evfs.conf.4 (2010 09)
e
evfs.conf(4) evfs.conf(4)
(EVFS Software Required)
created, you cannot change the key manager to a different user, or the key
manager’s functions will be disabled.
keygen Specifies the public/private key algorithm string to use to generate public keys
(see evfs_cryptx.conf(4) for supported algorithm strings).
keymgr_reset_passphrase
Specifies if EVFS should provide an option to the user (during key creation or
secure session login) to allow or deny the key manager for resetting the user’s
key passphrase. This feature is enabled only if
key_manager is configured
and has a key.
keywrap Specifies the module to use to encrypt/decrypt private keys.
Valid values:
evfs-pbe1
(AES-128-SHA2) or evfs-pbe2 (AES-256-SHA2).
pass_key Specifies the storage directory or directories for passphrases and the library or
libraries to use when processing passphrases.
passwrap Specifies the module to use to encrypt/decrypt stored passphrases.
Valid values:
evfs-pbe1 (AES-128-SHA2) or
evfs-pbe2 (AES-256-SHA2).
passx Specifies the password-based encryption (PBE) library or libraries to use for
passphrase encryption/decryption.
pbe Specifies the password-based encryption (PBE) library or libraries to use for
private key encryption/decryption.
priv_key Specifies the storage directory or directories for user/group private keys and
the library or libraries to use when processing private keys. Subdirectories
users and groups will be created under the one configured here for user
private keys and group private keys respectively.
pub_key Specifies the storage directory or directories for user/group public keys and the
library or libraries to use when processing public keys. Subdirectories
users
and groups will be created under the one configured here for user public
keys and group public keys respectively.
trace_file Location of the trace file. (Support personnel only.)
trace_kernel_modules
List of default kernel modules to trace, separated by a colon. (Support person-
nel only.)
trace_level Default trace level. (Support personnel only.)
trace_size Size of the trace file. (Support personnel only.)
Attribute Syntax
The attribute_value for the
pub_key, priv_key, and pass_key attributes has the following syntax:
library
[pkeydir:key_directory,onfail:action ]
The pub_key, priv_key, and pass_key statements can contain multiple library [specifications... ]
terms, separated by spaces.
A library
[specifications... ] term cannot contain spaces.
The attribute_value for the
pbe and passx attributes has one of the following syntaxes:
library
or
library
[onfail:action ]
The pbe and passx statements can contain one library or multiple library [onfail:action ] terms,
separated by spaces.
A library
[onfail:action ] term cannot contain spaces.
Parameters
The parameters have the following meanings:
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010