AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理
2008-09-06 08:20:02 来源:WEB开发网当在 root admin 模式中运行时,root 可以对组密钥存储库进行管理,如示例 7 中的场景所示:
lsgroup 命令显示,user3 属于 group1。
efskeymgr -v -k group/group1 命令显示组密钥的详细信息。
user3 在当前 Shell 中加载了组密钥。
root 生成一个新的组密钥。旧的密钥仍然保存于组密钥存储库中,并且被标记为已弃用。
自动地将新的密钥发送到用户密钥存储库。在用户密钥存储库中,旧的组密钥被标记为已弃用。在所有的新进程中,新的组密钥将成为活动密钥。
root 从组密钥存储库中删除已弃用的密钥。
已经删除了用户密钥存储库中已弃用的密钥,但是并没有在活动进程(在我们的示例中是当前的 Shell)中卸载这些密钥。新生成的 Shell 中将不再包含旧的密钥。
示例 7 更改组密钥存储库的私钥
# lsgroup -a users group1
group1 users=user1,user3
# efskeymgr -v -k group/group1
Keystore content:
Keystore owner ............: gid 202
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/09/07 at 19:43:52
Private key:
Algorithm :RSA_1024
Fingerprint :5967aba6:df046b56:8f4cc1b5:69f48c7a:ed88008f
Validity :This key is valid.
$ id uid=205(user3) gid=1(staff)
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 205
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/10/07 at 09:41:20
Private key:
Algorithm :RSA_1024
Fingerprint :44b0c7e1:53384985:ca1be27e:864b9431:3a57c0d1
Validity :This key is valid.
Access key to keystore group/group1
$ efskeymgr -V
List of keys loaded in the current process:
Key #0:
Kind .....................User key
Id (uid / gid) ......... 205
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
44b0c7e1:53384985:ca1be27e:864b9431:3a57c0d1
Key #1:
Kind .....................Group key
Id (uid / gid) ......... 202
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
5967aba6:df046b56:8f4cc1b5:69f48c7a:ed88008f
# efskeymgr -k group/group1 -R RSA_1024
# efskeymgr -v -k group/group1
Keystore content:
Keystore owner ............: gid 202
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/09/07 at 19:43:52
Private key:
Algorithm :RSA_1024
Fingerprint :9f5f057d:4f3f5a78:50058cd3:bf1a2e78:42ae3b20
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :5967aba6:df046b56:8f4cc1b5:69f48c7a:ed88008f
Validity :This key was deprecated on 05/10/07 at 20:15:53.
$ id uid=205(user3) gid=1(staff)
$ efskeymgr -o ksh
$ efskeymgr -V
List of keys loaded in the current process:
Key #0:
Kind .....................User key
Id (uid / gid) ......... 205
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
44b0c7e1:53384985:ca1be27e:864b9431:3a57c0d1
Key #1:
Kind .....................Group key
Id (uid / gid) ......... 202
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is deprecated
Fingerprint ..............
5967aba6:df046b56:8f4cc1b5:69f48c7a:ed88008f
Key #2:
Kind .....................Group key
Id (uid / gid) ......... 202
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
9f5f057d:4f3f5a78:50058cd3:bf1a2e78:42ae3b20
# efskeymgr -k group/group1 -D
5967aba6:df046b56:8f4cc1b5:69f48c7a:ed88008f
# efskeymgr -v -k group/group1
Keystore content:
Keystore owner ............: gid 202
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/09/07 at 19:43:52
Private key:
Algorithm :RSA_1024
Fingerprint :9f5f057d:4f3f5a78:50058cd3:bf1a2e78:42ae3b20
Validity :This key is valid.
$ id uid=205(user3) gid=1(staff)
$ efskeymgr -o ksh
$ efskeymgr -V
List of keys loaded in the current process:
Key #0:
Kind .....................User key
Id (uid / gid) ......... 205
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
44b0c7e1:53384985:ca1be27e:864b9431:3a57c0d1
Key #1:
Kind .....................Group key
Id (uid / gid) ......... 202
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
9f5f057d:4f3f5a78:50058cd3:bf1a2e78:42ae3b20
中查找“AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理”更多相关内容
中查找“AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理”更多相关内容更多精彩
赞助商链接
