1PKCSICSF(1) openCryptoki PKCSICSF(1)
2
3
4
6 pkcsicsf - configuration utility for the ICSF token
7
8
10 pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C
11 CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]
12
13
15 The pkcsicsf utility lists available ICSF tokens and allows user to add
16 one specific ICSF token to opencryptoki.
17
18 The ICSF token must be added first to opencryptoki. This creates an en‐
19 try in the opencryptoki.conf file for the ICSF token. It also creates
20 a token_name.conf configuration file in the same directory as the
21 opencryptoki.conf file, containing ICSF specific information. This in‐
22 formation is read by the ICSF token.
23
24 The ICSF token must bind and authenticate to an LDAP server. The sup‐
25 ported authentication mechanisms are simple and sasl. One of these
26 mechanisms must be entered when listing the available ICSF tokens or
27 when adding an ICSF token. Opencryptoki currently supports adding only
28 one ICSF token.
29
30 The system admin can either allow the ldap calls to utilize existing
31 ldap configs, such as ldap.conf or .ldaprc for bind and authentication
32 information or set the bind and authentication information within open‐
33 cryptoki by using this utility and its options. The information will
34 then be placed in the token_name.conf file to be used in the ldap
35 calls. When using simple authentication, the user will be prompted for
36 the racf password when listing or adding a token.
37
38 The pkcsicsf utility must be run as root when adding an ICSF token to
39 opencryptoki.
40
41
43 -a token name
44 add the specified ICSF token to opencryptoki.
45
46 -b BINDND the distinguish name to bind when using simple authentication
47
48 -c client-cert-file
49 the client certificate file when using SASL authentication
50
51 -C CA-cert-file
52 the CA certificate file when using SASL authentication
53
54 -h show usage information
55
56 -k privatekey
57 the client private key file when using SASL authentication
58
59 -m mechanism
60 the authentication mechanism to use when binding to the LDAP
61 server (this should be either simple or sasl)
62
63 -l list available ICSF tokens
64
65 -h show usage information
66
67
69 /etc/opencryptoki/opencryptoki.conf
70 the opencryptoki config file containing token configuration in‐
71 formation
72
73 /etc/opencryptoki/token_name.conf
74 contains ICSF configuration information for the ICSF token
75
76
78 opencryptoki(7),
79 pkcsslotd(8).
80 pkcsconf(8).
81
82
83
843.21.0 April 2013 PKCSICSF(1)