive response
Usage:
system crypto channel response <msg>
Parameters:
<msg>
response message
15.4.3 system crypto ignitionkey commands

system crypto ignitionkey change
Change ignition key value
system crypto ignitionkey ring
Run the ECCDH Blade ring protocol to establish a new

Ignition Key among the SEPs

Purpose:
Change ignition key value
Usage:

Purpose:
Run the ECCDH Blade ring protocol to establish a new Ignition Key among the SEPs
Usage:
15.4.4 system crypto masterkey comman ds

system crypto masterkey create
Generate and save a new master key
system crypto masterkey load
Load a previously saved master key into the SEP
Page 105 of 144
system crypto masterkey create

Purpose:
Generate and save a new master key
Usage:
system crypto masterkey create [--replace]
Options:
--replace
Replace masterkey if it exists
system crypto masterkey load

Purpose:
Load a previously saved master key into the SEP
Usage:
system crypto masterkey load [-c, --crypto-card <crypto-card>]
Options:

15.4.5 system crypto protected comman ds

system crypto protected clearSSL
Clear SSL private key and cert from EEPROM
system crypto protected loadSSL
Load SSL private key and cert from protected EEPROM
system crypto protected saveSSL
Save SSL private key and cert to protected EEPROM

Purpose:
Clear SSL private key and cert from EEPROM
Usage:
system crypto protected loadSSL

Purpose:
Load SSL private key and cert from protected EEPROM
Usage:
system crypto protected loadSSL [-v, --version <version>]
Options:
Certificate version
Page 106 of 144
system crypto protected saveSSL

Purpose:
Save SSL private key and cert to protected EEPROM
Usage:
system crypto protected saveSSL [-v, --version <version>]
Options:
Certificate version
15.4.6 system crypto rc commands

system crypto rc add +
Add a new recovery card to the system
system crypto rc check +
Check if the inserted Recovery Card belongs to this

Appliance
system crypto rc delete
Remove recovery cards from the system
system crypto rc list
List the Recovery Cards in the system
system crypto rc restore
Restore recovery officers from the config DB into the SEP

whitelist during recovery wizard
system crypto rc sync
Synchronize SEP whitelist with config DB
system crypto rc add

Purpose:
Add a new recovery card to the system
Usage:
system crypto rc add [--certblob <certblob>] <label> <domain>

<command> <drtknid>
Parameters:
<label>
Label of the recovery card
<domain>
Domain to which recovery card belongs
<command>
Securely signed and channel encrypted message

containing the RC key
<drtknid>
ID of the Recovery Card
Options:
--certblob <certblob>
certification chain blob
Page 107 of 144
system crypto rc check

Purpose:
Check if the inserted Recovery Card belongs to this Appliance
Usage:
system crypto rc check [--certblob <certblob>] <id>
Parameters:
<id>
ID of the recovery card to check
Options:
optional certificate chain to verify in SW
system crypto rc delete

Purpose:
Remove recovery cards from the system
Usage:
system crypto rc delete [-d, --domain <domain>] [-i, --id <id>] [-l,
--label <label>]
Options:
-d, --domain <domain>
Recovery card domain
-i, --id <id>
Recovery card id
-l, --label <label>
Recovery card label
system crypto rc list

Purpose:
List the Recovery Cards in the system
Usage:
system crypto rc list [-c, --count] [-d, --domain <domain>] [-i, --id
<id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset
<offset>]
Options:
-c, --count
Show current number of Recovery Cards
-d, --domain <domain>
Recovery Card domain
-i, --id <id>
Recovery Card ID
-l, --label <label>
Recovery Card label
-n, --limit <limit>
Page 108 of 144

Purpose:
Restore recovery officers from the config DB into the SEP whitelist during recovery wizard
Usage:

Purpose:
Synchronize SEP whitelist with config DB
Usage:
15.4.7 system crypto rip commands

system crypto rip export
Export an RIP
system crypto rip getcombination
Get the Combination ID given recovery card IDs and key

type being recovered
system crypto rip getshare
Get a secret share given a combination ID and a recovery

card ID
system crypto rip import
Import an RIP
system crypto rip loadshare
Load a share for recovery
system crypto rip rclist
List the recovery cards from currently loaded RIP file
system crypto rip status
Get the status of the currently loaded RIP file
system crypto rip export

Purpose:
Export an RIP
Usage:
system crypto rip export [-f, --ftpPath <ftpPath>] [-p, --password

<password>] [-u, --username <username>]
Options:
-f, --ftpPath <ftpPath>
FTP path for the RIP
password on the FTP server
username on the FTP server
Page 109 of 144

Purpose:
Get the Combination ID given recovery card IDs and key type being recovered
Usage:

Purpose:
Get a secret share given a combination ID and a recovery card ID
Usage:
system crypto rip import

Purpose:
Import an RIP
Usage:
system crypto rip import [-f, --ftpPath <ftpPath>] [-p, --password

<password>] [-u, --username <username>] [-w, --webFile <webFile>]
Options:
-f, --ftpPath <ftpPath>
FTP path for the RIP
password on the FTP server
username on the FTP server
-w, --webFile <webFile>
RIP file uploaded to web server
system crypto rip loadshare

Purpose:
Load a share for recovery
Usage:
system crypto rip loadshare [-f, --first] [-l, --last]
Options:
-f, --first
First share of combination
-l, --last
Last share of combination
Page 110 of 144

Purpose:
List the recovery cards from currently loaded RIP file
Usage:

Purpose:
Get the status of the currently loaded RIP file
Usage:
15.4.8 system crypto secretshare commands

system crypto secretshare authorizeDrtkn
Get a secret shared drtkn authorization token. The

secretsharing is done using the specified recovery cards
system crypto secretshare getclustertoken Get a secret shared cluster token from a remote master
potential member. The secretsharing is done using the
specified recovery cards
system crypto secretshare getcombination Get the Combination ID given recovery card IDs and key
type being recovered
system crypto secretshare getshare +
Get the secret share given the recovery card IDs and
combination ID
system crypto secretshare loadshare +
Load a secret share into the SEP
system crypto secretshare recoverykey
Secret share a recovery policy key and store the shares
system crypto secretshare scheme +
Set the recovery secret sharing scheme for this Appliance
Page 111 of 144
system crypto secretshare authorizeDr tkn

