JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 1M: System Administration Commands     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Introduction

System Administration Commands - Part 1

6to4relay(1M)

accept(1M)

acct(1M)

acctadm(1M)

acctcms(1M)

acctcon1(1M)

acctcon(1M)

acctcon2(1M)

acctdisk(1M)

acctdusg(1M)

acctmerg(1M)

accton(1M)

acctprc1(1M)

acctprc(1M)

acctprc2(1M)

acctsh(1M)

acctwtmp(1M)

acpihpd(1M)

adbgen(1M)

add_allocatable(1M)

addbadsec(1M)

add_drv(1M)

add_install_client(1M)

add_to_install_server(1M)

afbconfig(1M)

apache(1M)

arp(1M)

atohexlabel(1M)

audit(1M)

auditconfig(1M)

auditd(1M)

auditrecord(1M)

auditreduce(1M)

auditstat(1M)

audit_warn(1M)

automount(1M)

automountd(1M)

autopush(1M)

bart(1M)

beadm(1M)

boot(1M)

bootadm(1M)

bootconfchk(1M)

bootparamd(1M)

busstat(1M)

cachefsd(1M)

cachefslog(1M)

cachefspack(1M)

cachefsstat(1M)

cachefswssize(1M)

captoinfo(1M)

catman(1M)

cfgadm(1M)

cfgadm_ac(1M)

cfgadm_cardbus(1M)

cfgadm_fp(1M)

cfgadm_ib(1M)

cfgadm_pci(1M)

cfgadm_sata(1M)

cfgadm_sbd(1M)

cfgadm_scsi(1M)

cfgadm_sdcard(1M)

cfgadm_shp(1M)

cfgadm_sysctrl(1M)

cfgadm_usb(1M)

cfsadmin(1M)

chargefee(1M)

chat(1M)

check(1M)

check-hostname(1M)

check-permissions(1M)

chk_encodings(1M)

chroot(1M)

cimworkshop(1M)

ckpacct(1M)

clear_locks(1M)

clinfo(1M)

closewtmp(1M)

clri(1M)

comsat(1M)

consadm(1m)

conv_lp(1M)

conv_lpd(1M)

coreadm(1M)

cpustat(1M)

cron(1M)

cryptoadm(1M)

cvcd(1M)

datadm(1M)

dcopy(1M)

dcs(1M)

dd(1M)

devattr(1M)

devfree(1M)

devfsadm(1M)

devfsadmd(1M)

device_allocate(1M)

device_remap(1M)

devinfo(1M)

devlinks(1M)

devnm(1M)

devprop(1M)

devreserv(1M)

df(1M)

dfmounts(1M)

dfmounts_nfs(1M)

dfshares(1M)

dfshares_nfs(1M)

df_ufs(1M)

dhcpagent(1M)

dhcpconfig(1M)

dhcpmgr(1M)

dhtadm(1M)

dig(1M)

directoryserver(1M)

disks(1M)

diskscan(1M)

dispadmin(1M)

dladm(1M)

dlmgmtd(1M)

dlstat(1M)

dmesg(1M)

dminfo(1M)

dns-sd(1M)

dnssec-dsfromkey(1M)

dnssec-keyfromlabel(1M)

dnssec-keygen(1M)

dnssec-makekeyset(1M)

dnssec-signkey(1M)

dnssec-signzone(1M)

dodisk(1M)

domainname(1M)

drd(1M)

drvconfig(1M)

dsbitmap(1M)

dscfg(1M)

dscfgadm(1M)

dscfglockd(1M)

dsstat(1M)

dsvclockd(1M)

dtrace(1M)

dumpadm(1M)

editmap(1M)

edquota(1M)

eeprom(1M)

efdaemon(1M)

embedded_su(1M)

etrn(1M)

fbconfig(1M)

fbconf_xorg(1M)

fcadm(1M)

fcinfo(1M)

fdetach(1M)

fdisk(1M)

ff(1M)

ffbconfig(1M)

ff_ufs(1M)

fingerd(1M)

fiocompress(1M)

flar(1M)

flarcreate(1M)

flowadm(1M)

flowstat(1M)

fmadm(1M)

fmd(1M)

fmdump(1M)

fmstat(1M)

fmthard(1M)

format(1M)

fpsd(1M)

fruadm(1M)

fsck(1M)

fsck_cachefs(1M)

fsck_pcfs(1M)

fsck_udfs(1M)

fsck_ufs(1M)

fsdb(1M)

fsdb_udfs(1M)

fsdb_ufs(1M)

fsirand(1M)

fssnap(1M)

fssnap_ufs(1M)

fsstat(1M)

fstyp(1M)

ftpaddhost(1M)

ftpconfig(1M)

ftpd(1M)

ftprestart(1M)

ftpshut(1M)

fuser(1M)

fwflash(1M)

fwtmp(1M)

getdev(1M)

getdevpolicy(1M)

getdgrp(1M)

getent(1M)

gettable(1M)

getty(1M)

getvol(1M)

GFXconfig(1M)

gkadmin(1M)

groupadd(1M)

groupdel(1M)

groupmod(1M)

growfs(1M)

grpck(1M)

gsscred(1M)

gssd(1M)

hald(1M)

hal-device(1M)

hal-fdi-validate(1M)

hal-find(1M)

hal-find-by-capability(1M)

hal-find-by-property(1M)

hal-get-property(1M)

hal-set-property(1M)

halt(1M)

hextoalabel(1M)

host(1M)

hostconfig(1M)

hotplug(1M)

hotplugd(1M)

htable(1M)

ickey(1M)

id(1M)

idmap(1M)

idmapd(1M)

idsconfig(1M)

ifconfig(1M)

if_mpadm(1M)

ifparse(1M)

iiadm(1M)

iicpbmp(1M)

iicpshd(1M)

ikeadm(1M)

ikecert(1M)

ilbadm(1M)

ilbd(1M)

imqadmin(1M)

imqbrokerd(1M)

imqcmd(1M)

imqdbmgr(1M)

imqkeytool(1M)

imqobjmgr(1M)

imqusermgr(1M)

in.chargend(1M)

in.comsat(1M)

in.daytimed(1M)

in.dhcpd(1M)

in.discardd(1M)

in.echod(1M)

inetadm(1M)

inetconv(1M)

inetd(1M)

in.fingerd(1M)

infocmp(1M)

in.ftpd(1M)

in.iked(1M)

init(1M)

init.sma(1M)

init.wbem(1M)

inityp2l(1M)

in.lpd(1M)

in.mpathd(1M)

in.named(1M)

in.ndpd(1M)

in.rarpd(1M)

in.rdisc(1M)

in.rexecd(1M)

in.ripngd(1M)

in.rlogind(1M)

in.routed(1M)

in.rshd(1M)

in.rwhod(1M)

install(1M)

installboot(1M)

installer(1M)

installf(1M)

installgrub(1M)

install_scripts(1M)

install-solaris(1M)

in.stdiscover(1M)

in.stlisten(1M)

in.talkd(1M)

in.telnetd(1M)

in.tftpd(1M)

in.timed(1M)

intrd(1M)

intrstat(1M)

in.uucpd(1M)

iostat(1M)

ipaddrsel(1M)

ipadm(1M)

ipf(1M)

ipfs(1M)

ipfstat(1M)

ipmgmtd(1M)

ipmon(1M)

ipmpstat(1M)

ipnat(1M)

ippool(1M)

ipqosconf(1M)

ipsecalgs(1M)

ipsecconf(1M)

ipseckey(1M)

iscsiadm(1M)

isns(1M)

isnsadm(1M)

itadm(1M)

itu(1M)

k5srvutil(1M)

kadb(1M)

kadmin(1M)

kadmind(1M)

kadmin.local(1M)

kcfd(1M)

kclient(1M)

kdb5_ldap_util(1M)

kdb5_util(1M)

kdcmgr(1M)

kernel(1M)

keyserv(1M)

killall(1M)

kmscfg(1M)

kprop(1M)

kpropd(1M)

kproplog(1M)

krb5kdc(1M)

ksslcfg(1M)

kstat(1M)

ktkt_warnd(1M)

labeld(1M)

labelit(1M)

labelit_hsfs(1M)

labelit_udfs(1M)

labelit_ufs(1M)

lastlogin(1M)

latencytop(1M)

ldapaddent(1M)

