Batch Processing of kconf.xml

kconf

General form:

kconf -i importfile|-I importlist -f configfile -a|-c|-u [-b backup] [-s service] [-g] [-l] [-p]

The kconf utility allows simple batch processing of the access control lists in the Connection Manager's configuration file, kconf.xml. This is particularly useful when adding large numbers of users to a system or when adding users programatically.
New users, or valid clients, are defined in an import-list. This can either be read from a plain text file, -i flag, or it can be specified as a comma-separated list on the command line, -I flag. The text file should contain one entry per line. Comments, starting with a # character, are allowed.
For example:

# List of new users to be added to Acme Bolts Ltd server.
jim
kath
john
alan
anna
paul

The name of the text file should end with a .txt suffix.
These new additions can either be added to the validusers (-u), validclients (-c) or the adminusers (-a) access control lists.
When adding new validusers or adminusers, then proper usernames should be used, patterns are not allowed. The kconf utility will warn if a username has no account on the system:

Warning: User fred has no account

but this will not prevent the user being added to the access control list as the account may be created at a later date. On Unix systems, the -l flag can be used to automatically create a .kcmlLogin for any new user. Specifying the -a flag will also add the new users to the validusers list.

When the Connection Manager is operating in an ASP environment, the new entries can be added to a access control list of a specific service by using the -s service flag. If the service doesn't currently define an access control list, then a it can be generated by using the -g flag.

The default kconf.xml that is installed with KCML may contain a validclient or validuser entry of * to allow access to any network address and user. This can be removed by the -p flag, so that access really is restricted to the named network address or users.

Examples

Add the list a new users, defined in newusers.txt, to the validusers section of kconf.xml:

kconf -i newusers.txt -f kconf.xml -u

While

kconf -i newusers.txt -f kconf.xml -u -s Live -b kconf.backup

would copy kconf.xml to kconf.backup and then also add the list of users to the validuser list for the Live service.

Add a new sub-net to the validclients list:

kconf -I '100.200.50.*' -f kconf.xml -c

Note the use of quotes around the IP-address pattern, this is to protect against the expansion of patterns by the command shell, just in case a filename matches 100.200.50.* .

Command line flags

Flag	Purpose
-a	Import list is added to the adminusers and the validusers list.
-b backupFile	kconf.xml is copied to backupFile before any changes are made.
-c	Import list is added to the validclients list.
-f configFile	Location of the kconf.xml configuration file.
-g	If the access control list doesn't exist, then generate a new one.
-i importFile	Read the import list from importFile.
-I entry1,entry2,entry3	Specify new list entries on the command line.
-l	The .kcmlLogin file is created for any new validuser.
-p	Delete an access control list entry of * from kconf.xml.
-s service	Import list is also added to the access control list for the specfied service.
-u	Import list is added to the validusers list.

Return values

Value	Meaning
0	Success.
1	New entries were added, but some warnings were issued.
2	Error.