Purpose:
Get a secret shared drtkn authorization token. The secretsharing is done using the specified
recovery cards
Usage:
system crypto secretshare authorizeDrtkn
system crypto secretshare getclustert oken

Purpose:
Get a secret shared cluster token from a remote master potential member. The secretsharing is
done using the specified recovery cards
Usage:
system crypto secretshare getclustertoken
system crypto secretshare getcombination

Purpose:
Get the Combination ID given recovery card IDs and key type being recovered
Usage:
system crypto secretshare getcombination [-c, -cleartext_recoverable] [-r, --recoverable]
Options:
-c, --cleartext_recoverable
secret share for the cleartext recoverable policy key
-r, --recoverable
secret share for the recoverable policy key
system crypto secretshare getshare

Purpose:
Get the secret share given the recovery card IDs and combination ID
Usage:
system crypto secretshare getshare [-c, --cltkn] [-d, --drtkn] [-t,

--trustee] <combnid> <drtknid>
Parameters:
<combnid>
ID of the combination of secret shares
<drtknid>
ID of the required the drtkn whose component is required
Options:
-c, --cltkn
get share for a cluster token
-d, --drtkn
get share for a drtkn authorization
-t, --trustee
get share for a trustee authorization
Page 112 of 144
system crypto secretshare loadshare

Purpose:
Load a secret share into the SEP
Usage:
system crypto secretshare loadshare [-f, --first] [-l, --last]

<command> <drtknid>
Parameters:
<command>
Secure signed and channel encrypted message containing

encrypted share
<drtknid>
ID of the recovery card which encrypted the share
Options:
-f, --first
first share in a combination
-l, --last
last share in a combination
system crypto secretshare recove rykey

Purpose:
Secret share a recovery policy key and store the shares
Usage:
system crypto secretshare recoverykey [-c, --cleartext_recoverable]

[-r, --recoverable]
Options:
-c, --cleartext_recoverable
secret share for the cleartext recoverable policy key
-r, --recoverable
secret share for the recoverable policy key
system crypto secretshare scheme

Purpose:
Set the recovery secret sharing scheme for this Appliance
Usage:
system crypto secretshare scheme <rec_scheme>
Parameters:
<rec_scheme>
Currently valid choices for <recovery scheme> include:
15.4.9 system crypto whitelist commands

system crypto whitelist add +
Add a public key
system crypto whitelist lock
Lock the whitelist
system crypto whitelist query +
query whitelist
Page 113 of 144
system crypto whitelist remove +
Remove a public key
system crypto whitelist add

Purpose:
Add a public key
Usage:
system crypto whitelist add [--certblob <certblob>] <keyblob>
Parameters:
<keyblob>
public key blob
Options:
certificate chain blob

Purpose:
Lock the whitelist
Usage:
system crypto whitelist query

Purpose:
query whitelist
Usage:
system crypto whitelist query <pattern>
Parameters:
<pattern>
search pattern
system crypto whitelist remove

Purpose:
Remove a public key
Usage:
system crypto whitelist remove <pattern>
Parameters:
<pattern>
key removal pattern
Page 114 of 144
15.5 system date commands

system date get
Get system date
system date set
Set system date
system date get

Purpose:
Get system date
Usage:
system date get [-f, --format <format>]
Options:
-f, --format <format>
Date format in Unix 'date' command convention)
system date set

Purpose:
Set system date
Usage:
system date set [-f, --format <format>]
Options:
-f, --format <format>
Date format in Unix 'date' command convention)
15.6 system httpd commands

system httpd getstatus
Return the percentage of the job done and the job type
system httpd restart
Restart the Appliance web server
system httpd setjobtype +
Set the type of the current job
system httpd setstatus +
Set the status of the current job
Page 115 of 144

Purpose:
Return the percentage of the job done and the job type
Usage:

Purpose:
Restart the Appliance web server
Usage:
system httpd setjobtype

Purpose:
Set the type of the current job
Usage:
system httpd setjobtype <type>
Parameters:
<type>
Job type to be set
system httpd setstatus

Purpose:
Set the status of the current job
Usage:
system httpd setstatus <status>
Parameters:
<status>
Status value to be set
15.7 system license commands

system license add +
Add specified license
system license check +
Check if a valid license exists for a feature
system license list
List all licenses
system license remove +
Remove specified license
Page 116 of 144
system license add

Purpose:
Add specified license
Usage:
system license add <license>
Parameters:
<license>
Appliance feature license
system license check

Purpose:
Check if a valid license exists for a feature
Usage:
system license check <feature>
Parameters:
<feature>
Appliance license-enabled feature: <cluster|tape|disk|

ipsec|hash-import|dha|iscsi|dcs|nfs|cifs>
system license list

Purpose:
List all licenses
Usage:
system license list
system license remove

Purpose:
Remove specified license
Usage:
system license remove <license>
Parameters:
<license>
Appliance feature license
15.8 system log commands

system log list
Query Appliance internal system log
system log note +
Allows a administrator to annotate the system log
system log resetconf
Reset log configuration to factory defaults
system log restart
Restart syslog daemon
system log verify +
Verify a signed log message
Page 117 of 144
system log list

Purpose:
Query Appliance internal system log
Usage:
system log list [-b, --begin <begin>] [-i, --interval <interval>]

[-n, --limit <limit>] [-o, --offset <offset>] [-p, --priority
<priority>] [-t, --type <type>]
Options:
-b, --begin <begin>
Message datetime >= <begin datetime> where datetime

is local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
-i, --interval <interval>
Messages within the begin datetime and this interval (in

sec) (negative implies backward in time)
-n, --limit <limit>
-p, --priority <priority>
Message priority <= <priority>: 0 (highest) to 7
-t, --type <type>
Message type == <type>: <SEC|OPR|PRF|ADT>
system log note

