Партнёры:
Хостинг:
NAME
skistore - store key packages and certificates into the name
service
SYNOPSIS
skistore [-v | -s] [-d dir | -c cert_file [-k key_owner]]
AVAILABILITY
SUNWski
DESCRIPTION
A system administrator uses the skistore utility to store a
principal's key package and certificate, or a single certi-
ficate, into a name service, such as NIS or NIS+. A princi-
pal may be a user or a host. This utility should be run
after a Certification Authority (CA) has created all key
packages and certificates using the ccreds(1) utility.
When the CA runs ccreds(1), the CA specifies the directory
name (on an external media device, for example) where the
generated credentials will be stored, so they can be
transferred to a system administrator to be stored in the
name service. ccreds(1) stores the credentials in the direc-
tory name the CA specifies. This directory is the same
directory that should be specified when the system adminis-
trator runs skistore. It contains the subdirectories
keypkgs and certs, for the generated key packages and certi-
ficates, respectively. Each key package and certificate is
stored in a file. If this directory resides on an external
media device, the system administrator must mount the device
on a host with access to the name service when running ski-
store.
After ensuring that an fns(5) context has been created and
configured, the system administrator executes skistore to
transfer all key packages and certificates from the device
to the FNS-configured name service.
Alternatively, skistore may be used by a system administra-
tor to store an external certificate (e.g., the certificate
of an external CA) into the configured name service. In
this case, the -c option is used to specify the file which
contains the certificate to be stored, and the -k option is
used to specify the identity under which the certificate
will be stored.
The system administrator may use the fncreate(1M) and
fnselect utilities to create and configure an FNS context,
if necessary.
If the configured name service is NIS, skistore must be run
on the NIS master machine. If the configured name service is
NIS+, skistore must be run on the NIS+ master machine. If
you are using the FILES implementation of FNS, skistore must
be run on the machine where you created the FNS context
(machine with the /var/fn directory).
skistore automatically creates new FNS user contexts and
attributes if they do not already exist.
OPTIONS
The following options are supported:
-s Run application silently (no status or error infor-
mation displayed).
-v Give verbose output. If both the -v and the -s
options are specified, the -v option is ignored.
-c cert_file
File containing the certificate to be stored in the
configured name service. The certificate must be
provided in printable encoding format as defined by
the Internet RFC1421 standard, and must be bounded
at the beginning by
"-----BEGIN CERTIFICATE-----",
and bounded at the end by
"-----END CERTIFICATE-----".
-d dir The path to the directory that contains the gen-
erated key packages and certificates to be stored in
the name service. skistore prompts for a directory
path if the -d option is not specified.
-k key_owner
Identity of certificate owner, under which the cer-
tificate will be stored. This is a UNIX username.
If no identity is provided, it is checked whether or
not a user context exists which contains the certi-
ficate owner distinguished name as an attribute. If
such a context exists, the certificate will be
stored in this context. Otherwise, the identity
under which the certificate will be stored is set to
the printable encoding of the fingerprint of the
certificate owner distinguished name.
EXIT STATUS
The skistore command exits with 0 if successful and 1 other-
wise.
SEE ALSO
ccreds(1), fncreate(1M), fns(5)
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |