Skip Navigation Links | |
Exit Print View | |
man pages section 1M: System Administration Commands Oracle Solaris 11 Express 11/10 |
- configure the PKCS#11 KMS provider
kmscfg
kmscfg -p[rofile] Profile_Name
kmscfg -a[gent] Agent_ID
kmscfg -i[paddr] Agent_Address
kmscfg -t[imeout] Transaction_Timeout
kmscfg -f[ailover] Failover_Limit
kmscfg -d[iscovery] Discovery_Freq
The kmscfg command is used to initialize a PKCS#11 KMS provider (pkcs11_kms) for use with the Solaris Cryptographic Framework. In order for the KMS provider to communicate with the KMS, it must have some configuration information available. This configuration data contains information such as the name of the profile to be used, the name of the KMS Agent, the IP address of the KMS server, and some other parameters (see SYNOPSIS).
By default, kmscfg stores the configuration information in /var/kms/$USERNAME. This directory will be created if it is not already present. If the configuration is already detected, the user will be given the option to override the existing data. The default location can be overriden by using the KMSTOKEN_DIR environment variable, which must be set prior to invoking kmscfg.
Prior to running kmscfg, the KMS administrator must have performed the required initialization and configuration steps on the KMS itself to setup the individual Profiles and Agents that PKCS11 KMS consumers will use. The instructions for configuring a KMS are available in the KMS 2.2 Administration Guide (http://docs.sun.com/app/docs/doc/316195103AA).
Once the administrator has configured the KMS, the necessary identification information (profile name, agent ID, IP address) must be provided to be able to run kmscfg and initialize the provider on the Oracle Solaris client.
The options listed below are supported. Note that if the profile, agent id, or agent address are not specified on the command line, kmscfg prompts you to provide these items.
The user agent ID to be used for the KMS token being configured. It is not unusual for the Profile and Agent ID to be the same, for example, MyAgent.
Frequency with which the client will try to discover the availability of other KMS servers. If not specified, Discovery_Freq defaults to 10.
The number of times communications to the KMS can fail before the client gives up. If not specified, Failover_Limit defaults to 3.
Address of the KMS. This can be an IPv4 address (xxx.xxx.xxx.xxx) or an IPv6 address. If an IPv6 address is used, it must be enclosed in brackets. For example: [2001:0DB8:AC10:FE01] A fully qualified host name can also be used, as long as that name can be resolved by the name service configured on the client.
The name of the KMS profile to be used for the KMS token being configured.
Timeout period for individual KMS commands, in seconds. If not specified, this value defaults to 10.
After completing the requested operation, kmscfg exits with one of the following status values.
Successful termination.
Failure. The requested operation could not be completed.
Default KMS token configuration directory.
Alternate KMS token configuration directory.
See attributes(5) for descriptions of the following attributes:
|
pktool(1), attributes(5), pkcs11_kms(5)
KMS 2.2 Administration Guide (http://docs.sun.com/app/docs/doc/316195103AA)