Purpose:
Allows a administrator to annotate the system log
Usage:
system log note <type> <level> <mesg>
Parameters:
<type>
<SEC|OPR|PRF|ADT>
<level>
Message level: 0 (highest) to 7
<mesg>
Administrative note to add to system log
Page 118 of 144

Purpose:
Reset log configuration to factory defaults
Usage:
system log restart

Purpose:
Restart syslog daemon
Usage:
system log restart
system log verify

Purpose:
Verify a signed log message
Usage:
system log verify <mesg>
Parameters:
<mesg>
Log message to be verified mesg-text [meta-data

signature]
15.9 system property commands

system property get
Display an Appliance system property
system property globalize +
Globalize an Appliance system property
system property secureset +
Set an Appliance system property using an interactive

prompt
system property set
Set or delete an Appliance system property
Page 119 of 144
system property get

Purpose:
Display an Appliance system property
Usage:
system property get [-d, --detail] [-n, --limit <limit>] [-k, --name
<name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value
<value>]
Options:
-d, --detail
Show more detail
-n, --limit <limit>
-k, --name <name>
Query properties by name
-r, --role <role>
Evaluate permissions for specified role
-v, --value <value>
Query properties by value
system property globalize

Purpose:
Globalize an Appliance system property
Usage:
system property globalize <name> <boolean>
Parameters:
<name>
Property name
<boolean>
Globalize? <on|off>
system property secureset

Purpose:
Set an Appliance system property using an interactive prompt
Usage:
system property secureset [-g, --global] [-i, --insert] [-v, --value

<value>] <name>
Parameters:
<name>
Property name
Options:
-g, --global
Globalize the property while setting it
-i, --insert
Insert again even if the property exists already.
-v, --value <value>
Property value
Page 120 of 144
system property set

Purpose:
Set or delete an Appliance system property
Usage:
system property set [-g, --global]
Options:
-g, --global
Globalize the property while setting it
15.10 system raid commands

system raid errors...
Get the error counters of the raid disks
system raid status
Get the status of the raid
system raid temperature
Get the temperature of the raid disks
system raid status

Purpose:
Get the status of the raid
Usage:
system raid status
system raid temperatu re

Purpose:
Get the temperature of the raid disks
Usage:
system raid temperature
15.10.1 system raid errors comman ds

system raid errors nonmedium
Non-medium error counters of the raid disks
system raid errors read
Read error counters of the raid disks
system raid errors verify
Verify error counters of the raid disks
system raid errors write
Write error counters of the raid disks
Page 121 of 144

Purpose:
Non-medium error counters of the raid disks
Usage:

Purpose:
Read error counters of the raid disks
Usage:

Purpose:
Verify error counters of the raid disks
Usage:

Purpose:
Write error counters of the raid disks
Usage:
15.11 system tamper commands

system tamper reset
Ignore tamper errors and continue working
system tamper status
Report if the Appliance has been physically tampered with
system tamper reset

Purpose:
Ignore tamper errors and continue working
Usage:
system tamper reset [-c, --crypto-card <crypto-card>]
Options:

Page 122 of 144
system tamper status

Purpose:
Report if the Appliance has been physically tampered with
Usage:
system tamper status [-c, --crypto-card <crypto-card>]
Options:

15.12 system timezone commands

system timezone get
Get system timezone
system timezone list
List all recognized timezones
system timezone set +
Set system timezone
system timezone get

Purpose:
Get system timezone
Usage:
system timezone get

Purpose:
List all recognized timezones
Usage:
system timezone set

Purpose:
Set system timezone
Usage:
system timezone set <timezone>
Parameters:
<timezone>
Timezone (e.g.,America/Los_Angeles)
Page 123 of 144
15.13 system util commands

system util autosupport +
Trigger an autosupport message
system util cat +
Display the contents of a file
system util df
Display free space statistics for all filesystems
system util echo +
Write argument to the standard output
system util iostat
Display statistics of various devices
system util lcdmessages
Display the LCD messages
system util ls +
Display a directory listing
system util mbeventlog...
Manipulate motherboard event log
system util mibget
Query MIB information
system util mibwalk
Walk through MIB information
system util openfiles
Display the number of open files
system util ps
Display a listing of running processes
system util stacklog
Display Appliance stack trace log
system util stacktest
Test Appliance stack trace log
system util techdump...
Prepare reports for NetApp customer support
system util top
Display a listing of the top CPU processes
system util trend...
Trending information: chargeback or usage trends
system util uptime
Show how long the system has been running,and its load
averages for the last 1,5,and 15 minutes
system util vmstat
Report virtual memory statistics
system util autosuppor t

Purpose:
Trigger an autosupport message
Usage:
system util autosupport <subject>
Parameters:
<subject>
subject of the message
system util cat

Purpose:
Display the contents of a file
Usage:
system util cat <file>
Parameters:
<file>
Currently valid choices for <file> include:
Page 124 of 144
system util df
Purpose:
Display free space statistics for all filesystems
Usage:
system util df [-h] [-i] [-k] [-m]
Options:
-h
Print sizes in human-readable format
-i
Include statistics on number of free inodes
-k
Use 1024-byte blocks
-m
Use 1048576-byte blocks
system util echo

Purpose:
Write argument to the standard output
Usage:
system util echo <string>
Parameters:
<string>
any string
system util iostat

Purpose:
Display statistics of various devices
Usage:
system util iostat [-c, --count <count>] [-w, --wait <wait>]
Options:
-c, --count <count>
Total number of samples to display (default 10)
-w, --wait <wait>
Time interval between samples (default 1 sec)
Page 125 of 144
system util lcdmessage s

Purpose:
Display the LCD messages
Usage:
system util lcdmessages
system util ls
Purpose:
Display a directory listing
Usage:
system util ls <directory>
Parameters:
<directory>
Currently valid choices for <directory> include:
Page 126 of 144
system util mibget

