Manuals / HP / Computer Equipment / Software

HP UX Encrypted Volume and Filesystem (EVFS) manual Example Alternate Directory for Public Keys

Models: UX Encrypted Volume and Filesystem (EVFS)

1 174
Download 174 pages 22.98 Kb
Page 41
Image 41

Example: Alternate Directory for Public Keys

The following attribute statements configure EVFS to store public keys in the user-created directory /etc/evfs/mykeys and to store private keys and passphrase files in the directory /etc/evfs/pkey:

pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/mykeys,onfail:stop]

priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

Example: NFS Directory for Public and Private Keys

The following attribute statements configure EVFS to store public and private keys in the NFS-mounted directory /nfs_server1/etc/evfs/pkey and to store passphrase files in the local directory /etc/evfs/pkey:

pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/nfs_server1/etc/evfs/pkey,onfail:stop]

priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/nfs_server1/etc/evfs/pkey,onfail:stop]

pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:stop]

To use the autostart feature for volumes that have keys stored in NFS-mounted directories, you must specify the boot_remote option in the /etc/evfs/evfstab file. See “Step 5: (Optional) Configuring the Autostart Feature” (page 62) for more information.

Example: Fallback Directory for Nonprivileged Users

The following attribute statements configure EVFS to first attempt to store key data in the protected directory /etc/evfs/pkey. If it fails, EVFS falls back to the user-created directory /opt/evfskeys, which is writable by the appropriate users without superuser privileges. If EVFS cannot access /opt/evfskeys, EVFS stops processing the request and return an error.

pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail: continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]

priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail: continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]

pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail: continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]

To use the autostart feature to enable an EVFS volume using keys stored on the root disk of the local system, specify the boot_local option for the volume in the /etc/evfs/evfstab file. To use the autostart feature to enable an EVFS volume using keys stored on a nonroot disk of the local system, specify the boot_local2 option for the volume. In this example, /opt/evfskeys is not on the root disk, so you must specify boot_local2 to use the autostart feature for EVFS volumes enabled using keys stored in /opt/evfskeys. See “Step 5: (Optional) Configuring the Autostart Feature” (page 62) for more information.

Step 2: (Optional) Configuring Alternate Key Database Directories

41

Page 40 Page 42
Page 41
Image 41
HP UX Encrypted Volume and Filesystem (EVFS) manual Example Alternate Directory for Public Keys
Page 40 Page 42