1PKCSICSF(1)                      openCryptoki                      PKCSICSF(1)
2
3
4

NAME

6       pkcsicsf - configuration utility for the ICSF token
7
8

SYNOPSIS

10       pkcsicsf  [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C
11       CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]
12
13

DESCRIPTION

15       The pkcsicsf utility lists available ICSF tokens and allows user to add
16       one specific ICSF token to opencryptoki.
17
18       The ICSF token must be added first to opencryptoki. This creates an en‐
19       try in the opencryptoki.conf file for the ICSF token. It also creates
20        a token_name.conf configuration file in  the  same  directory  as  the
21       opencryptoki.conf file, containing ICSF specific information.  This in‐
22       formation is read by the ICSF token.
23
24       The ICSF token must bind and authenticate to an LDAP server.  The  sup‐
25       ported  authentication  mechanisms  are  simple and sasl.  One of these
26       mechanisms must be entered when listing the available  ICSF  tokens  or
27       when  adding an ICSF token. Opencryptoki currently supports adding only
28       one ICSF token.
29
30       The system admin can either allow the ldap calls  to  utilize  existing
31       ldap  configs, such as ldap.conf or .ldaprc for bind and authentication
32       information or set the bind and authentication information within open‐
33       cryptoki  by  using this utility and its options.  The information will
34       then be placed in the token_name.conf file  to  be  used  in  the  ldap
35       calls.  When using simple authentication, the user will be prompted for
36       the racf password when listing or adding a token.
37
38       The pkcsicsf utility must be run as root when adding an ICSF  token  to
39       opencryptoki.
40
41

OPTIONS

43       -a token name
44                 add the specified ICSF token to opencryptoki.
45
46       -b BINDND the distinguish name to bind when using simple authentication
47
48       -c client-cert-file
49                 the client certificate file when using SASL authentication
50
51       -C CA-cert-file
52                 the CA certificate file when using SASL authentication
53
54       -h        show usage information
55
56       -k privatekey
57                 the client private key file when using SASL authentication
58
59       -m mechanism
60                 the  authentication mechanism to use when binding to the LDAP
61                 server (this should be either simple or sasl)
62
63       -l        list available ICSF tokens
64
65       -h        show usage information
66
67

FILES

69       /etc/opencryptoki/opencryptoki.conf
70              the opencryptoki config file containing token configuration  in‐
71              formation
72
73       /etc/opencryptoki/token_name.conf
74              contains ICSF configuration information for the ICSF token
75
76

SEE ALSO

78       opencryptoki(7),
79       pkcsslotd(8).
80       pkcsconf(8).
81
82
83
843.21.0                            April 2013                       PKCSICSF(1)
Impressum