/usr/lib/evfs/pa20_64/libevfs_pkey.sl (HP 9000 servers)

[

Literal left square bracket.

key_directory

Specifies the fully qualified pathname of the base directory in which to

 

store key data, such as /etc/evfs/pkey. See “Key Storage Directory

 

Requirements” (page 40) for more information.

 

If you want to use the autostart feature, the autostart option you specify in

 

the /etc/evfs/evfstab file is determined by the location of the

 

key_directory. See “Step 5: (Optional) Configuring the Autostart

 

Feature” (page 62) for more information.

action

Specifies the EVFS action if attempts to write to or read from the

 

key_directory fail.

 

continue Causes EVFS to continue to the next

 

 

library[specifications...] term.

 

stop

Causes EVFS to stop processing and return an error.

]

Literal right square bracket.

Key Storage Directory Requirements

Directories used to store user keys and passphrases cannot be on EVFS volumes. EVFS cannot access key files stored on an EVFS volume to enable the EVFS volume.

If there are file systems on EVFS volumes in the /etc/fstab file that you want the system to mount at system startup, the key database must reside on the local root file system (the system must be able to access the keys early in the system startup procedure).

If the private key directory is an NFS-mounted directory, the directory must be mounted with read and write access so EVFS can re-encrypt the private key file as needed (the NFS server must not export the directory with the ro flag).

HP recommends that the base directory is writable by superusers or users with appropriate privileges only. For example, the /etc/evfs/pkey directory is installed with the following permissions, owner, and group:

drwxr-xr-x

4 bin

bin

96 Mar 16 17:26 pkey

You can also create and configure a fallback directory to allow nonprivileged users to create keys.

Default pub_key, priv_key and pass_key Attribute Statements

The /etc/evfs/evfs.conf file installed with the EVFS product on HP Integrity servers contains the following pub_key, priv_key, and pass_key attribute statements:

pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

These statements configure EVFS to use the libevfs_pkey library to process all user key data (public keys, private keys, and passphrase files), and to save all user key data in subdirectories under the /etc/evfs/pkey directory. If EVFS cannot access key data in the directory /etc/evfs/pkey, EVFS returns an error.

The /etc/evfs/evfs.conf file installed with the EVFS product on HP 9000 servers contains equivalent statements, with the HP 9000 libevfs_pkey library, /usr/lib/evfs/pa20_64/libevfs_pkey.sl.

40 Preparing EVFS for Configuration

Page 39 Page 41
Page 40
Image 40
HP UX Encrypted Volume and Filesystem (EVFS) manual Key Storage Directory Requirements
Page 39 Page 41
Top Page Image Contents