Chapter 3
Administering the Sun Crypto Accelerator 6000 Board
69
▼
Disable a Locked Keystore To Prevent Access
A keystore that has been locked to prevent access will default to the disabled state
if the board is reset or powered off. A KSO can also disable the keystore manually.
1. Start the
scamgr
utility.
2. Type
disable keystore
. For example:
Multi-Admin Authentication
The
scamgr
utility includes a special mode of operation called Multi-Admin mode.
In this mode, certain commands require multiple security officers to authenticate
and approve the command before it can complete successfully. Security officers must
be in the Multi-Admin role before they can authenticate Multi-Admin commands.
When a Multi-Admin command is issued, no other general administration on the
board can take place until either the command times out, is canceled by the security
officer who started the command, or completes successfully. A timeout from 1 to 15
minutes must be set at or before Multi-Admin mode is enabled. See
“Set a Multi-
Admin Command Timeout” on page 71
for more information. Also security officers
must set the number of Multi-Admin role members required to authenticate any
Multi-Admin command.
When a Multi-Admin command is initiated, the
scamgr
session from which it is
started waits until one of three conditions occur: The command completes
successfully, the command fails, or the command times out. Other Multi-Admin role
members log in to the device using their respective
scamgr
sessions. During Multi-
Admin mode commands, these role members can only authenticate the command in
progress. If the initiating security officer’s
scamgr
session terminates unexpectedly,
the security officer can log back in to the device and cancel the command.
Otherwise, the board cannot be administered normally until the command times out.
The following commands require multi-admin authentication:
■
backup master-key
■
backup keystore
■
convert keystore
■
copy keystore
■
delete master-key
■
delete keystore
scamgr{mca
N
@
hostname
,
sec-officer
}>
disable keystore
Keystore disabled.
Содержание Crypto Accelerator 6000 Board
Страница 1: ...Sun Crypto Accelerator 6000 Board Version 1 1 User s Guide Part No E39851 01 February 2013...
Страница 16: ...xvi Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 18: ...xviii Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 21: ...Preface xxi...
Страница 22: ...xxii Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 54: ...32 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 118: ...96 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 210: ...188 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 228: ...206 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 242: ...220 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 256: ...234 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 260: ...238 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 266: ...244 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...