HP-UX Directory Server 8.1 administration server guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Table 4-2 Options for modutil (continued)

DescriptionOption

Specifies the security mechanisms for which a particular module is the default

provider. The mechanismList is a colon-separated list of mechanism names.

Enclose this list in quotation marks if it contains spaces. The module becomes

a default provider for the listed mechanisms when those mechanisms are

enabled. If more than one module is assigned as a mechanism's default

provider, the mechanism's default provider is listed as undefined. The

following mechanisms are currently available:

• RSA

• DSA

• RC2, RC4, and RC5

• AES

• DES

• DH

• SHA1 and SHA256

• SSL and TLS

• MD2 and MD5

• RANDOM (for random number generation)

• FRIENDLY (for certificates that are publicly readable).

-mechanisms mechanismList

Specifies a text file containing a token's new password. This allows the

password to be automatically updated when using the -changepw command.

-newpwfile newPasswordFile

Instructs modutil not to open the certificate or key databases. This has several

effects:

• When used with the -changepw command, no one is able to set or change

the password on the internal module, because the password is stored in

key3.db.

• When used with the -create command, only a secmod.db file will be

created; cert8.db and key3.db will not be created.

• When used with the -jar command, signatures on the JAR file will not

be checked.

-nocertdb

Specifies a text file containing a token's current password. This allows

automatic entry of the password when using the -changepw command.

-pwfile passwordFile

Specifies a particular slot to enable or disable when using the -enable or

-disableoptions.

-slot slotName

Specifies a folder in which to store temporary files created by the -jar

command. If a temporary folder is not specified, the current folder is used.

-tempdir temporaryFolder

JAR information file JAR (Java Archive) is a platform-independent file format that aggregates

many files into one. JAR files are used by modutil to install PKCS #11 modules. When modutil

uses a JAR file, a special JAR information file must be included. This information file contains

special scripting instructions and must be specified in the JAR file's MANIFEST file. Although

the information file can have any name, it is specified using the Pkcs11_install_script

METAINFO command.

For details on how to declare this METAINFO command in the MANIFEST, see http://docs.sun.com/

source/816-6164-10/contents.htm.

If a PKCS #11 installer script is stored in the information file pk11install, the text file for the

Signing Tool contains the following METAINFO tag:

+ Pkcs11_install_script: pk11install

Examples of using modutil

• “Creating database files”

• “Displaying module information”

• “Setting a default provider”

48 Admin Server command-line tools