Provided by: nutcpc_2.4.3-2.1build1_i386 bug


       nutcpc - NuFW console-mode client for GNU/Linux and BSD systems


       nutcpc  [ -d  ] [ -l  ] [ -k  ] [ -c  ] [ -V  ] [ -h  ] [ -q  ] [ -Q  ]
       [ -N  ] [ -H Nuauth IP ] [ -p Nuauth  port   ]  [  -U  UserID  ]  [  -P
       UserPassword  ]  [  -I  Interval  ] [ -Z Service ] [ -C CertFile ] [ -A
       AuthorityFile ] [ -K KeyFile ] [ -W CertPass ] [  -R  CrlFile  ]  [  -a
       NuauthDN ]


       This manual page documents the nutcpc command.

       nutcpc  is  a console-mode client for the NuFW authenticating firewall.
       It sends authentication packets to the nuauth  server.  All  parameters
       can  be  set  on  commandline but nutcpc can also be configured via the
       file nuclient.conf(5).

       Original  packaging  and  informations  and  help  can  be  found  from


       -d     Debug mode, don't go into background.

       -l     Do  not  verify whether lock file exists before starting. And do
              not create lock file.

       -k     Kill existing instances of the  program  running  on  our  local

       -c     Check  if a client is already running. Return error if no client
              are running.

       -V     Issues program version and exits.

       -h     Issues usage details and exits.

       -q     Do not display running nutcpc options on "ps". Useful when using

       -H Nuauth IP
              Send authentication packet  to Nuauth IP.

       -p Nuauth port
              Send authentication packet  to Nuauth port.

       -U User ID
              Set nufw userid to User ID.

       -P User Password
              Set nufw password to User Password.

       -I Interval
              Set connection list refresh interval to Interval. This option is
              only useful if nuauth server is in POLL mode.

       -Z Service
              Set kerberos service name to Service.

       -C CertFile
              Use certificate file stored in the file  CertFile  to  negotiate
              the TLS connection to nuauth.

       -A AuthorityFile
              Use  authority  file  stored  in  AuthorityFile  and  check  the
              validity of nuauth certificate against this  authority.   Nutcpc
              will leave if this is not the case.

       -K KeyFile
              Use  key  file  stored  in the file KeyFile to negotiate the TLS
              connection to nuauth.

       -W CertPass
              Use the passphrase CertPass to decrypt  the  certificate.  Check
              the -q option if you use this.

       -R CrlFile
              Use  certificate revocation list file stored in the file CrlFile
              to negotiate the TLS connection to nuauth. nutcpc  reloads  this
              file if it gets disconnected from nuauth and needs to reconnect.
              Since version 2.2.19, nutcpc reloads the CRL file when receiving
              a HUP signal.

       -a NuauthDN
              Verify  that  the  certificate given by nuauth has a DN equal to
              NuauthDN. Nutcpc will leave if this is not the case.

       -Q     Suppress warning if no certificate authority is configured.

       -N     Suppress error if server FQDN does not match certificate CN.


       By default, the lock file set by nutcpc is at ~/.nufw/nutcpc.


       User authentication can be done using a certificate and a private  key.
       Such  a  method  will  be  used,  if  nutcpc  can find a certificate at
       ~/.nufw/cert.pem and the corresponding private key at  ~/.nufw/key.pem.
       The  server identity will be checked if a CA certificate is provided in
       ~/.nufw/cacert.pem. Certificates  and  key  can  also  be  provided  on
       command line or via nuclient.conf(5).


       HUP    When  receiving  this  signal,  nutcpc  attempts  to immediately
              reconnect to the server, if disconnected. The signal is  ignored
              in other cases.






       Nuauth   was   designed   and   coded   by   Eric  Leblond,  aka  Regit
       (<>)   ,   and   Vincent   Deffontaines,    aka    gryzor
       (<>).  Original  idea  in  2001, while working on NSM
       Ldap support.

       This manual page was written by Eric Leblond.

       Permission is granted to copy, distribute and/or modify  this  document
       under  the  terms  of  the GNU Free Documentation License, Version 2 as
       published by the Free Software Foundation; with no Invariant  Sections,
       no Front-Cover Texts and no Back-Cover Texts.

                               14 November 2008                      NUTCPC(1)