OPENCRYPTOKI(7) openCryptoki OPENCRYPTOKI(7)NAME
openCryptoki - A PKCS#11 implementation.
DESCRIPTION
openCryptoki is an implementation of the PKCS#11 API standard. It provides an interface to the functions of underlying cryptographic
tokens, which may be implemented via software or hardware. The PKCS#11 specification has been released by RSA Labs. More information on
PKCS#11 can be found on the RSA labs website: http://www.rsa.com/rsalabs.
To use openCryptoki, run the pkcsslotd daemon. The daemon will read the opencryptoki.conf file to collect information about the tokens and
their slots.
Use the pkcsconf utility to further configure openCryptoki once the daemon is running.
SECURITY NOTE
All non-root users that require access to PKCS#11 tokens using openCryptoki must be assigned to the pkcs11 group to be able to communicate
with the pkcsslotd daemon. Only fully trusted users should be granted membership in the group. Group members can block other openCryptoki
users from accessing PKCS#11 tokens, and execute arbitrary code with the privileges of other openCryptoki users.
SEE ALSO pkcsslotd(8),
pkcsconf(1),
opencryptoki.conf(5).
3.0 May 2007 OPENCRYPTOKI(7)
Check Out this Related Man Page
PKCSICSF(1) openCryptoki PKCSICSF(1)NAME
pkcsicsf - configuration utility for the ICSF token
SYNOPSIS
pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]
DESCRIPTION
The pkcsicsf utility lists available ICSF tokens and allows user to add one specific ICSF token to opencryptoki.
The ICSF token must be added first to opencryptoki. This creates an entry in the opencryptoki.conf file for the ICSF token. It also creates
a token_name.conf configuration file in the same directory as the opencryptoki.conf file, containing ICSF specific information. This
information is read by the ICSF token.
The ICSF token must bind and authenticate to an LDAP server. The supported authentication mechanisms are simple and sasl. One of these
mechanisms must be entered when listing the available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only
one ICSF token.
The system admin can either allow the ldap calls to utilize exisiting ldap configs, such as ldap.conf or .ldaprc for bind and authentica-
tion information or set the bind and authentication information within opencryptoki by using this utility and its options. The information
will then be placed in the token_name.conf file to be used in the ldap calls. When using simple authentication, the user will be prompted
for the racf password when listing or adding a token.
OPTIONS -a token name
add the specified ICSF token to opencryptoki.
-b BINDND the distinguish name to bind when using simple authentication
-c client-cert-file
the client certificate file when using SASL authentication
-C CA-cert-file
the CA certificate file when using SASL authentication
-h show usage information
-k privatekey
the client private key file when using SASL authentication
-m mechanism
the authentication mechanism to use when binding to the LDAP server (this should be either simple or sasl)
-l list available ICSF tokens
-h show usage information
FILES
/etc/opencryptoki/opencryptoki.conf
the opencryptoki config file containing token configuration information
/etc/opencryptoki/token_name.conf
contains ICSF configuration information for the ICSF token
SEE ALSO opencryptoki(7),
pkcsslotd(8).
pkcsconf(8).
3.0 April 2013 PKCSICSF(1)
I am running iPlanet 6 on HP-UX 11, and presently all users can access the site.
There are 6000 users accessing the website from an Windows Network. I would like users to access the site, but would also like to log user ID's in the access log, without prompting users for an ID/Password.
Is... (1 Reply)
hi to all
i'm a newbie on aix.
how would i block temporarily a few users in accessing our aix server so that other users may not be affected by th cpu usage...because if all of them accessing our server the CPU utilization goes high...
thanks
winky (3 Replies)
All,
Stuck with a XTERM issue ?? For some users, who are having execute permission (valid users), it's not showing the scroll bar in the GUI. Whereas for other invalid users( who do not have the execute permission) shows the scroll bar in the GUI. Confused ??? what could be the problem ?? Even,... (2 Replies)
Hello for all!
This is the situation:
I must create many users that only can execute telnet and ping.
Create users is not a problem, but I donīt know how limit the users privileges, to only execute telnet and ping.
I hope you can help me.
Thank's for all.
Bye :)
PD: Sorry for my... (4 Replies)