SYNOPSIS
pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]
DESCRIPTION
The pkcsicsf utility lists available ICSF tokens and allows user to add one specific ICSF token to opencryptoki.
The ICSF token must be added first to opencryptoki. This creates an
entry in the opencryptoki.conf file for the ICSF token. It also creates
a token_name.conf configuration file in the same directory as
the opencryptoki.conf file, containing ICSF specific information.
This information is read by the ICSF token.
The ICSF token must bind and authenticate to an LDAP server. The supported authentication mechanisms are simple and sasl. One of these mechanisms must be entered when listing the available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only one ICSF token.
The system admin can either allow the ldap calls to utilize existing ldap configs, such as ldap.conf or .ldaprc for bind and authentication information or set the bind and authentication information within opencryptoki by using this utility and its options. The information will then be placed in the token_name.conf file to be used in the ldap calls. When using simple authentication, the user will be prompted for the racf password when listing or adding a token.
OPTIONS
- -a token name
- add the specified ICSF token to opencryptoki.
- -b BINDND
- the distinguish name to bind when using simple authentication
- -c client-cert-file
- the client certificate file when using SASL authentication
-C CA-cert-file - the CA certificate file when using SASL authentication
- -h
- show usage information
- -k privatekey
- the client private key file when using SASL authentication
- -m mechanism
- the authentication mechanism to use when binding to the LDAP server (this should be either simple or sasl)
- -l
- list available ICSF tokens
- -h
-
show usage information
FILES
- /etc/opencryptoki/opencryptoki.conf
- the opencryptoki config file containing token configuration information
- /etc/opencryptoki/token_name.conf
-
contains ICSF configuration information for the ICSF token