Manualshelf

evfs.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages
1234
e
evfs.conf(4) evfs.conf(4)
(EVFS Software Required)
library Fully-qualified path name of the encryption and storage library.
Default values for
pub_key, priv_key, and
pass_key:
/usr/lib/evfs/hpux64/libevfs_pkey.so
(Itanium systems) or
/usr/lib/evfs/pa20_64/libevfs_pkey.sl
(PA-RISC systems).
Default values for
pbe and passx:
/usr/lib/evfs/hpux64/libevfs_pbe.so
(Itanium systems) or
/usr/lib/evfs/pa20_64/libevfs_pbe.sl
(PA-RISC systems).
[ Literal left square bracket.
key_directory Fully-qualified path name of the base directory in which to store key data, such as
/etc/evfs/pkey
.
The directory cannot be an EVFS directory. If you want file systems in the
/etc/fstab file mounted on EVFS volumes at system startup time, the key data-
base must reside on the local root file system.
If the private key directory is an NFS-mounted directory, the directory must be
mounted with read and write access so EVFS can re-encrypt the private key file as
needed (the NFS server must not export the directory with the
ro flag).
HP recommends that the base directory is writable by superusers only.
action For
pub_key, priv_key, and pass_key:
The EVFS action if attempts to write or read from the key_directory fail.
Valid values:
continue (continue to the next library [specifications... ] term) or
stop (stop processing and return an error).
For
pbe and passx:
The EVFS action if attempts to encrypt or decrypt private keys and passphrases
fail.
Valid values:
continue (continue to the next library [onfail:action ] term) or
stop (stop processing and return an error).
] Literal right square bracket.
Trusted Computing Services (TCS) Application
The
pbe attribute specifies the encryption library EVFS uses to secure EVFS private keys. On systems
with HP-UX Trusted Computing Services (TCS), you can modify this attribute so that EVFS uses TCS to
secure EVFS private keys. For more information about using TCS with EVFS, see the HP-UX TCS pro-
duct documentation.
EXAMPLES
The following is a sample configuration file:
#
#
# (C) Copyright 2006-2009 Hewlett-Packard Development Company, L.P.
#
evfsconf_vers = 2.0
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
keywrap = evfs-pbe1 # evfs-pbe2
pbe = /usr/lib/evfs/hpux64/libevfs_pbe.so
passwrap = evfs-pbe1 #evfs-pbe2
passx = /usr/lib/evfs/hpux64/libevfs_pbe.so
emd_backup = /etc/evfs/emd/
keygen = rsa-1536
HP-UX 11i Version 3: September 2010 3 Hewlett-Packard Company 3