rfs-sync

rfs-sync [-U|--update] [-c|--commit] [-s|--show] [--remove]
         [--setup [setup_options] ip_address]

Synchronizes your local key management data (opt/nfast/kmdata/local on Linux, or %NFAST_KMDATA%\local on Windows) with the remote file system it is configured to access by updating from it or committing changes to it. If you need to push changes to the remote file system with rfs-sync, the cooperating client from which you are pushing changes from must have write access to the remote file system.

Run rfs-sync to retrieve data from the remote file system when

  • A cooperating client is initialized

  • A client needs to update its local copy of the data

Option Description

Action selection

-c, --commit

Commits local key management data changes to the remote file system, and updates the client from the remote file system.

--remove

Removes the synchronization configuration.
Reverting to a standalone configuration leaves the current contents of the Key Management Data directory in place.

-s, --show

Displays the current synchronization configuration.

--setup

Sets up a new synchronization configuration.

-U, --update

Updates local key management data from the remote file system. If a cooperating client has keys in its kmdata/local directory that are also on the remote file system, if these keys are deleted from the remote file system and then rfs-sync --update is run on the client, these keys remain on the client until manually removed.

Options for --setup

-a, --authenticate

Specifies the use of a module KNETI key to authenticate this client to the RFS.
Default: software KNETI key of the hardserver

ip_address

Specifies the IP address of the remote file system, which could be one of the following:

  • an IPv4 address

  • an IPv6 address, including a link-local IPv6 address

  • a hostname

-m, --module=module

Selects the local module to use for authentication.
Default: 1.
This option can only be used with the --authenticate option.

-p, --port=port

Specifies the port on which to connect to the remote file system.
Default: 9004.

--rfs-hkneti=HNETI

Specifies the hash of the KNETI key to use for nToken or software-based authentication of the RFS.

--rfs-esn=ESN

Specifiesthe ESN of an nToken to use for authentication of the RFS.

Options for a stuck lockfile that has been left behind by a failed rfs-sync --commit operation

--who-has-lock

Displays the task ID of the lock owner.

--kill-lock

Forcibly removes the lock file.

Only use this option as a last resort.

For network-attached HSMs, the lock file can also be removed via menu item 3-3-2, Remove RFS Lock: this executes the rfs-sync --kill-lock command.

Help options

-f, --force

Disable confirmation prompts for the --setup and --remove actions when overwriting an existing configuration and with --kill-lock when removing a lock.

-h, --help

Displays help for rfs-sync.

-q, --quiet

Displays fewer messages.

-u, --usage

Displays a brief usage summary for rfs-sync.

-v, --verbose

Displays more messages.

-V, --version

Displays the version number of the Security World Software that deploys rfs-sync.

For more information, see: