bsmconv, bsmunconv - enable or disable the Basic Security
Module (BSM) on Solaris
The bsmconv and bsmunconv scripts are used to enable or dis-
able the BSM features on a Solaris system. The optional
argument rootdir is a list of one or more root directories
of diskless clients which have already been configured by
way of the Host Manager, see admintool(1M)
To enable or disable BSM on a diskless client, a server, or
a stand-alone system, logon as super-user to the system
being converted and use the bsmconv or bsmunconv commands
without any options.
To enable or disable BSM on a diskless client from that
client's server, logon to the server as super-user and use
bsmconv, specifying the root directory of each diskless
client you wish to affect. For example, the command:
myhost# bsmconv /export/root/client1 /export/root/client2
enables BSM on the two machines named client1 and client2.
While the command:
enables BSM only on the machine called myhost. It is no
longer necessary to enable BSM on both the server and its
After running bsmconv the system can be configured by edit-
ing the files in /etc/security. Each diskless client has its
own copy of configuration files in its root directory. You
might want to edit these files before rebooting each client.
Following the completion of either script, the affected
system(s) should be rebooted to allow the auditing subsystem
to come up properly initialized.
The following files are created by bsmconv:
Administrative file defining the mapping of device
special files to allocatable device names.
Administrative file defining parameters for device
See attributes(5) for descriptions of the following attri-
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWcsr |
admintool(1M), auditconfig(1M), auditd(1M),
audit_startup(1M), audit.log(4), audit_control(4), attri-
Man(1) output converted with