-
-
Notifications
You must be signed in to change notification settings - Fork 2
indisrvr.8
indisrvr - IndiMail administration server
indisrvr -i IP_Address -p port -b backlog [-n certfile] [-c cafile -r crlfile] [-t timeoutdata -T timeoutconn]
indisrvr is the administration server for administering IndiMail's clustered domains. It has a simple mechanism by which administrators can connect to this server and issue commands to execute any of the IndiMail programs given above. These commands are issued by the adminclient(8) program. e.g. To run vadduser on host phoenix2, run adminclient on any host on the network. indisrvr implements simple authentication using crypt(3), MD5, SHA256/SHA512. The userid and passwd are maintained in the table mgmtaccess. A separate password maintenance tool mgmtpass maintains the passwords in this table. On successful validation of password, indisrvr executes the specified IndiMail administration program on the localhost. For security reasons, the list of these administration programs are hard-coded in the indisrvr executable. On SIGUSR2, verbose option gets toggled (see -v option below). For a clustered domain, the table mgmtaccess will be on the hostcntrl db. For a non-clustered domain, the table mgmtaccess will be on the local MySQL database.
Indisrvr uses a privilege table vpriv in MySQl for allowing access to command and commandLineSwitches. For a clustered domain, the table vpriv will be on the central database. For a non-clustered domain, the table vpriv will be on the local MySQL database. The table vpriv can be maintained using the vpriv(8) program.
indisrvr encrypts the communication channel using TLS if -n option specifing a certificate is used. One can use use ciphers by setting TLS_CIPHER_LIST environment variable for TLS protocol TLSv1.2 and below and TLS_CIPHER_SUITE environment variable for TLS protocol TLSv1.3 and above. For multiple ciphers, use ':' separated list of ciphers. See openssl-ciphers(1ossl).
The following command runs the command vadduser with arguments test@indi.com password.
adminclient -h phoenix2 -p 4000 -u admin -P adminpass -c ''vadduser test@indi.com password''
-v
Sets verbose option.
-l
This options expects indisrvr to be run under tcpserver(1) or similar
server.
-i IP_Address
The IP address on which indisrvr needs to bind. Useful if a host has
multiple IP addresses and you want to bind on just one interface.
-p port
A TCP/IP port or service in /etc/services on which indisrvr needs to
bind.
-b backlog
Max backlog to be maintained after which the client should get
connection refused
-d certdir
certificate directory for RSA/DH parameter files
-n certfile
A PEM certificate causes indisrvr to negotiate TLS encryption with
clients.
-c cafile
Specify cafile as the file containing CA certificates. Sometimes,
special CA certificates are needed if an intermediate certificate used
by your issuing CA expires. Note that the file given with -c is passed
to SSL_CTX_load_verify_locations and thus may contain several CA
certificates, which will be used during SSL connection negotiation to
close any gap in the certificate chain.
-r crlfile
A list of Certificate Revocation Lists (CRLs). If present it should
contain the CRLs of the CAs in cafile and client certs that will be
checked for revocation.
-t timeoutdata
Quit if read or write to/from commands or application exceeds
timeoutdata seconds.
-T timeoutconn
Timeout on TLS/SSL accept if attempt exceeds timeoutconn seconds.
Always returns non-zero status, which means the server died due to some reasons. Most likely of a bug. Will also return on SIGTERM with exit status=0.
adminclient(8), mgmtpass(8), vpriv(8), openssl-ciphers(1ossl)