1PKCSICSF(1)                      openCryptoki                      PKCSICSF(1)
2
3
4

NAME

6       pkcsicsf - configuration utility for the ICSF token
7
8

SYNOPSIS

10       pkcsicsf  [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C
11       CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]
12
13

DESCRIPTION

15       The pkcsicsf utility lists available ICSF tokens and allows user to add
16       one specific ICSF token to opencryptoki.
17
18       The ICSF token must be added first to opencryptoki. This creates an en‐
19       try in the opencryptoki.conf file for the ICSF token. It also creates
20        a token_name.conf configuration file in  the  same  directory  as  the
21       opencryptoki.conf file, containing ICSF specific information.  This in‐
22       formation is read by the ICSF token.
23
24       The ICSF token must bind and authenticate to an LDAP server.  The  sup‐
25       ported  authentication  mechanisms  are  simple and sasl.  One of these
26       mechanisms must be entered when listing the available  ICSF  tokens  or
27       when  adding an ICSF token. Opencryptoki currently supports adding only
28       one ICSF token.
29
30       The system admin can either allow the ldap calls  to  utilize  existing
31       ldap  configs, such as ldap.conf or .ldaprc for bind and authentication
32       information or set the bind and authentication information within open‐
33       cryptoki  by  using this utility and its options.  The information will
34       then be placed in the token_name.conf file  to  be  used  in  the  ldap
35       calls.  When using simple authentication, the user will be prompted for
36       the racf password when listing or adding a token.
37
38

OPTIONS

40       -a token name
41                 add the specified ICSF token to opencryptoki.
42
43       -b BINDND the distinguish name to bind when using simple authentication
44
45       -c client-cert-file
46                 the client certificate file when using SASL authentication
47
48       -C CA-cert-file
49                 the CA certificate file when using SASL authentication
50
51       -h        show usage information
52
53       -k privatekey
54                 the client private key file when using SASL authentication
55
56       -m mechanism
57                 the authentication mechanism to use when binding to the  LDAP
58                 server (this should be either simple or sasl)
59
60       -l        list available ICSF tokens
61
62       -h        show usage information
63
64

FILES

66       /etc/opencryptoki/opencryptoki.conf
67              the  opencryptoki config file containing token configuration in‐
68              formation
69
70       /etc/opencryptoki/token_name.conf
71              contains ICSF configuration information for the ICSF token
72
73

SEE ALSO

75       opencryptoki(7),
76       pkcsslotd(8).
77       pkcsconf(8).
78
79
80
813.16.0                            April 2013                       PKCSICSF(1)
Impressum