The following options and arguments are used with many of the commands described in this topic. If an option or argument is not described with a command in the text, a description of it appears here. (See Part 2 of this guide and reference for complete details about each command.)
· The -server machine option specifies the server machine on which the command is to execute. This option names the machine on which the administrative list or keytab file to be affected is stored. The BOS Server on this machine executes the command. This option can be used to specify a server machine in a foreign cell.
To run a privileged bos command (a bos command that requires the issuer to have some level of administrative privilege) using a privileged identity, always specify the full DCE pathname of the machine (for example, /.../abc.com/hosts/fs1).
To run an unprivileged bos command, you can use any of the following to specify the machine:
- The machine's DCE pathname (for example, /.../abc.com/hosts/fs1)
- The machine's host name (for example, fs1.abc.com or fs1)
- The machine's IP address (for example, 11.22.33.44)
Note: If you specify the host name or IP address of the machine, the command executes using the unprivileged identity nobody (the equivalent of running the command with the -noauth option); unless DFS authorization checking is disabled on the specified machine, a privileged bos command issued in this manner fails. If you specify the machine's host name or IP address, the command displays the following message (using the -noauth option suppresses the message):
bos: WARNING: short form for server used; no authentication
information will be sent to the bosserver
When working with administrative lists, modify only the administrative lists stored on the System Control machine for the domain. The Update Server can then be used to distribute the lists to other server machines in the domain. If -server is not the System Control machine, the list is not distributed to other server machines in the domain. In addition, changes made to the list can be lost if the list is later updated from the System Control machine.
· The -noauth option directs the bos program to use the unprivileged identity nobody as the identity of the issuer of the command. If DFS authorization checking has been disabled with the bos setauth command, the identity nobody has the necessary privileges to perform any operation. (See Disabling DFS Authorization Checking on a Server Machine for information about disabling DFS authorization checking.) If you use this option, do not use the -localauth option.
· The -localauth option directs the bos program to use the DFS server principal of the machine on which the command is issued as the identity of the issuer. Each DFS server machine has a DFS server principal stored in the Registry Database. A DFS server principal is a unique, fully qualified principal name that ends with the string dfs-server; for example, /.../abc.com/hosts/fs1/dfs-server. Do not confuse a machine's DFS server principal with its unique self identity. (See Making Filesets and Aggregates Available for information about DFS server principals.)
Use this option only if the command is issued from a DFS server machine. You must be logged into the server machine as root for this option to work. If you use this option, do not use the -noauth option.
The -noauth and -localauth options are always optional.