Purpose:
Query MIB information
Usage:
system util mibget
system util mibwalk

Purpose:
Walk through MIB information
Usage:
system util mibwalk

Purpose:
Display the number of open files
Usage:
system util ps
Purpose:
Display a listing of running processes
Usage:
system util ps [-a] [-c] [-j] [-l] [-m] [-r] [-u] [-v] [-x]
Options:
-a
Display information about other users' processes as well

as your own
-c
Change the ``command'' column output to just contain

the executable name
-j
Print information associated with the following keywords:

user
-l
Display information associated with the following

keywords: uid
-m
Sort by memory usage
-r
Sort by current cpu usage
-u

keywords: user
-v

keywords: pid
-x
Display information about processes without controlling

terminals
Page 127 of 144
system util stacklo g

Purpose:
Display Appliance stack trace log
Usage:
system util stacklog

Purpose:
Test Appliance stack trace log
Usage:
system util top

Purpose:
Display a listing of the top CPU processes
Usage:
system util top
system util uptime

Purpose:
Show how long the system has been running,and its load averages for the last 1,5,and 15 minutes
Usage:
system util uptime
system util vmstat

Purpose:
Report virtual memory statistics
Usage:
system util vmstat [-c <>] [-i] [-m] [-n <>] [-p <>] [-s] [-z]
Options:
-c <>
Repeat the display count times (max = 255)
-i
Report on the number of interrupts taken by each device

since system startup
-m
Report on the usage of kernel dynamic memory listed first

by size of allocation and then by type of usage
-n <>
Change the maximum number of disks to display from the

default of 2
-p <>
Specify which types of devices to display
-s
Display the contents of the sum structure
-z
Report on memory used by the kernel zone allocator
Page 128 of 144
15.13.1 system util mbeventlog comman ds

system util mbeventlog list
Display motherboard event logs
system util mbeventlog remove
Purge motherboard event logs
system util mbeventlo g list

Purpose:
Display motherboard event logs
Usage:
system util mbeventlog list
system util mbeventlo g remove

Purpose:
Purge motherboard event logs
Usage:
system util mbeventlog remove
15.13.2 system util techdump commands

system util techdump domain
Prepare a report about the domains in the Appliance's

configuration database
system util techdump os
Prepare a report about the Appliance operating system
system util techdump server
Prepare a report about the servers in the Appliance's

system util techdump user
Prepare a report about the users in the Appliance's

system util techdump domain

Purpose:
Prepare a report about the domains in the Appliance's configuration database
Usage:
system util techdump domain [--all] [--name <name>] [--password

<password>] [--server <server>] [--username <username>]
Options:
--all
Dump information for all domains
--name <name>
Dump information for specified domain
--password <password>
Password of access user
--server <server>
Server/Domain Controller - this option ignored if domain

already in database
--username <username>
Access user - needed if domain is not in database
Page 129 of 144

Purpose:
Prepare a report about the Appliance operating system
Usage:
system util techdump server

Purpose:
Prepare a report about the servers in the Appliance's configuration database
Usage:
system util techdump server [--all] [--name <name>]
Options:
--all
Dump information for all servers
--name <name>
Dump information for specified server (takes real name)
system util techdump user

Purpose:
Prepare a report about the users in the Appliance's configuration database
Usage:
system util techdump user [--domain <domain>] [--name <name>]
Options:
--domain <domain>
Dump information for users in the specified domain
--name <name>
username@domain
15.13.3 system util trend comman ds

system util trend disable
Disable the trends
system util trend enable
Enable the trends
system util trend list
Display a list of current trending information, if no counter

name is specified then a list of counters is displayed
system util trend status
Status trending process
Page 130 of 144

Purpose:
Disable the trends
Usage:
system util trend enable

Purpose:
Enable the trends
Usage:
system util trend enable [-s, --sample_rate <sample_rate>]
Options:
-s, --sample_rate <sample_rate>
The given sample rate the trends should be sampled at(in

seconds). Must be between 5 and 86400 (one day).
system util trend list

Purpose:
Display a list of current trending information, if no counter name is specified then a list of counters
is displayed
Usage:
system util trend list [-b, --board_num <board_num>] [-c, -counter_name <counter_name>] [-n, --num_samples <num_samples>]
Options:
-b, --board_num <board_num>
The board number that is to be displayed
-c, --counter_name <counter_name>
The counter name that is to be displayed, or the keyword

ALL to display all counters.
-n, --num_samples <num_samples>
An integer to specify that the number of samples that

should be displayed
system util trend status

Purpose:
Status trending process
Usage:
system util trend status [-b, --get_interval_rate]
Options:
-b, --get_interval_rate
Option to get the number of available bins
Page 131 of 144
15.14 system wizard commands

system wizard admin add
Add a new full admin for the appliance
system wizard agreement
Get commands to sign the appliance license agreement
system wizard cluster...
Get commands to run cluster setup
system wizard crypto...
Get commands to run crypto mini-wizards
system wizard datetime set
Set the date, time and timezone
system wizard finalize
Get commands to finish the appliance setup
system wizard license add
Add a new license for a feature
system wizard lkm configure
Nothing needs to be done yet
system wizard nas configure
Configure Appliance serverside settings
system wizard network...
Get commands to manage network settings
system wizard next
Get the next action for the wizard to perform
system wizard prev
Revert back to the previous page of the wizard
system wizard restoredb
Get commands to load a existing configuration DB into the

appliance
system wizard san configure
Configure Appliance WWNs and other settings
system wizard status
Get the status of the last wizard that was run
system wizard admin add

Purpose:
Add a new full admin for the appliance
Usage:
system wizard admin add [--wiztype <wiztype>]
Options:
--wiztype <wiztype>
Wizard type
Page 132 of 144

Purpose:
Get commands to sign the appliance license agreement
Usage:

Purpose:
Set the date, time and timezone
Usage:

Purpose:
Get commands to finish the appliance setup
Usage:

Purpose:
Add a new license for a feature
Usage:

Purpose:
Nothing needs to be done yet
Usage:

Purpose:
Configure Appliance serverside settings
Usage:
system wizard next

Purpose:
Get the next action for the wizard to perform
Usage:
system wizard next
Page 133 of 144
system wizard prev

Purpose:
Revert back to the previous page of the wizard
Usage:
system wizard prev

Purpose:
Get commands to load a existing configuration DB into the appliance
Usage:

Purpose:
Configure Appliance WWNs and other settings
Usage:

Purpose:
Get the status of the last wizard that was run
Usage:
15.14.1 system wizard cluster commands

system wizard cluster enroll
Enroll the new members into whitelists of cluster nodes
system wizard cluster introduce
Introduce new members to an existing member and vice

versa
system wizard cluster join
Get the new member to join the cluster after enrollment
system wizard cluster stabilize
Wait to see if the cluster forms correctly
Page 134 of 144

Purpose:
Enroll the new members into whitelists of cluster nodes
Usage:

Purpose:
Introduce new members to an existing member and vice versa
Usage:

Purpose:
Get the new member to join the cluster after enrollment
Usage:

Purpose:
Wait to see if the cluster forms correctly
Usage:
15.14.2 system wizard crypto commands

system wizard crypto backup
Backup recovery material into secret shares
system wizard crypto rcadd
Get commands to introduce a new recovery card into the

system
system wizard crypto recover
Recovery key material from secret shares
system wizard crypto setup
Get commands to setup trust between SEP and system

card and generate keys
system wizard crypto tamperreset
How to clear intrusion on this appliance
Page 135 of 144

Purpose:
Backup recovery material into secret shares
Usage:

Purpose:
Get commands to introduce a new recovery card into the system
Usage:

Purpose:
Recovery key material from secret shares
Usage:
system wizard crypto setup

Purpose:
Get commands to setup trust between SEP and system card and generate keys
Usage:
system wizard crypto setup [--slave] [--wiztype <wiztype>]
Options:
--slave
This crypto node is joining a cluster, generate only local

keys
--wiztype <wiztype>
Wizard type

Purpose:
How to clear intrusion on this appliance
Usage:
15.14.3 system wizard network commands

system wizard network certificate
Manage the appliance SSL certificates
system wizard network manage
Manage the appliance network settings
Page 136 of 144

Purpose:
Manage the appliance SSL certificates
Usage:

