Service manual
Creating a Token
166 Sun ONE Directory Server Installation and Tuning Guide • June 2003
Refer to Sun ONE Server Console Server Management Guide both for a discussion of
the SSL protocol itself and of SSL certificates, and for instructions on how to use the
protocolwith Sun ONE servers supporting Sun ONE Server Console
administration.
Creating a Token
Directory Server uses a token and password to access the appropriate
cryptographic key material on the acceleratorboard. The token takes the form
user
@realm,whereuser is a user in terms of the accelerator board — an owner of
cryptographic keying material — and realm is a realm in terms of the accelerator
board — a logical partition of users and their keying material. The accelerator
board user need not bear any relation to a user account on the system. It is specific
to the board. Refer to the accelerator board product documentation for further
explanation of users and realms.
You may create a user and realm for the token using the
secadm(1M) utility
provided for use with the board. The accelerator board also permits creation of
multiple slots to manage tokens for multiple applications. It is assumed here that
for performance reasons, you dedicate the host to Directory Server and therefore
use only one slot, the default. Refer to the accelerator board product
documentation for details on using the board with multiple software applications.
Perform the following steps to create the user and realm for a token to access the
default slot.
1. Start the secadm utility.
$ CryptoPath/bin/secadm
The default CryptoPath is /opt/SUNWconn/crypto.
2. Create a realm for the token.
secadm> create realm=dsrealm
System Administrator Login Required
Login: super-user
Password:
Realm dsrealm created successfully.
3.
Set the realm in which to create a user.