-
-
Notifications
You must be signed in to change notification settings - Fork 2
adminclient.8
adminclient - Client for running IndiMail programs remotely
adminclient -h adminHost -p port -u adminUser -P adminPassword [-n certfile] -c Command
adminclient is the administration client for administering IndiMail's clustered domains. It has a simple mechanism by which administrators can connect to the administration server, indisrvr and issue commands to execute any of the IndiMail programs Command. On successful validation of password, adminclient executes the specified IndiMail administration program on the remote host by connecting to indisrvr(8). For security reasons, the list of these administration programs are hard-coded in the adminclient and indisrvr executable. adminclientFr uses environment variable ADMIN_TIMEOUT to timeout connections to indisrvr. adminclient needs to supply credentials of users with administration privileges. These users can be created using the mgmtpass(8) program. You can furhter use vpriv(8) to control/restrict access of these admin users to certain programs (and even command line arguments.
adminclient encrypts the communication channel using TLS if -n option specifing a certificate is used. One can use use ciphers by setting TLS_CIPHER_LIST environment variable for TLS protocol TLSv1.2 and below and TLS_CIPHER_SUITE environment variable for TLS protocol TLSv1.3 and above. For multiple ciphers, use ':' separated list of ciphers. See openssl-ciphers(1ossl).
e.g. The following command runs the command vadduser with arguments test@example.com password.
adminclient -h phoenix2 -p 4000 -u admin -P adminpass -c "vadduser test@example.com password"
-v
Sets Verbose option.
-h adminHost
The IP address / hostname of host on which command Command needs to
run.
-p adminPort
A TCP/IP port or service in /etc/services on which indisrvr is running
on adminHost.
-u adminUser
The administration user (maintained using mgmtpass(8)) for which
indisrvr will validate the password.
-P adminPass
The password for the user specified by the -u option.
-n certificate
A client certificate which should be provided in case TLS encryption is
needed
-C cafile
Specify cafile as the file containing CA certificates. Sometimes,
special CA certificates are needed if an intermediate certificate used
by your issuing CA expires. Note that the file given with -c is passed
to SSL_CTX_load_verify_locations and thus may contain several CA
certificates, which will be used during SSL connection negotiation to
close any gap in the certificate chain.
-r crlfile
A list of Certificate Revocation Lists (CRLs). If present it should
contain the CRLs of the CAs in cafile and client certs that will be
checked for revocation.
-m
Match host with common name in certificate (CN)
-c Command
The command that needs to executed on the remote host adminHost.
Command should be enclosed in quotes for commands requiring multiple
arguments on the command line.
The -h, -p, -u, -P, -v are optional. If not given, the environment variables ADMIN_HOST, ADMIN_PORT, ADMIN_USER, ADMIN_PASS will be used for these variables.
Returns the return status of the remote command executed. All output printed by the remote command on stdout/stderr are printed on stdout of adminclient.
The adminclient protocol is descibed below. You can connect to port 4000 and execute the below sequence of commands to execute. Here 's' denotes server and 'c' denotes client.
adminclient Protocol
s - server
c - client
s: "Login: "
c: "userid\n"
s: "Password: "
c: "password\n"
s: "OK\n"
c: "index command arg1 arg2 ...\n"
s: <output of above command if any>
c: "\n"
s: "RETURNSTATUS[return value of command]\n"
The below shows an actual example of vuserinfo getting executed by executing the telnet(1) client on port 4000.
<lf> - linefeed
Login: admin<lf>
Password: xxxxxxxx<lf>
OK
7 vuserinfo -n manvendra@indimail.org<lf>
name : manvendra@indimail.org
<lf>
RETURNSTATUS0
indisrvr(8), mgmtpass(8), vpriv(8), IndiMail(7) openssl-ciphers(1ossl)