Purpose:
Manage the appliance network settings
Usage:
Page 137 of 144
Alphabetical Index
active-role add........................................................................................................................................................................................
46
active-role list.........................................................................................................................................................................................
46
active-role remove.................................................................................................................................................................................
46
authorize....................................................................................................................................................................................................
4
challenge...................................................................................................................................................................................................
5
cli complete............................................................................................................................................................................................
44
cli cshelp disable....................................................................................................................................................................................
45
cli cshelp enable....................................................................................................................................................................................
45
cli cshelp find..........................................................................................................................................................................................
45
cli documentation..................................................................................................................................................................................
44
cli format.................................................................................................................................................................................................
44
cli pager...................................................................................................................................................................................................
45
cluster config ipsec dumpsad.............................................................................................................................................................
76
cluster config ipsec dumpspd.............................................................................................................................................................
76
cluster config ipsec flushsad...............................................................................................................................................................
76
cluster config ipsec restart..................................................................................................................................................................
76
cluster config ipsec secret...................................................................................................................................................................
76
cluster config member count..............................................................................................................................................................
77
cluster config member list...................................................................................................................................................................
77
cluster config member remove..........................................................................................................................................................77
cluster config member rmall...............................................................................................................................................................
78
cluster config member set...................................................................................................................................................................
78
cluster config name..............................................................................................................................................................................
74
cluster config potentialmember add.................................................................................................................................................79
cluster config potentialmember authenticate.................................................................................................................................79
cluster config potentialmember commit..........................................................................................................................................
80
cluster config potentialmember getmaster.....................................................................................................................................80
cluster config potentialmember list...................................................................................................................................................
80
cluster config potentialmember review............................................................................................................................................80
cluster config potentialmember rmall...............................................................................................................................................
81
cluster config potentialmember set...................................................................................................................................................
81
cluster config potentialmember status.............................................................................................................................................
81
cluster config pull..................................................................................................................................................................................
74
cluster config remote list.....................................................................................................................................................................
74
cluster config route add.......................................................................................................................................................................
82
cluster config route heartbeat disable..............................................................................................................................................83
cluster config route heartbeat enable...............................................................................................................................................
83
cluster config route list.........................................................................................................................................................................
82
cluster config route remove................................................................................................................................................................
82
cluster config route rmall.....................................................................................................................................................................
82
cluster config set-local..........................................................................................................................................................................
75
cluster disable........................................................................................................................................................................................
72
cluster enable.........................................................................................................................................................................................
72
cluster rexec...........................................................................................................................................................................................
73
cluster rsh................................................................................................................................................................................................
73
cluster state............................................................................................................................................................................................
73
cluster status..........................................................................................................................................................................................
73
db begin...................................................................................................................................................................................................
84
Page 138 of 144
db commit...............................................................................................................................................................................................
85
db connect..............................................................................................................................................................................................
85
db export.................................................................................................................................................................................................
85
db import.................................................................................................................................................................................................
86
db index list.............................................................................................................................................................................................
88
db index test...........................................................................................................................................................................................
88
db record.................................................................................................................................................................................................
86
db recover...............................................................................................................................................................................................
86
db rollback..............................................................................................................................................................................................
87
db save....................................................................................................................................................................................................
87
db select..................................................................................................................................................................................................
87
db size......................................................................................................................................................................................................
87
db status..................................................................................................................................................................................................
87
db trx kill..................................................................................................................................................................................................
88
db trx list..................................................................................................................................................................................................
89
db xlog list...............................................................................................................................................................................................
89
db xlog test.............................................................................................................................................................................................
89
db3 restart.................................................................................................................................................................................................
7
db3 techdump..........................................................................................................................................................................................
7
db3 zeroize................................................................................................................................................................................................
7
domain add.............................................................................................................................................................................................
48
domain controller discover..................................................................................................................................................................
48
domain group list...................................................................................................................................................................................
49
domain hash import..............................................................................................................................................................................
49
domain list..............................................................................................................................................................................................
49
domain migrate.....................................................................................................................................................................................
50
domain remove......................................................................................................................................................................................
50
domain set..............................................................................................................................................................................................
51
domain user list.....................................................................................................................................................................................
51
domain validate.....................................................................................................................................................................................
52
group add................................................................................................................................................................................................
53
group domain discover.........................................................................................................................................................................
53
group group list......................................................................................................................................................................................
55
group group parentlist..........................................................................................................................................................................
56
group list..................................................................................................................................................................................................
54
group remove.........................................................................................................................................................................................
54
group review...........................................................................................................................................................................................
54
group role grant.....................................................................................................................................................................................
56
group role revoke..................................................................................................................................................................................
57
help.............................................................................................................................................................................................................
5
keyman cryptainerkeys generate.......................................................................................................................................................
40
keyman cryptainerkeys list..................................................................................................................................................................
40
keyman cryptainerkeys rename.........................................................................................................................................................
40
keyman domainkeys list......................................................................................................................................................................
38
keyman expirekeys...............................................................................................................................................................................
38
keyman lkmkeys backup.....................................................................................................................................................................
41
keyman lkmkeys import......................................................................................................................................................................
41
keyman lkmkeys list.............................................................................................................................................................................
42
keyman masterkeys..............................................................................................................................................................................
39
keyman purgekeys accelerate............................................................................................................................................................
43
keyman purgekeys start.......................................................................................................................................................................
43
keyman purgekeys status....................................................................................................................................................................
43
keyman purgekeys stop.......................................................................................................................................................................
43
Page 139 of 144
keyman set.............................................................................................................................................................................................
39
lkm db copy............................................................................................................................................................................................
19
lkm db export.........................................................................................................................................................................................
19
lkm db list...............................................................................................................................................................................................
19
lkm db remove.......................................................................................................................................................................................
19
lkm disk usage.......................................................................................................................................................................................
17
lkm doc....................................................................................................................................................................................................
17
lkm key add............................................................................................................................................................................................
21
lkm key attribute add...........................................................................................................................................................................
24
lkm key attribute list.............................................................................................................................................................................
24
lkm key delete........................................................................................................................................................................................
21
lkm key export.......................................................................................................................................................................................
21
lkm key import.......................................................................................................................................................................................
21
lkm key journal list................................................................................................................................................................................
24
lkm key journal state............................................................................................................................................................................
25
lkm key journal status..........................................................................................................................................................................
25
lkm key journal zeroize........................................................................................................................................................................
25
lkm key list..............................................................................................................................................................................................
22
lkm key resync.......................................................................................................................................................................................
22
lkm key sharing group list...................................................................................................................................................................
22
lkm key statistics...................................................................................................................................................................................
23
lkm key update......................................................................................................................................................................................
23
lkm key verify.........................................................................................................................................................................................
23
lkm key whitelist list.............................................................................................................................................................................
23
lkm openkey client list..........................................................................................................................................................................
26
lkm openkey enroll list.........................................................................................................................................................................
27
lkm openkey enroll pending accept...................................................................................................................................................
28
lkm openkey enroll pending certificate get......................................................................................................................................
28
lkm openkey enroll pending list..........................................................................................................................................................
28
lkm openkey enroll pending reject.....................................................................................................................................................
29
lkm openkey enroll set.........................................................................................................................................................................
27
lkm openkey license list.......................................................................................................................................................................
26
lkm restart..............................................................................................................................................................................................
17
lkm server add.......................................................................................................................................................................................
29
lkm server certificate get.....................................................................................................................................................................
31
lkm server certificate set.....................................................................................................................................................................
31
lkm server list.........................................................................................................................................................................................
30
lkm server remove................................................................................................................................................................................
30
lkm server set.........................................................................................................................................................................................
30
lkm state info.........................................................................................................................................................................................
17
lkm status...............................................................................................................................................................................................
17
lkm test...................................................................................................................................................................................................
18
lkm zeroize..............................................................................................................................................................................................
18
net apply..................................................................................................................................................................................................
32
net connection list.................................................................................................................................................................................
32
net interface get....................................................................................................................................................................................
32
net status................................................................................................................................................................................................
33
net util arp...............................................................................................................................................................................................
33
net util host.............................................................................................................................................................................................
33
net util ifconfig.......................................................................................................................................................................................
34
net util ipsecstats..................................................................................................................................................................................
35
net util netstat........................................................................................................................................................................................
35
net util ping.............................................................................................................................................................................................
36
Page 140 of 144
net util tcpdump delete........................................................................................................................................................................

