Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
Example: Alternate Directory for Public Keys
The following attribute statements configure EVFS to store public keys in the user-created
directory /etc/evfs/mykeys and to store private keys and passphrase files in the directory
/etc/evfs/pkey:
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/mykeys,onfail:stop]
priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]
pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]
Example: NFS Directory for Public and Private Keys
The following attribute statements configure EVFS to store public and private keys in the
NFS-mounted directory /nfs_server1/etc/evfs/pkey and to store passphrase files in the
local directory /etc/evfs/pkey:
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/nfs_server1/etc/evfs/pkey,onfail:stop]
priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/nfs_server1/etc/evfs/pkey,onfail:stop]
pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]
To use the autostart feature for volumes that have keys stored in NFS-mounted directories, you
must specify the boot_remote option in the /etc/evfs/evfstab file. See “Step 5:
(Optional) Configuring the Autostart Feature” (page 62) for more information.
Example: Fallback Directory for Nonprivileged Users
The following attribute statements configure EVFS to first attempt to store key data in the
protected directory /etc/evfs/pkey. If it fails, EVFS falls back to the user-created directory
/opt/evfskeys, which is writable by the appropriate users without superuser privileges. If
EVFS cannot access /opt/evfskeys, EVFS stops processing the request and return an error.
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
To use the autostart feature to enable an EVFS volume using keys stored on the root disk of the
local system, specify the boot_local option for the volume in the /etc/evfs/evfstab file.
To use the autostart feature to enable an EVFS volume using keys stored on a nonroot disk of
the local system, specify the boot_local2 option for the volume. In this example,
/opt/evfskeys is not on the root disk, so you must specify boot_local2 to use the autostart
feature for EVFS volumes enabled using keys stored in /opt/evfskeys. See “Step 5: (Optional)
Configuring the Autostart Feature” (page 62) for more information.
Step 2: (Optional) Configuring Alternate Key Database Directories 41