kcweb(1M) kcweb(1M)
NAME [Toc] [Back]
kcweb - start the HP-UX kernel configuration tool (a Web interface)
SYNOPSIS [Toc] [Back]
kcweb [-h hostname ] [-F ]
kcweb -c
kcweb -s ( stop | startssl | status | restart )
DESCRIPTION [Toc] [Back]
The HP-UX Kernel Configuration tool (kcweb) user interface uses a Web
browser. Executing the kcweb command without any options performs the
following tasks:
+ create server certificates if needed
+ start the management Web server if it is not running
+ start a Web client (browser)
An attempt will be made to connect to a Mozilla/Netscape Web browser
running on the X server defined by the DISPLAY environment variable.
If a running Mozilla/Netscape client is found, it will be used,
otherwise a new Mozilla/Netscape session will be initiated. This will
only happen if the Mozilla/Netscape process is running in the same
system as that referenced by the DISPLAY variable, unless the -F
option is used.
Note: By default, the HP-UX kernel configuration tool (kcweb) invokes
the Mozilla Web browser. If you want to support any other browser
(Netscape), set the $BROWSER environment variable as shown below:
export BROWSER=/opt/netscape/netscape
If kcweb is executed without any options, the server will stop
automatically after a period of inactivity. If the server is started
explicitly using the "kcweb -s startssl", it will run until the system
is rebooted or the server is stopped with "kcweb -s stop".
Options [Toc] [Back]
kcweb recognizes the following options:
-h hostname Configure a remote system ( hostname ), using a client
on the local system. The kcweb server on the remote
system must already be running.
-F Forces a client browser to be used in less secure ways.
Two security features are overridden by the -F option.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2.0: May 2003
kcweb(1M) kcweb(1M)
The -F option forces the client browser to be used or
started, even if the X-traffic between the X-server and
the Mozilla/Netscape browser is not secure.
If kcweb is executed by root with the -F option, a
temporary login bypass key will be generated. The
bypass key allows the user to access the Web interface
without having to provide login information again.
Only use this option if you are sure the network
traffic between the host where Mozilla/Netscape browser
is running, and the host in the DISPLAY variable is
secure.
When kcweb is invoked by SAM, the -F option is used.
-c Forces the creation of new server certificates. This
can be performed if the server's certificates expire,
or if the security of the certificates has been
compromised. When new certificates are created, the
kcweb command will also restart the kcweb Web server.
The -c option is only available to the user "root",
because it requires creation of an SSL certificate.
-s (stop|startssl|status|restart)
The -s option is only available to the user "root."
stop stops the running kcweb Web server.
startssl starts the kcweb Web server, if started
this way, it will run until rebooted or
until stopped with "kcweb -s stop".
status displays the status of the kcweb Web
server.
restart stops and then starts (startssl) the
kcweb Web server.
Security Certificates [Toc] [Back]
kcweb will generate an SSL certificate authority and use that to sign
a generated SSL certificate. Because this certificate is self signed,
your web browser will probably prompt you to see if you want to accept
this certificate before it connects to the HP-UX kernel configuration
application.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2.0: May 2003
kcweb(1M) kcweb(1M)
It is possible to accept these certificates each time, just for the
session, or you can accept the certificates on a permanent basis (10
years), and not have to accept them again later.
kcweb regenerates the certificates when they are not there, if the
hostname is changed on the system, or when the "-c" option is used.
Online Help [Toc] [Back]
Once the HP-UX kernel configuration tool is started, the online help
provides details on how to use the tool.
RETURN VALUE [Toc] [Back]
Upon completion, kcweb returns one of the following values:
0 Successful.
1 An error occurred.
WARNINGS [Toc] [Back]
Accepting a certificate saves an identifier for the certificate in a
file where the browser is running. If you reinstall the kcweb gui, the
certificate will be altered, and some browsers report the change in id
as a potential security violation.
When this happens, you have to instruct your browser to delete the
saved certificate. On Mozilla, this is done by selecting the
"Mozilla->Edit->Preferences" menu pick. On the resulting dialog box,
select the "Privacy & Security" category and choose the "Certificates"
option. In the "Certificates" window, choose the "Manage Certificates"
button. The "Certificate Manager" window is displayed. In the "Your
Certificates" tab, delete any certificates for machine associated with
the security violation by choosing the "Delete" button.
On Netscape 4.7x this is done by selecting the
"Communicator:Tools:Security Info" menu pick. On the resulting dialog
box, select the "Certificates:Web Sites" area and delete any
certificates for machine associated with the security violation.
AUTHORS [Toc] [Back]
kcweb was developed by Hewlett-Packard.
SEE ALSO [Toc] [Back]
kctune(1M), kcalarm(1M), kcusage(1M), kclog(1M), kcmond(1M),
kcmodule(1M)
Hewlett-Packard Company - 3 - HP-UX 11i Version 2.0: May 2003 [ Back ] |
