Provided by: nutcpc_2.4.3-2.1build1_amd64 bug

NAME

       nutcpc - NuFW console-mode client for GNU/Linux and BSD systems

SYNOPSIS

       nutcpc [ -d  ] [ -l  ] [ -k  ] [ -c  ] [ -V  ] [ -h  ] [ -q  ] [ -Q  ] [ -N  ] [ -H Nuauth
       IP ] [ -p Nuauth port  ] [ -U UserID ] [ -P UserPassword ] [ -I Interval ] [ -Z Service  ]
       [  -C  CertFile  ] [ -A AuthorityFile ] [ -K KeyFile ] [ -W CertPass ] [ -R CrlFile ] [ -a
       NuauthDN ]

DESCRIPTION

       This manual page documents the nutcpc command.

       nutcpc  is  a  console-mode  client  for  the  NuFW  authenticating  firewall.  It   sends
       authentication  packets to the nuauth server. All parameters can be set on commandline but
       nutcpc can also be configured via the file nuclient.conf(5).

       Original packaging and informations and help can be found from http://www.nufw.org/

OPTIONS

       -d     Debug mode, don't go into background.

       -l     Do not verify whether lock file exists before starting.  And  do  not  create  lock
              file.

       -k     Kill existing instances of the program running on our local userID.

       -c     Check if a client is already running. Return error if no client are running.

       -V     Issues program version and exits.

       -h     Issues usage details and exits.

       -q     Do not display running nutcpc options on "ps". Useful when using "-W"

       -H Nuauth IP
              Send authentication packet  to Nuauth IP.

       -p Nuauth port
              Send authentication packet  to Nuauth port.

       -U User ID
              Set nufw userid to User ID.

       -P User Password
              Set nufw password to User Password.

       -I Interval
              Set  connection  list  refresh  interval to Interval. This option is only useful if
              nuauth server is in POLL mode.

       -Z Service
              Set kerberos service name to Service.

       -C CertFile
              Use certificate file stored in the file CertFile to negotiate the TLS connection to
              nuauth.

       -A AuthorityFile
              Use  authority  file  stored  in  AuthorityFile  and  check  the validity of nuauth
              certificate against this authority.  Nutcpc will leave if this is not the case.

       -K KeyFile
              Use key file stored in the file KeyFile to negotiate the TLS connection to nuauth.

       -W CertPass
              Use the passphrase CertPass to decrypt the certificate. Check the -q option if  you
              use this.

       -R CrlFile
              Use  certificate  revocation  list file stored in the file CrlFile to negotiate the
              TLS connection to nuauth. nutcpc reloads this file if  it  gets  disconnected  from
              nuauth  and  needs  to reconnect. Since version 2.2.19, nutcpc reloads the CRL file
              when receiving a HUP signal.

       -a NuauthDN
              Verify that the certificate given by nuauth has a DN equal to NuauthDN. Nutcpc will
              leave if this is not the case.

       -Q     Suppress warning if no certificate authority is configured.

       -N     Suppress error if server FQDN does not match certificate CN.

LOCK FILE

       By default, the lock file set by nutcpc is at ~/.nufw/nutcpc.

CERTIFICATE AUTHENTICATION

       User  authentication can be done using a certificate and a private key. Such a method will
       be used, if nutcpc can find  a  certificate  at  ~/.nufw/cert.pem  and  the  corresponding
       private key at ~/.nufw/key.pem. The server identity will be checked if a CA certificate is
       provided in ~/.nufw/cacert.pem. Certificates and key can also be provided on command  line
       or via nuclient.conf(5).

SIGNALS

       HUP    When receiving this signal, nutcpc attempts to immediately reconnect to the server,
              if disconnected. The signal is ignored in other cases.

SEE ALSO

       nufw(8)

       nuauth(8)

       nuclient.conf(5)

AUTHOR

       Nuauth was designed and coded by Eric Leblond, aka Regit (<eric@regit.org>) , and  Vincent
       Deffontaines,  aka  gryzor (<vincent@gryzor.com>). Original idea in 2001, while working on
       NSM Ldap support.

       This manual page was written by Eric Leblond.

       Permission is granted to copy, distribute and/or modify this document under the  terms  of
       the  GNU  Free  Documentation  License,  Version  2  as  published  by  the  Free Software
       Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts.

                                         14 November 2008                               NUTCPC(1)