rfs-setup

rfs-setup <ADDRESS> <ESN> <KEYHASH>
rfs-setup --gang-client <ADDRESS> [<ESN>] <KEYHASH>
rfs-setup --gang-client --write-noauth <ADDRESS>
rfs-setup --gang-client --readonly <ADDRESS> [<ESN>] <KEYHASH>
rfs-setup --gang-client --readonly --write-noauth <ADDRESS>

Creates a default RFS hardserver configuration.

Run this utility when you first configure the RFS.

rfs-setup creates all appropriate directories for the remote file system and edits the hardserver configuration file appropriately.

To revoke a networked-attached HSM or a ganged client, you must edit the hardserver configuration file manually.

For procedures, see:

Option Description

Option	Description
Action selection
`-g`, `--gang-client`	Sets up a client machine to share the RFS. In this case `<ADDRESS>` is the IP address of the client.
`--readonly`	Limits the ganged client to read-only.
`--write-noauth`	Allows the ganged client to access the RFS without authentication. Do not use this option over insecure networks.
Options for the actions
`<ADDRESS>`
`-c`, `--configfile=FILENAME`	Default: `NFAST_KMDATA/config/config`.
`<ESN>` `<KEYHASH>`	If an option of `rfs-setup` allows a network-attached HSM to write to the RFS, which requires authentication from an HSM. The client can be authenticated by passing in its HSM’s ESN and KNETI hash, or for software authentication by specifying its hardserver’s KNETI hash only.
`-f`, `--force`	Removes old existing `remotefilesystem` config entries with the same ESN value.
Help options
`-h`, `--help`	Displays help for `racs`.
`-u`, `--usage`	Displays a brief usage summary for `racs`.
`-v`, `--version`	Displays the version number of nShield Remote Adminstration that deploys `racs`.

Action selection

-g, --gang-client

Sets up a client machine to share the RFS. In this case <ADDRESS> is the IP address of the client.

--readonly

Limits the ganged client to read-only.

--write-noauth

Allows the ganged client to access the RFS without authentication. Do not use this option over insecure networks.

Options for the actions

<ADDRESS>

-c, --configfile=FILENAME

Default: NFAST_KMDATA/config/config.

<ESN> <KEYHASH>

If an option of rfs-setup allows a network-attached HSM to write to the RFS, which requires authentication from an HSM. The client can be authenticated by passing in its HSM’s ESN and KNETI hash, or for software authentication by specifying its hardserver’s KNETI hash only.

-f, --force

Removes old existing remotefilesystem config entries with the same ESN value.

Help options

-h, --help

Displays help for racs.

-u, --usage

Displays a brief usage summary for racs.

-v, --version

Displays the version number of nShield Remote Adminstration that deploys racs.