36
net util tcpdump start...........................................................................................................................................................................
37
net util tcpdump status........................................................................................................................................................................
37
net util tcpdump stop............................................................................................................................................................................
37
password....................................................................................................................................................................................................
5
quit..............................................................................................................................................................................................................
6
role list.....................................................................................................................................................................................................
58
role path list............................................................................................................................................................................................
59
system agreement sign........................................................................................................................................................................
95
system agreement view.......................................................................................................................................................................
95
system allproperties globalize............................................................................................................................................................
91
system banner postlogin add..............................................................................................................................................................
96
system banner postlogin get...............................................................................................................................................................
96
system banner postlogin set...............................................................................................................................................................
96
system banner prelogin add................................................................................................................................................................
97
system banner prelogin get.................................................................................................................................................................
97
system banner prelogin set.................................................................................................................................................................
97
system certificate get...........................................................................................................................................................................
98
system certificate getcert....................................................................................................................................................................
98
system certificate request generate...............................................................................................................................................100
system certificate request get..........................................................................................................................................................
100
system certificate set............................................................................................................................................................................
98
system certificate sign..........................................................................................................................................................................
99
system check..........................................................................................................................................................................................
91
system crypto approve clear.............................................................................................................................................................
103
system crypto approve message.....................................................................................................................................................
104
system crypto approve nonce...........................................................................................................................................................
104
system crypto approve status...........................................................................................................................................................
104
system crypto authenticate...............................................................................................................................................................
101
system crypto channel challenge.....................................................................................................................................................
104
system crypto channel response......................................................................................................................................................
105
system crypto ignitionkey change...................................................................................................................................................105
system crypto ignitionkey ring..........................................................................................................................................................
105
system crypto interrupts....................................................................................................................................................................
101
system crypto level.............................................................................................................................................................................
101
system crypto manager.....................................................................................................................................................................
102
system crypto masterkey create......................................................................................................................................................
106
system crypto masterkey load.........................................................................................................................................................
106
system crypto numSEPs....................................................................................................................................................................
102
system crypto protected clearSSL...................................................................................................................................................
106
system crypto protected loadSSL....................................................................................................................................................
106
system crypto protected saveSSL....................................................................................................................................................
107
system crypto proxy............................................................................................................................................................................
102
system crypto rc add..........................................................................................................................................................................
107
system crypto rc check......................................................................................................................................................................
108
system crypto rc delete......................................................................................................................................................................
108
system crypto rc list............................................................................................................................................................................
108
system crypto rc restore....................................................................................................................................................................
109
system crypto rc sync.........................................................................................................................................................................
109
system crypto rip export....................................................................................................................................................................
109
system crypto rip getcombination...................................................................................................................................................
110
system crypto rip getshare................................................................................................................................................................
110
system crypto rip import....................................................................................................................................................................
110
Page 141 of 144
system crypto rip loadshare..............................................................................................................................................................

110
system crypto rip rclist.......................................................................................................................................................................
111
system crypto rip status.....................................................................................................................................................................
111
system crypto scstatus.......................................................................................................................................................................
103
system crypto secretshare authorizeDrtkn....................................................................................................................................112
system crypto secretshare getclustertoken...................................................................................................................................
112
system crypto secretshare getcombination...................................................................................................................................
112
system crypto secretshare getshare...............................................................................................................................................112
system crypto secretshare loadshare.............................................................................................................................................113
system crypto secretshare recoverykey.........................................................................................................................................113
system crypto secretshare scheme.................................................................................................................................................
113
system crypto start.............................................................................................................................................................................
103
system crypto test...............................................................................................................................................................................
103
system crypto whitelist add..............................................................................................................................................................
114
system crypto whitelist lock..............................................................................................................................................................
114
system crypto whitelist query...........................................................................................................................................................
114
system crypto whitelist remove........................................................................................................................................................
114
system date get...................................................................................................................................................................................
115
system date set...................................................................................................................................................................................
115
system finalize.......................................................................................................................................................................................
91
system httpd getstatus......................................................................................................................................................................
116
system httpd restart...........................................................................................................................................................................
116
system httpd setjobtype....................................................................................................................................................................
116
system httpd setstatus.......................................................................................................................................................................
116
system license add.............................................................................................................................................................................
117
system license check.........................................................................................................................................................................
117
system license list...............................................................................................................................................................................
117
system license remove......................................................................................................................................................................
117
system log list......................................................................................................................................................................................
118
system log note...................................................................................................................................................................................
118
system log resetconf..........................................................................................................................................................................
119
system log restart...............................................................................................................................................................................
119
system log verify.................................................................................................................................................................................
119
system lproperty get.............................................................................................................................................................................
91
system ntpd restart...............................................................................................................................................................................
92
system property get............................................................................................................................................................................
120
system property globalize.................................................................................................................................................................
120
system property secureset................................................................................................................................................................
120
system property set............................................................................................................................................................................
121
system raid errors nonmedium........................................................................................................................................................
122
system raid errors read......................................................................................................................................................................
122
system raid errors verify....................................................................................................................................................................
122
system raid errors write.....................................................................................................................................................................
122
system raid status...............................................................................................................................................................................
121
system raid temperature...................................................................................................................................................................
121
system reboot........................................................................................................................................................................................
92
system revert..........................................................................................................................................................................................
92
system selftest.......................................................................................................................................................................................
92
system sensors......................................................................................................................................................................................
93
system serial..........................................................................................................................................................................................
93
system shutdown...................................................................................................................................................................................
93
system snmp restart.............................................................................................................................................................................
93
system sshd restart...............................................................................................................................................................................
93
Page 142 of 144
system tamper reset..........................................................................................................................................................................

122
system tamper status........................................................................................................................................................................
123
system timers list..................................................................................................................................................................................
93
system timezone get..........................................................................................................................................................................
123
system timezone list...........................................................................................................................................................................
123
system timezone set..........................................................................................................................................................................
123
system upgrade.....................................................................................................................................................................................
93
system util autosupport.....................................................................................................................................................................
124
system util cat.....................................................................................................................................................................................
124
system util df.......................................................................................................................................................................................
125
system util echo..................................................................................................................................................................................
125
system util iostat.................................................................................................................................................................................
125
system util lcdmessages...................................................................................................................................................................
126
system util ls........................................................................................................................................................................................
126
system util mbeventlog list...............................................................................................................................................................
129
system util mbeventlog remove.......................................................................................................................................................
129
system util mibget..............................................................................................................................................................................
127
system util mibwalk............................................................................................................................................................................
127
system util openfiles...........................................................................................................................................................................
127
system util ps.......................................................................................................................................................................................
127
system util stacklog............................................................................................................................................................................
128
system util stacktest..........................................................................................................................................................................
128
system util techdump domain..........................................................................................................................................................
129
system util techdump os...................................................................................................................................................................
130
system util techdump server............................................................................................................................................................
130
system util techdump user................................................................................................................................................................
130
system util top.....................................................................................................................................................................................
128
system util trend disable...................................................................................................................................................................
131
system util trend enable....................................................................................................................................................................
131
system util trend list...........................................................................................................................................................................
131
system util trend status.....................................................................................................................................................................
131
system util uptime..............................................................................................................................................................................
128
system util vmstat..............................................................................................................................................................................
128
system version.......................................................................................................................................................................................
94
system wizard admin add..................................................................................................................................................................
132
system wizard agreement.................................................................................................................................................................
133
system wizard cluster enroll.............................................................................................................................................................
135
system wizard cluster introduce.......................................................................................................................................................
135
system wizard cluster join.................................................................................................................................................................
135
system wizard cluster stabilize.........................................................................................................................................................
135
system wizard crypto backup...........................................................................................................................................................
136
system wizard crypto rcadd..............................................................................................................................................................
136
system wizard crypto recover...........................................................................................................................................................
136
system wizard crypto setup...............................................................................................................................................................
136
system wizard crypto tamperreset..................................................................................................................................................
136
system wizard datetime set..............................................................................................................................................................
133
system wizard finalize........................................................................................................................................................................
133
system wizard license add................................................................................................................................................................
133
system wizard lkm configure............................................................................................................................................................
133
system wizard nas configure............................................................................................................................................................
133
system wizard network certificate...................................................................................................................................................
137
system wizard network manage......................................................................................................................................................
137
system wizard next.............................................................................................................................................................................
133
Page 143 of 144
system wizard prev.............................................................................................................................................................................

