A.2 Key File Utility for UNIX Agents

The NetIQ Corporation key file generation program, NQKeyGenUNIX.exe, is a command-line program used to set the security level for a site and to generate and manage public/private keys for secure communication between the management server and UNIX managed computers. This utility is installed in the NetIQ\AppManager\bin folder when you run the AppManager setup program.

The basic syntax for the NQKeyGenUnix.exe program is:

NQKeyGenUnix -option value

NOTE:If you type NQKeyGenUnix without specifying any options, the program displays usage information.

The program supports the following command-line options.

Option	Description
-db	Specifies the login information for connecting to the repository using the following format: NQKeyGenUnix -db database_name:user_name:sql_server For example: NQKeyGenUnix -db qdb:smithj:nyc2003 If you are using Windows authentication to connect to the repository, leave the username blank. If you are using SQL Server authentication, type a SQL Server username for connecting to the repository. The program prompts for the password to use for the SQL Server account. NOTE:Most other options require you to specify connection information.
-new	Creates a record in the repository for the public/private key pair used to authenticate the management server to your UNIX agents. You must specify a password to create the key. For example: NQKeyGenUnix -db db:user:sqlsvr -new To create a new key file to share across multiple repositories on a computer other than the repository, you can use the command: NQKeyGenUnix -new filelocation This option creates a new private/public key pair with password protection in the specified file location without checking the new key into the repository. NOTE:When you use the -new option, the NQKeyGenUnix utility prompts you to provide a key pair password.
-change	Changes the public/private key stored in the repository to use the new key file you specify. You must specify the key file password you used to create the key pair and the location of the key file to use. For example: NQKeyGenUnix -db db:user:sqlsvr -change filelocation This option enables you to check an existing key from a key file into a new repository when you want to share a key file across multiple repositories and management servers. NOTE:When you use this option, you are prompted for the password you specified when you created the key pair.
-ckey	Extracts just the public key portion of the key file stored in the repository. You must specify a location for the public key file. For example: NQKeyGenUnix -db db:user:sqlsvr -ckey filelocation Once you extract the public portion of the key, you can copy the file and distribute it to your UNIX agents for authentication purposes.
-skey	Extracts the public and private key stored in the repository. You must specify a location for the key file. For example: NQKeyGenUnix -db db:user:sqlsvr -skey filelocation This option is used to check out the current key pair into a password-protected file. This file then can be checked into a different repository using the -change option.
-seclev	Sets the security level in the repository for communication between the management server and UNIX agents. The valid security levels are: 0 for no security 1 for encryption only security 2 for authentication of the management server 9 to remove all historical key-pairs while maintaining the current security level Removing historical key pairs enables you to manually expire older keys, as needed. NOTE:If you change the security level, the change takes effect when the management server is restarted. For example, to set the security level to use authentication of the management server: NQKeyGenUnix -db db:user:sqlsvr -seclev 2
-verify	Verifies the password and encrypted key file location are correct and can be imported into the repository. To use this option, you must specify the password used to create the public/private key and the location of the key file extracted from the repository. For example: NQKeyGenUnix -verify filelocation NOTE:When you use this option, you are prompted for the password you specified when you created the key pair.
-ckeyinfo	Display the public portion of the key as it is stored in the repository. For example: NQKeyGenUnix -db db:user:sqlsvr -ckeyinfo This option is useful for comparing the public key information stored in the repository with the public key information recorded in the UNIX agent log file to verify whether the correct key is being used.