ldap_cachemgr(1M)

ldapclient(1M)

ldmad(1M)

link(1M)

listdgrp(1M)

listen(1M)

llc2_loop(1M)

lms(1M)

localeadm(1M)

localectr(1M)

locator(1M)

lockd(1M)

lockfs(1M)

lockstat(1M)

lofiadm(1M)

logadm(1M)

logins(1M)

lpadmin(1M)

lpfilter(1M)

lpforms(1M)

lpget(1M)

lpmove(1M)

lpsched(1M)

lpset(1M)

lpshut(1M)

lpsystem(1M)

lpusers(1M)

lu(1M)

luactivate(1M)

lucancel(1M)

lucompare(1M)

lucreate(1M)

lucurr(1M)

ludelete(1M)

ludesc(1M)

lufslist(1M)

lumake(1M)

lumount(1M)

lurename(1M)

lustatus(1M)

luumount(1M)

luupgrade(1M)

luxadm(1M)

m64config(1M)

mail.local(1M)

System Administration Commands - Part 2

System Administration Commands - Part 3

kmscfg

- configure the PKCS#11 KMS provider

Synopsis

kmscfg
kmscfg -p[rofile] Profile_Name
kmscfg -a[gent] Agent_ID
kmscfg -i[paddr] Agent_Address
kmscfg -t[imeout] Transaction_Timeout
kmscfg -f[ailover] Failover_Limit
kmscfg -d[iscovery] Discovery_Freq

Description

The kmscfg command is used to initialize a PKCS#11 KMS provider (pkcs11_kms) for use with the Solaris Cryptographic Framework. In order for the KMS provider to communicate with the KMS, it must have some configuration information available. This configuration data contains information such as the name of the profile to be used, the name of the KMS Agent, the IP address of the KMS server, and some other parameters (see SYNOPSIS).

By default, kmscfg stores the configuration information in /var/kms/$USERNAME. This directory will be created if it is not already present. If the configuration is already detected, the user will be given the option to override the existing data. The default location can be overriden by using the KMSTOKEN_DIR environment variable, which must be set prior to invoking kmscfg.

Prior to running kmscfg, the KMS administrator must have performed the required initialization and configuration steps on the KMS itself to setup the individual Profiles and Agents that PKCS11 KMS consumers will use. The instructions for configuring a KMS are available in the KMS 2.2 Administration Guide (http://docs.sun.com/app/docs/doc/316195103AA).

Once the administrator has configured the KMS, the necessary identification information (profile name, agent ID, IP address) must be provided to be able to run kmscfg and initialize the provider on the Oracle Solaris client.

Options

The options listed below are supported. Note that if the profile, agent id, or agent address are not specified on the command line, kmscfg prompts you to provide these items.

-a Agent_ID

The user agent ID to be used for the KMS token being configured. It is not unusual for the Profile and Agent ID to be the same, for example, MyAgent.

-d Discovery_Freq

Frequency with which the client will try to discover the availability of other KMS servers. If not specified, Discovery_Freq defaults to 10.

-f Failover_Limit

The number of times communications to the KMS can fail before the client gives up. If not specified, Failover_Limit defaults to 3.

-i Agent_Addr

Address of the KMS. This can be an IPv4 address (xxx.xxx.xxx.xxx) or an IPv6 address. If an IPv6 address is used, it must be enclosed in brackets. For example: [2001:0DB8:AC10:FE01] A fully qualified host name can also be used, as long as that name can be resolved by the name service configured on the client.

-p Profile_Name

The name of the KMS profile to be used for the KMS token being configured.

-t Transaction_Timeout

Timeout period for individual KMS commands, in seconds. If not specified, this value defaults to 10.

Exit Status

After completing the requested operation, kmscfg exits with one of the following status values.

0

Successful termination.

1

Failure. The requested operation could not be completed.

Files

/var/kms/$USERNAME

Default KMS token configuration directory.

${KMSTOKEN_DIR}

Alternate KMS token configuration directory.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
/system/library/security/crypto/pkcs11_kms
Interface Stability
Volatile

See Also

pktool(1), attributes(5), pkcs11_kms(5)

KMS 2.2 Administration Guide (http://docs.sun.com/app/docs/doc/316195103AA)