134
system wizard restoredb....................................................................................................................................................................
134
system wizard san configure............................................................................................................................................................
134
system wizard status..........................................................................................................................................................................
134
system zeroize........................................................................................................................................................................................
94
trustee delete............................................................................................................................................................................................
8
trustee keys export..................................................................................................................................................................................
9
trustee keys import..................................................................................................................................................................................
9
trustee linkkey delete...........................................................................................................................................................................
10
trustee linkkey list.................................................................................................................................................................................
10
trustee linkkey map..............................................................................................................................................................................
10
trustee linkkeysharing disable............................................................................................................................................................
11
trustee linkkeysharing enable.............................................................................................................................................................
11
trustee list..................................................................................................................................................................................................
8
trustee peer delete................................................................................................................................................................................
11
trustee peer list......................................................................................................................................................................................
12
trustee unapproved approve...............................................................................................................................................................
12
trustee unapproved create..................................................................................................................................................................
13
trustee unapproved delete...................................................................................................................................................................
13
trustee unapproved list.........................................................................................................................................................................
13
trustee unapproved receive.................................................................................................................................................................
14
trustee unapproved review..................................................................................................................................................................
14
trustee unapproved rmall....................................................................................................................................................................
15
trustee unapproved send.....................................................................................................................................................................
15
user add...................................................................................................................................................................................................
60
user cifs password nullify.....................................................................................................................................................................
64
user cifs password verify......................................................................................................................................................................
64
user cifs sid.............................................................................................................................................................................................
63
user cifs validate....................................................................................................................................................................................
63
user comers cancel...............................................................................................................................................................................
65
user comers confirm.............................................................................................................................................................................
66
user group grant....................................................................................................................................................................................
67
user group list.........................................................................................................................................................................................
67
user group parentlist.............................................................................................................................................................................
68
user group revoke..................................................................................................................................................................................
68
user home list.........................................................................................................................................................................................
69
user home remove................................................................................................................................................................................
69
user home set........................................................................................................................................................................................
69
user list....................................................................................................................................................................................................
61
user remove............................................................................................................................................................................................
61
user role grant........................................................................................................................................................................................
70
user role list............................................................................................................................................................................................
71
user role revoke.....................................................................................................................................................................................
71
user set....................................................................................................................................................................................................
62
user token dump...................................................................................................................................................................................
62
who.............................................................................................................................................................................................................
6
whoami......................................................................................................................................................................................................
6
Page 144 of 144

Command, Netapp

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Command, Netapp

Transféré par

Droits d'auteur :

Formats disponibles

NetApp Lifetime Key Management Appliance 4.

Copyright, trademark information, notices and warnings

Copyright, trademark information, notices and warnings

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to

Copyright, trademark information, notices and warnings

Dual power supply

Copyright, trademark information, notices and warnings

Copyright, trademark information, notices and warnings

NetApp KM-Series Command Line Reference Guide 4.0

3.1 trustee keys commands...........................................................................................................................................................

4.1 lkm db commands..................................................................................................................................................................

5.1 net util commands..................................................................................................................................................................

6.1 keyman cryptainerkeys commands.....................................................................................................................................

7.1 cli cshelp commands..............................................................................................................................................................

10.1 group group commands......................................................................................................................................................

12.1 user cifs commands.............................................................................................................................................................

NetApp KM-Series Command Line Reference Guide 4.0

12.1.1 user cifs password commands...............................................................................................................................63

13.1 cluster config commands....................................................................................................................................................

14.1 db index commands.............................................................................................................................................................

15.1 system agreement commands..........................................................................................................................................95

NetApp Proprietary Information

NetApp KM-Series Command Line Reference Guide 4.0

Active role commands

Authorize admin login

Generate challenge for PKI authentication

Command line administration commands

Database administration commands

DB3 administration commands

User/group domain commands

Command line usage help

Key management commands

LKM management commands

Change user password

Quit the current client session

Trustees management commands

Display who is logged in

Display effective user ID

Authorize admin login

NetApp Proprietary Information

NetApp KM-Series Command Line Reference Guide 4.0

Generate challenge for PKI authentication

Command line usage help

Change user password

password [-f, --force] [--new <new>] [--old <old>] [--user <user>]

Force password change of an admin

NetApp Proprietary Information

NetApp KM-Series Command Line Reference Guide 4.0

Quit the current client session

Display who is logged in

Display effective user ID

NetApp Proprietary Information

NetApp KM-Series Command Line Reference Guide 4.0

Restart DB3 server

Series of diagnostic queries

Zeroizes DB3 data

Restart DB3 server

Series of diagnostic queries

Zeroizes DB3 data

NetApp Proprietary Information

NetApp KM-Series Command Line Reference Guide 4.0

Remove a trustee from the system